Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1505339
MD5:4a647aa681909bc4be4a392f39383151
SHA1:cdaf58d4742cfb50ebd37c079562d8c714167638
SHA256:2782b25644d705939d9b5f0138b2c6a45c9b82238154ada115307dc3e98cc76b
Tags:exe
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2504 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 4A647AA681909BC4BE4A392F39383151)
    • msedge.exe (PID: 4744 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 7284 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2060,i,17076175599075720991,7422890350535522700,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 4228 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 5600 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 4668 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8092 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2244 -parentBuildID 20230927232528 -prefsHandle 2180 -prefMapHandle 2116 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e2f2822-d049-49fd-9d89-c0f5ef0b73ee} 4668 "\\.\pipe\gecko-crash-server-pipe.4668" 1b08e76db10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 1436 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4432 -parentBuildID 20230927232528 -prefsHandle 4056 -prefMapHandle 4120 -prefsLen 26395 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56a5236f-e9ee-498d-ab3d-fb1a1a1555fb} 4668 "\\.\pipe\gecko-crash-server-pipe.4668" 1b0a255a510 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 10012 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3764 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3760 -prefMapHandle 5300 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71daa235-9cd0-4136-9f2e-7997fc5664fd} 4668 "\\.\pipe\gecko-crash-server-pipe.4668" 1b0ac0e0110 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 7488 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7788 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3228 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9044 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6436 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9060 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6604 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9272 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7776 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9288 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7760 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9404 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7644 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5876 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7908 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeVirustotal: Detection: 29%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49800 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.23:443 -> 192.168.2.5:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49812 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49816 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49819 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49820 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49818 version: TLS 1.2
Source: Binary string: UMPDC.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rsaenh.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb0# source: firefox.exe, 00000005.00000003.2268168220.000001B0A9348000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277458757.000001B0A9357000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 00000005.00000003.2278262591.000001B0A8985000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270048445.000001B0A897B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: firefox.exe, 00000005.00000003.2266052422.000001B0AD8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2263161015.000001B0AD8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275220107.000001B0AD8D9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: firefox.exe, 00000005.00000003.2271730470.000001B0A694B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2272442976.000001B0A25DC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: firefox.exe, 00000005.00000003.2287033614.000001B0A0865000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdb source: firefox.exe, 00000005.00000003.2277977252.000001B0A89B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270048445.000001B0A89A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269934873.000001B0A89F6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WscApi.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000005.00000003.2268168220.000001B0A9348000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277458757.000001B0A9357000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: firefox.exe, 00000005.00000003.2273215871.000001B0A252B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 00000005.00000003.2271122185.000001B0A6BAA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000005.00000003.2272975365.000001B0A2562000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 00000005.00000003.2268984484.000001B0A900D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xul.pdb source: firefox.exe, 00000005.00000003.2277977252.000001B0A89B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270048445.000001B0A89A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: firefox.exe, 00000005.00000003.2271365749.000001B0A6B0C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dcomp.pdb source: firefox.exe, 00000005.00000003.2262540384.000001B0ADC2C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winnsi.pdb source: firefox.exe, 00000005.00000003.2266808603.000001B0AC027000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: propsys.pdb@h source: firefox.exe, 00000005.00000003.2269260038.000001B0A8F21000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: userenv.pdb2{ source: firefox.exe, 00000005.00000003.2262540384.000001B0ADC3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275129897.000001B0ADC47000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000005.00000003.2272975365.000001B0A2562000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8taskschd.pdb source: firefox.exe, 00000005.00000003.2287033614.000001B0A0865000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb source: firefox.exe, 00000005.00000003.2268168220.000001B0A9333000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: urlmon.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000005.00000003.2272975365.000001B0A2562000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: firefox.exe, 00000005.00000003.2267616968.000001B0ABF78000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: firefox.exe, 00000005.00000003.2262540384.000001B0ADC3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275129897.000001B0ADC47000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: firefox.exe, 00000005.00000003.2278349572.000001B0A6B6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2271365749.000001B0A6B6F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sechost.pdb0 source: firefox.exe, 00000005.00000003.2272442976.000001B0A25DC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 00000005.00000003.2289597212.000001B0A0323000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000005.00000003.2271365749.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278579760.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: firefox.exe, 00000005.00000003.2262540384.000001B0ADC2C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: firefox.exe, 00000005.00000003.2271730470.000001B0A698B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d3d11.pdb source: firefox.exe, 00000005.00000003.2262540384.000001B0ADC3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275129897.000001B0ADC47000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dwmapi.pdb source: firefox.exe, 00000005.00000003.2266052422.000001B0AD8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2263161015.000001B0AD8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275220107.000001B0AD8D9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: srvcli.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wsock32.pdb0 source: firefox.exe, 00000005.00000003.2271122185.000001B0A6BA2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: freebl3.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ws2_32.pdb source: firefox.exe, 00000005.00000003.2271122185.000001B0A6BA2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: firefox.exe, 00000005.00000003.2272442976.000001B0A25DC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: firefox.exe, 00000005.00000003.2267616968.000001B0ABF78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2276761486.000001B0ABFFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2267367751.000001B0ABFE9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: propsys.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8F21000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.5.dr
Source: Binary string: winmm.pdb source: firefox.exe, 00000005.00000003.2268345982.000001B0A90F4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winrnr.pdb source: firefox.exe, 00000005.00000003.2276761486.000001B0ABFFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2267367751.000001B0ABFE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2266808603.000001B0AC027000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000005.00000003.2278728414.000001B0A23E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2280023019.000001B0A23E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2273373182.000001B0A23E5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: firefox.exe, 00000005.00000003.2271122185.000001B0A6BA2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FC4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb` source: firefox.exe, 00000005.00000003.2268168220.000001B0A9333000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: firefox.exe, 00000005.00000003.2278349572.000001B0A6B6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2271122185.000001B0A6BA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2271365749.000001B0A6B6F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdb source: firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: firefox.exe, 00000005.00000003.2262540384.000001B0ADC2C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: firefox.exe, 00000005.00000003.2271730470.000001B0A698B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb source: firefox.exe, 00000005.00000003.2266052422.000001B0AD8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2263161015.000001B0AD8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275220107.000001B0AD8D9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A900D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FC4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.5.dr
Source: Binary string: psapi.pdb source: firefox.exe, 00000005.00000003.2268984484.000001B0A900D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: DWrite.pdb source: firefox.exe, 00000005.00000003.2268345982.000001B0A90F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb0 source: firefox.exe, 00000005.00000003.2266052422.000001B0AD8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2263161015.000001B0AD8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275220107.000001B0AD8D9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dxgi.pdb source: firefox.exe, 00000005.00000003.2262540384.000001B0ADC2C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nss3.pdb source: firefox.exe, 00000005.00000003.2271122185.000001B0A6BA2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8linkinfo.pdb source: firefox.exe, 00000005.00000003.2288303735.000001B0A0852000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2287033614.000001B0A0865000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb }5 source: firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wsock32.pdb source: firefox.exe, 00000005.00000003.2271122185.000001B0A6BA2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb source: firefox.exe, 00000005.00000003.2290390166.000001B0A031E000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0047DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0047DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0044C2A2 FindFirstFileExW,0_2_0044C2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004868EE FindFirstFileW,FindClose,0_2_004868EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0048698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0048698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0047D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0047D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0047D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0047D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00489642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00489642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0048979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0048979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00489B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00489B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00485C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00485C97
Source: firefox.exeMemory has grown: Private usage: 1MB later: 253MB
Source: unknownNetwork traffic detected: DNS query count 33
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewIP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0048CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0048CE44
Source: global trafficHTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=143123390&timestamp=1725584224906 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726189021&P2=404&P3=2&P4=cuu4LuQW67mmtsoGoifoRCHKfCF3iJEUzcVHUPZFbxXYc68P3R5nDW6jOSb9Ar78dUIGfJ%2fE6HGRILVWw4ZfsQ%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: ghk2GscBZESRb7lDDP1AIJSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=31bSVLr+77uPPY2&MD=fC1eX54p HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=31bSVLr+77uPPY2&MD=fC1eX54p HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: 000003.log8.8.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log8.8.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log8.8.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2233174301.000001B0A6B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2274549780.000001B0A1A42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2236989766.000001B0AC0DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2233286280.000001B0A6B16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232445915.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2236989766.000001B0AC0DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2236890863.000001B0AC0F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2236989766.000001B0AC0DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232445915.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2181354324.000001B0AC157000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2274549780.000001B0A1A42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2236989766.000001B0AC0DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2233286280.000001B0A6B16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232445915.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2236989766.000001B0AC0DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232445915.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2181354324.000001B0AC157000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2278262591.000001B0A8985000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270048445.000001B0A897B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2237696036.000001B0AC027000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2271365749.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2266808603.000001B0AC027000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2267616968.000001B0ABF78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2238247086.000001B0ABF79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2230166363.000001B0ABF79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2271365749.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278579760.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: 7b093822-6887-40dd-ba27-0739bb832bb3.tmp.9.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649819273606","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649821162796","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649823035760","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370151423512696","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649826100498","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",true],"server":"https://accounts.youtube.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649828007409","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649827095368","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":448881},"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649857083674","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://play.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649827980550","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":472277},"server":"https://accounts.google.com"}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}} equals www.youtube.com (Youtube)
Source: d2673b89-1f6d-4088-84b6-cfee6813b393.tmp.9.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649819273606","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649821162796","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649823035760","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370151423512696","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649826100498","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",true],"server":"https://accounts.youtube.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649828007409","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649827095368","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":448881},"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649857083674","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://play.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649827980550","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":472277},"server":"https://accounts.google.com"}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}} equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: www.facebook.com
Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
Source: global trafficDNS traffic detected: DNS query: www.reddit.com
Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
Source: global trafficDNS traffic detected: DNS query: twitter.com
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: firefox.exe, 00000005.00000003.2236989766.000001B0AC0DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2266808603.000001B0AC0DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000005.00000003.2232445915.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270969555.000001B0A6BB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2182014843.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 00000005.00000003.2232445915.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270969555.000001B0A6BB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2182014843.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 00000005.00000003.2232445915.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270969555.000001B0A6BB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2182014843.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 00000005.00000003.2232445915.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270969555.000001B0A6BB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2182014843.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 00000005.00000003.2182014843.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/
Source: firefox.exe, 00000005.00000003.2293091075.000001B09B331000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292879334.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2294155956.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292360711.000001B09B31A000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 00000005.00000003.2248888153.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241802563.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210256456.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191522710.000001B09E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2194182324.000001B09E722000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2227061375.000001B09E729000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2224515175.000001B09E729000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 00000005.00000003.2293091075.000001B09B331000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292879334.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2294155956.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292360711.000001B09B31A000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000005.00000003.2293091075.000001B09B331000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292879334.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2294155956.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292360711.000001B09B31A000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000005.00000003.2276193542.000001B0AC1B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000005.00000003.2238960614.000001B0A6BAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000005.00000003.2267949558.000001B0A93D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000005.00000003.2267949558.000001B0A93D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000005.00000003.2138330254.000001B0A9035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231604707.000001B0A9034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000005.00000003.2138330254.000001B0A9035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231604707.000001B0A9034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000005.00000003.2203438282.000001B0A6E81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2165913698.000001B0A6E82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2214047939.000001B0A6E82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2171067817.000001B0A6E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000005.00000003.2207380446.000001B09F688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2273373182.000001B0A23D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2164783587.000001B0A908D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278349572.000001B0A6B6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241919051.000001B09C5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241149554.000001B0A01E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2229242773.000001B09EADF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2289597212.000001B0A0387000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2062302694.000001B09EACD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2234698834.000001B0A2516000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2273373182.000001B0A23AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2202340538.000001B0A91B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2234625054.000001B0A6A06000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2180260988.000001B0AD870000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2247031232.000001B0A01E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2280023019.000001B0A23D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291641896.000001B09F68F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2165154053.000001B0A1AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2207380446.000001B09F66A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2061381036.000001B09F6C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081448541.000001B0A91B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 00000005.00000003.2293091075.000001B09B331000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292879334.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2294155956.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292360711.000001B09B31A000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000005.00000003.2248888153.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241802563.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210256456.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191522710.000001B09E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2194182324.000001B09E722000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2227061375.000001B09E729000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2224515175.000001B09E729000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000005.00000003.2278728414.000001B0A23E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2280023019.000001B0A23E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2273373182.000001B0A23E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
Source: firefox.exe, 00000005.00000003.2234271666.000001B0A6A38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0.
Source: firefox.exe, 00000005.00000003.2164783587.000001B0A908D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2238782593.000001B0A9091000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231406146.000001B0A908F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2138330254.000001B0A908D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
Source: firefox.exe, 00000005.00000003.2278728414.000001B0A23E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2234271666.000001B0A6A38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2164783587.000001B0A908D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2238782593.000001B0A9091000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231406146.000001B0A908F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2280023019.000001B0A23E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2138330254.000001B0A908D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2273373182.000001B0A23E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000005.00000003.2248888153.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241802563.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210256456.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191522710.000001B09E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2194182324.000001B09E722000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2227061375.000001B09E729000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2224515175.000001B09E729000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 00000005.00000003.2248888153.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241802563.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210256456.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191522710.000001B09E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2194182324.000001B09E722000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2227061375.000001B09E729000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2224515175.000001B09E729000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
Source: firefox.exe, 00000005.00000003.2265598247.000001B09B325000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2262069803.000001B09B318000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2295247368.000001B09B31A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291452482.000001B09B31A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2293135560.000001B09B31A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292360711.000001B09B31A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000005.00000003.2270715905.000001B0A8711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000005.00000003.2232445915.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270969555.000001B0A6BB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2182014843.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2283185407.000001B0A0BF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2181354324.000001B0AC157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2233325552.000001B0A6AFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2276530405.000001B0AC157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2229770408.000001B0AC154000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: mozilla-temp-41.5.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000005.00000003.2234271666.000001B0A6A38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2164783587.000001B0A908D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2238782593.000001B0A9091000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231406146.000001B0A908F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270715905.000001B0A8711000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2138330254.000001B0A908D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000005.00000003.2234271666.000001B0A6A38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2164783587.000001B0A908D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2238782593.000001B0A9091000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231406146.000001B0A908F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270715905.000001B0A8711000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2138330254.000001B0A908D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000005.00000003.2230854338.000001B0ABF44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 00000005.00000003.2238960614.000001B0A6BAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000005.00000003.2234698834.000001B0A2520000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000005.00000003.2289597212.000001B0A03AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000005.00000003.2238782593.000001B0A9091000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2138330254.000001B0A90AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231406146.000001B0A908F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268518217.000001B0A90B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2164783587.000001B0A90AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 00000005.00000003.2239032647.000001B0A6BA5000.00000004.00000800.00020000.00000000.sdmp, Session_13370057819465018.8.drString found in binary or memory: https://accounts.google.com
Source: MediaDeviceSalts.8.dr, Session_13370057819465018.8.dr, 000003.log2.8.drString found in binary or memory: https://accounts.google.com/
Source: MediaDeviceSalts.8.drString found in binary or memory: https://accounts.google.com//
Source: History.8.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: firefox.exe, 0000000A.00000002.3261577298.000001E1C686A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Service
Source: recovery.jsonlz4.tmp.5.drString found in binary or memory: https://accounts.google.com/ServiceLogin?s
Source: firefox.exe, 00000014.00000002.3264993668.0000024294340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.goog
Source: History.8.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Session_13370057819465018.8.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.8.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: firefox.exe, 0000000A.00000002.3261577298.000001E1C686A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/p
Source: file.exe, 00000000.00000002.2008757539.0000000000D9F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000002.2010816941.000001A740AD2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2010369589.000001A740ACD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2266808603.000001B0AC053000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2239067124.000001B0A2557000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184047065.000001B0A2557000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2237375321.000001B0AC053000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: file.exe, 00000000.00000002.2008757539.0000000000D60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd_6B
Source: WebAssistDatabase.8.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: 000003.log2.8.drString found in binary or memory: https://accounts.youtube.com/
Source: Session_13370057819465018.8.drString found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=14312
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000005.00000003.2271365749.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278579760.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 00000005.00000003.2271365749.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278579760.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 00000005.00000003.2271365749.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278579760.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 00000005.00000003.2271365749.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278579760.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 00000005.00000003.2271365749.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278579760.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000005.00000003.2232445915.000001B0A6BA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2182014843.000001B0A6BA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2239032647.000001B0A6BA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 00000005.00000003.2275536625.000001B0AD26C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000005.00000003.2275536625.000001B0AD26C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000005.00000003.2270048445.000001B0A89A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231156385.000001B0AAAD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000005.00000003.2269260038.000001B0A8F21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000005.00000003.2272975365.000001B0A2562000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2239067124.000001B0A2557000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2266808603.000001B0AC0DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A905B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184047065.000001B0A2557000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 0000000A.00000002.3262818798.000001E1C6CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F9EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3265979377.0000024294503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: firefox.exe, 0000000A.00000002.3262818798.000001E1C6CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F9EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3265979377.0000024294503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: firefox.exe, 00000005.00000003.2280023019.000001B0A23C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2276193542.000001B0AC17A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000005.00000003.2253686916.000001B0A6D17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2251825876.000001B0A8A3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000005.00000003.2251109340.000001B09FA14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2252880661.000001B09F9FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8FDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232048117.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8FDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232048117.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8FDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232048117.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8FDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232048117.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 00000005.00000003.2251825876.000001B0A8A3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000005.00000003.2242051293.000001B09B42F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2249007251.000001B09B42F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292430498.000001B09B42F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 00000005.00000003.2252880661.000001B09F9FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
Source: firefox.exe, 00000005.00000003.2253686916.000001B0A6D17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2251825876.000001B0A8A3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 00000005.00000003.2251825876.000001B0A8A3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: Reporting and NEL.9.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: manifest.json0.8.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.8.drString found in binary or memory: https://chromewebstore.google.com/
Source: d2673b89-1f6d-4088-84b6-cfee6813b393.tmp.9.dr, 7b093822-6887-40dd-ba27-0739bb832bb3.tmp.9.drString found in binary or memory: https://clients2.google.com
Source: manifest.json.8.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: d2673b89-1f6d-4088-84b6-cfee6813b393.tmp.9.dr, 7b093822-6887-40dd-ba27-0739bb832bb3.tmp.9.drString found in binary or memory: https://clients2.googleusercontent.com
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000005.00000003.2238960614.000001B0A6BAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000005.00000003.2232048117.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 00000005.00000003.2138330254.000001B0A9014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 00000005.00000003.2278579760.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 0000000A.00000002.3262818798.000001E1C6CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F9EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3265979377.0000024294503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000A.00000002.3262818798.000001E1C6CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F9EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3265979377.0000024294503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: firefox.exe, 00000005.00000003.2164783587.000001B0A90AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2164783587.000001B0A90AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000005.00000003.2287033614.000001B0A0865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 00000005.00000003.2231604707.000001B0A9044000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2138330254.000001B0A9044000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000005.00000003.2231604707.000001B0A9044000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2138330254.000001B0A9044000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0
Source: firefox.exe, 00000005.00000003.2138330254.000001B0A9041000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
Source: firefox.exe, 00000005.00000003.2231604707.000001B0A9044000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2138330254.000001B0A9044000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElem
Source: firefox.exe, 00000005.00000003.2231604707.000001B0A9044000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2138330254.000001B0A9044000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 00000005.00000003.2138330254.000001B0A9035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231604707.000001B0A9034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 00000005.00000003.2185860785.000001B0A0C2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json.8.drString found in binary or memory: https://docs.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000005.00000003.2238960614.000001B0A6BAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000005.00000003.2238960614.000001B0A6BAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: firefox.exe, 00000005.00000003.2059374188.000001B09E7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248746986.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248888153.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241802563.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2224724882.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2223352474.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210256456.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191522710.000001B09E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221923646.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2222933780.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2190779800.000001B09E7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2194182324.000001B09E722000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2227061375.000001B09E729000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221006418.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191444958.000001B09E7B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2226902047.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221458691.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2224515175.000001B09E729000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: 000003.log8.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log8.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log8.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 000003.log8.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 000003.log10.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCate
Source: 000003.log8.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: firefox.exe, 00000005.00000003.2059374188.000001B09E7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248746986.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2224724882.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2223352474.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221923646.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2222933780.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2190779800.000001B09E7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221006418.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191444958.000001B09E7B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2226902047.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221458691.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.2138330254.000001B0A9041000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232234920.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269260038.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F912000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3261848823.0000024294213000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000005.00000003.2096323667.000001B0A6E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 00000005.00000003.2096323667.000001B0A6E32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2105329988.000001B0A6ECD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000005.00000003.2276193542.000001B0AC1B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2284405291.000001B0A08A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2261518048.000001B0ADCFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232234920.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269260038.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F912000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3261848823.0000024294213000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000014.00000002.3261848823.00000242942C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000014.00000002.3261848823.00000242942C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000014.00000002.3261848823.0000024294230000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000014.00000002.3261848823.00000242942C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232234920.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269260038.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 00000005.00000003.2164783587.000001B0A90AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000014.00000002.3261848823.00000242942C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232234920.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269260038.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232234920.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269260038.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232234920.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269260038.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 00000005.00000003.2083931923.000001B0A914B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000005.00000003.2083931923.000001B0A914B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000005.00000003.2057530477.000001B09EF50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2057940662.000001B09EF6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2057142590.000001B09EF1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2056996942.000001B09ED00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2057302275.000001B09EF36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8FDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232048117.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8FDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232048117.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232197161.000001B0A8FA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000005.00000003.2109501182.000001B0AAA99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232445915.000001B0A6B6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 00000005.00000003.2232445915.000001B0A6BA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2182014843.000001B0A6BA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2239032647.000001B0A6BA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8FDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232048117.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000005.00000003.2268897674.000001B0A9073000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 00000005.00000003.2289597212.000001B0A0392000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 00000005.00000003.2268897674.000001B0A9073000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 00000005.00000003.2268897674.000001B0A9073000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 00000005.00000003.2268897674.000001B0A9073000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 00000005.00000003.2268897674.000001B0A9073000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: firefox.exe, 00000005.00000003.2268448931.000001B0A90CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231406146.000001B0A90CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2138330254.000001B0A90CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: prefs-1.js.5.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000005.00000003.2282695516.000001B0A0CE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 0000000F.00000002.3260934072.000002A13F9EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3261848823.00000242942F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000005.00000003.2274290614.000001B0A2322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/bd6202db-ee49-42fa-83b6-74cc2
Source: firefox.exe, 00000005.00000003.2280782822.000001B0A1364000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2271730470.000001B0A699E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/6444dbfe-c602-43db-8d76-1870
Source: firefox.exe, 00000005.00000003.2282977245.000001B0A0C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/7d56618b-12e5-4bf5
Source: firefox.exe, 00000005.00000003.2282977245.000001B0A0C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/9a5cb55d-2de5-428f
Source: firefox.exe, 00000014.00000002.3261848823.00000242942F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submithx/
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232234920.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269260038.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 00000005.00000003.2182014843.000001B0A6B8F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2271122185.000001B0A6B8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232445915.000001B0A6B6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000005.00000003.2234698834.000001B0A2520000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000005.00000003.2234698834.000001B0A2520000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000005.00000003.2287033614.000001B0A0865000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2282784484.000001B0A0CD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://m.soundcloud.com/
Source: firefox.exe, 00000005.00000003.2059374188.000001B09E7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248746986.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2224724882.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2223352474.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221923646.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2222933780.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2190779800.000001B09E7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221006418.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191444958.000001B09E7B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2226902047.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221458691.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000005.00000003.2059374188.000001B09E7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248746986.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248888153.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241802563.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2224724882.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2223352474.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210256456.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191522710.000001B09E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221923646.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2222933780.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2190779800.000001B09E7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2194182324.000001B09E722000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2227061375.000001B09E729000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221006418.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191444958.000001B09E7B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2226902047.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221458691.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2224515175.000001B09E729000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000005.00000003.2059374188.000001B09E7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248746986.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248888153.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241802563.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2224724882.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2223352474.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210256456.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191522710.000001B09E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221923646.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2222933780.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2190779800.000001B09E7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2194182324.000001B09E722000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2227061375.000001B09E729000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221006418.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191444958.000001B09E7B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2226902047.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221458691.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2224515175.000001B09E729000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 0000000F.00000002.3260934072.000002A13F986000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3261848823.000002429428F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://music.amazon.com
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://music.apple.com
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://music.yandex.com
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ok.ru/
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://open.spotify.com
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: firefox.exe, 00000005.00000003.2059374188.000001B09E7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248746986.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2224724882.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2223352474.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221923646.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2222933780.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2190779800.000001B09E7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221006418.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191444958.000001B09E7B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2226902047.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221458691.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000005.00000003.2059374188.000001B09E7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248746986.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248888153.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241802563.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2224724882.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2223352474.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210256456.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191522710.000001B09E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221923646.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2222933780.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2190779800.000001B09E7B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2194182324.000001B09E722000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2227061375.000001B09E729000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221006418.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191444958.000001B09E7B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2226902047.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221458691.000001B09E7BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2224515175.000001B09E729000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000005.00000003.2245390626.000001B0A0C29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2185860785.000001B0A0C29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2232048117.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2277578864.000001B0A8FA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000005.00000003.2278262591.000001B0A8985000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270048445.000001B0A897B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000005.00000003.2057302275.000001B09EF36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000005.00000003.2185860785.000001B0A0C2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 00000005.00000003.2180815174.000001B0AC1BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2164570072.000001B0AC1BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2229467320.000001B0AC1BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2276193542.000001B0AC1B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000005.00000003.2237056540.000001B0AC0C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000005.00000003.2164783587.000001B0A90AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000005.00000003.2164783587.000001B0A90AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F912000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3261848823.0000024294213000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000005.00000003.2164783587.000001B0A90AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000005.00000003.2238639438.000001B0AAAF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231156385.000001B0AAAE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2109180108.000001B0AAAE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocsP
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2271730470.000001B0A694B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232234920.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269260038.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F989000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3261848823.00000242942F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000005.00000003.2282784484.000001B0A0CD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000005.00000003.2282784484.000001B0A0CD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000005.00000003.2266808603.000001B0AC0EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2236929483.000001B0AC0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000005.00000003.2287033614.000001B0A0865000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274290614.000001B0A2322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000005.00000003.2245125203.000001B0A0CDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2282784484.000001B0A0CD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 00000005.00000003.2164518017.000001B0AD879000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2164783587.000001B0A906C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2138330254.000001B0A906C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2229467320.000001B0AC1BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2276193542.000001B0AC1B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232048117.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000005.00000003.2275536625.000001B0AD2ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000005.00000003.2138330254.000001B0A9035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231604707.000001B0A9034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 00000005.00000003.2138330254.000001B0A9035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231604707.000001B0A9034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: firefox.exe, 00000005.00000003.2241149554.000001B0A01D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2247031232.000001B0A01D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2195485797.000001B0A01DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 00000005.00000003.2289251064.000001B0A03CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 00000005.00000003.2275536625.000001B0AD2ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000005.00000003.2232445915.000001B0A6B6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmp, 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000005.00000003.2229770408.000001B0AC16E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://web.telegram.org/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232197161.000001B0A8FA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2181611040.000001B0A8F25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000005.00000003.2229770408.000001B0AC154000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 0000000A.00000002.3262818798.000001E1C6CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F9EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3265979377.0000024294503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: firefox.exe, 00000005.00000003.2238960614.000001B0A6BAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000005.00000003.2233174301.000001B0A6B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
Source: firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 0000000A.00000002.3262818798.000001E1C6CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F9EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3265979377.0000024294503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.deezer.com/
Source: firefox.exe, 00000005.00000003.2293091075.000001B09B331000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292879334.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292281571.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2294155956.000001B09B32F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292360711.000001B09B31A000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 00000005.00000003.2239032647.000001B0A6BA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: content_new.js.8.dr, content.js.8.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 00000005.00000003.2082620354.000001B0A92CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2091728701.000001B0A922E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000005.00000003.2057530477.000001B09EF50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2057940662.000001B09EF6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058121469.000001B09EF83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2057142590.000001B09EF1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2056996942.000001B09ED00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2057302275.000001B09EF36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000005.00000003.2164783587.000001B0A90AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000005.00000003.2238960614.000001B0A6BAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: d2673b89-1f6d-4088-84b6-cfee6813b393.tmp.9.dr, 7b093822-6887-40dd-ba27-0739bb832bb3.tmp.9.drString found in binary or memory: https://www.googleapis.com
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.instagram.com
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.messenger.com
Source: firefox.exe, 00000005.00000003.2229770408.000001B0AC16E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 00000005.00000003.2229931876.000001B0ABFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2229931876.000001B0ABFB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2266808603.000001B0AC0EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2230166363.000001B0ABF4A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2236929483.000001B0AC0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 00000005.00000003.2275536625.000001B0AD2ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: firefox.exe, 00000005.00000003.2096323667.000001B0A6E32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2105329988.000001B0A6ECD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 00000005.00000003.2275536625.000001B0AD26C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 00000005.00000003.2275536625.000001B0AD2ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: firefox.exe, 00000005.00000003.2245125203.000001B0A0CDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2282784484.000001B0A0CD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 00000005.00000003.2268984484.000001B0A900D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274290614.000001B0A2322000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.5.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 00000005.00000003.2275536625.000001B0AD2ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2238562553.000001B0ABF07000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277342484.000001B0ABF07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: firefox.exe, 00000005.00000003.2245125203.000001B0A0CDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2282784484.000001B0A0CD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 00000005.00000003.2275536625.000001B0AD2ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000005.00000003.2275536625.000001B0AD26C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000005.00000003.2275536625.000001B0AD2ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2238562553.000001B0ABF07000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277342484.000001B0ABF07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: firefox.exe, 0000000A.00000002.3262818798.000001E1C6CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F9C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3261848823.00000242942F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000014.00000002.3261848823.00000242942F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/Z
Source: firefox.exe, 00000005.00000003.2275536625.000001B0AD2ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 00000005.00000003.2234698834.000001B0A2520000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.office.com
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: firefox.exe, 00000005.00000003.2181611040.000001B0A8F25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: firefox.exe, 00000005.00000003.2143715677.000001B0AD8BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000005.00000003.2229770408.000001B0AC16E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
Source: firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F90A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3261848823.000002429420C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2181611040.000001B0A8F25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 00000005.00000003.2138330254.000001B0A9035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231604707.000001B0A9034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49800 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.23:443 -> 192.168.2.5:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49812 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49816 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49819 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49820 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49818 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0048EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0048EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0048ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0048ED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0048EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0048EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0047AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0047AA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004A9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_004A9576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.2002000212.00000000004D2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_7548213c-9
Source: file.exe, 00000000.00000000.2002000212.00000000004D2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_2a3f41f2-d
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_c2bbdc0e-e
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_5f8cbe9f-f
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000002A13FA52377 NtQuerySystemInformation,15_2_000002A13FA52377
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000002A13FA73DF2 NtQuerySystemInformation,15_2_000002A13FA73DF2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0047D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0047D5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00471201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00471201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0047E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0047E8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041BF400_2_0041BF40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004820460_2_00482046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004180600_2_00418060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004782980_2_00478298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0044E4FF0_2_0044E4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0044676B0_2_0044676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004A48730_2_004A4873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041CAF00_2_0041CAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0043CAA00_2_0043CAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0042CC390_2_0042CC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00446DD90_2_00446DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0042B1190_2_0042B119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004191C00_2_004191C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004313940_2_00431394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004317060_2_00431706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0043781B0_2_0043781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0042997D0_2_0042997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004179200_2_00417920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004319B00_2_004319B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00437A4A0_2_00437A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00431C770_2_00431C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00437CA70_2_00437CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0049BE440_2_0049BE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00449EEE0_2_00449EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00431F320_2_00431F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000002A13FA5237715_2_000002A13FA52377
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000002A13FA73DF215_2_000002A13FA73DF2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000002A13FA73E3215_2_000002A13FA73E32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000002A13FA7451C15_2_000002A13FA7451C
Source: C:\Users\user\Desktop\file.exeCode function: String function: 0042F9F2 appears 40 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00430A30 appears 46 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00419CB3 appears 31 times
Source: file.exe, 00000000.00000003.2007969440.0000000000D9F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs file.exe
Source: file.exe, 00000000.00000002.2008757539.0000000000D9F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs file.exe
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal64.evad.winEXE@75/292@74/27
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004837B5 GetLastError,FormatMessageW,0_2_004837B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004710BF AdjustTokenPrivileges,CloseHandle,0_2_004710BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004716C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_004716C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004851CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_004851CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0047D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_0047D4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0048648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0048648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004142A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_004142A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\52d355ce-1265-4b96-94be-4c092174042e.tmpJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: firefox.exe, 00000005.00000003.2276852905.000001B0ABF44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274290614.000001B0A2322000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 00000005.00000003.2276852905.000001B0ABF44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 00000005.00000003.2276852905.000001B0ABF44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 00000005.00000003.2267403967.000001B0ABF9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2230166363.000001B0ABF9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2238137308.000001B0ABF9B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE moz_places SET foreign_count = foreign_count + 1 WHERE id = NEW.place_idUPDATE moz_places SET foreign_count = foreign_count + 1 WHERE id = NEW.place_id;
Source: firefox.exe, 00000005.00000003.2276852905.000001B0ABF44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 00000005.00000003.2276852905.000001B0ABF44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 00000005.00000003.2276852905.000001B0ABF44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 00000005.00000003.2276852905.000001B0ABF44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 00000005.00000003.2276852905.000001B0ABF44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 00000005.00000003.2276852905.000001B0ABF44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: file.exeVirustotal: Detection: 29%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2060,i,17076175599075720991,7422890350535522700,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3228 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2244 -parentBuildID 20230927232528 -prefsHandle 2180 -prefMapHandle 2116 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e2f2822-d049-49fd-9d89-c0f5ef0b73ee} 4668 "\\.\pipe\gecko-crash-server-pipe.4668" 1b08e76db10 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6436 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6604 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4432 -parentBuildID 20230927232528 -prefsHandle 4056 -prefMapHandle 4120 -prefsLen 26395 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56a5236f-e9ee-498d-ab3d-fb1a1a1555fb} 4668 "\\.\pipe\gecko-crash-server-pipe.4668" 1b0a255a510 rdd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7776 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7760 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7644 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3764 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3760 -prefMapHandle 5300 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71daa235-9cd0-4136-9f2e-7997fc5664fd} 4668 "\\.\pipe\gecko-crash-server-pipe.4668" 1b0ac0e0110 utility
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7908 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2060,i,17076175599075720991,7422890350535522700,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2244 -parentBuildID 20230927232528 -prefsHandle 2180 -prefMapHandle 2116 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e2f2822-d049-49fd-9d89-c0f5ef0b73ee} 4668 "\\.\pipe\gecko-crash-server-pipe.4668" 1b08e76db10 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4432 -parentBuildID 20230927232528 -prefsHandle 4056 -prefMapHandle 4120 -prefsLen 26395 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56a5236f-e9ee-498d-ab3d-fb1a1a1555fb} 4668 "\\.\pipe\gecko-crash-server-pipe.4668" 1b0a255a510 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3764 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3760 -prefMapHandle 5300 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71daa235-9cd0-4136-9f2e-7997fc5664fd} 4668 "\\.\pipe\gecko-crash-server-pipe.4668" 1b0ac0e0110 utilityJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3228 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6436 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6604 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7776 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7760 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7644 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7908 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: UMPDC.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rsaenh.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb0# source: firefox.exe, 00000005.00000003.2268168220.000001B0A9348000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277458757.000001B0A9357000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 00000005.00000003.2278262591.000001B0A8985000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270048445.000001B0A897B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: firefox.exe, 00000005.00000003.2266052422.000001B0AD8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2263161015.000001B0AD8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275220107.000001B0AD8D9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: firefox.exe, 00000005.00000003.2271730470.000001B0A694B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2272442976.000001B0A25DC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: firefox.exe, 00000005.00000003.2287033614.000001B0A0865000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdb source: firefox.exe, 00000005.00000003.2277977252.000001B0A89B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270048445.000001B0A89A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269934873.000001B0A89F6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WscApi.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000005.00000003.2268168220.000001B0A9348000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277458757.000001B0A9357000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: firefox.exe, 00000005.00000003.2273215871.000001B0A252B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 00000005.00000003.2271122185.000001B0A6BAA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000005.00000003.2272975365.000001B0A2562000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 00000005.00000003.2268984484.000001B0A900D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xul.pdb source: firefox.exe, 00000005.00000003.2277977252.000001B0A89B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270048445.000001B0A89A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: firefox.exe, 00000005.00000003.2271365749.000001B0A6B0C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dcomp.pdb source: firefox.exe, 00000005.00000003.2262540384.000001B0ADC2C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winnsi.pdb source: firefox.exe, 00000005.00000003.2266808603.000001B0AC027000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: propsys.pdb@h source: firefox.exe, 00000005.00000003.2269260038.000001B0A8F21000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: userenv.pdb2{ source: firefox.exe, 00000005.00000003.2262540384.000001B0ADC3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275129897.000001B0ADC47000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000005.00000003.2272975365.000001B0A2562000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8taskschd.pdb source: firefox.exe, 00000005.00000003.2287033614.000001B0A0865000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb source: firefox.exe, 00000005.00000003.2268168220.000001B0A9333000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: urlmon.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000005.00000003.2272975365.000001B0A2562000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: firefox.exe, 00000005.00000003.2267616968.000001B0ABF78000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: firefox.exe, 00000005.00000003.2262540384.000001B0ADC3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275129897.000001B0ADC47000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: firefox.exe, 00000005.00000003.2278349572.000001B0A6B6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2271365749.000001B0A6B6F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sechost.pdb0 source: firefox.exe, 00000005.00000003.2272442976.000001B0A25DC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 00000005.00000003.2289597212.000001B0A0323000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000005.00000003.2271365749.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278579760.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: firefox.exe, 00000005.00000003.2262540384.000001B0ADC2C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: firefox.exe, 00000005.00000003.2271730470.000001B0A698B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d3d11.pdb source: firefox.exe, 00000005.00000003.2262540384.000001B0ADC3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275129897.000001B0ADC47000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dwmapi.pdb source: firefox.exe, 00000005.00000003.2266052422.000001B0AD8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2263161015.000001B0AD8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275220107.000001B0AD8D9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: srvcli.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wsock32.pdb0 source: firefox.exe, 00000005.00000003.2271122185.000001B0A6BA2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: freebl3.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ws2_32.pdb source: firefox.exe, 00000005.00000003.2271122185.000001B0A6BA2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: firefox.exe, 00000005.00000003.2272442976.000001B0A25DC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: firefox.exe, 00000005.00000003.2267616968.000001B0ABF78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2276761486.000001B0ABFFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2267367751.000001B0ABFE9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: propsys.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8F21000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.5.dr
Source: Binary string: winmm.pdb source: firefox.exe, 00000005.00000003.2268345982.000001B0A90F4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winrnr.pdb source: firefox.exe, 00000005.00000003.2276761486.000001B0ABFFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2267367751.000001B0ABFE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2266808603.000001B0AC027000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000005.00000003.2278728414.000001B0A23E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2280023019.000001B0A23E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2273373182.000001B0A23E5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: firefox.exe, 00000005.00000003.2271122185.000001B0A6BA2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FC4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb` source: firefox.exe, 00000005.00000003.2268168220.000001B0A9333000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: firefox.exe, 00000005.00000003.2278349572.000001B0A6B6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2271122185.000001B0A6BA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2271365749.000001B0A6B6F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdb source: firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: firefox.exe, 00000005.00000003.2262540384.000001B0ADC2C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: firefox.exe, 00000005.00000003.2271730470.000001B0A698B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb source: firefox.exe, 00000005.00000003.2266052422.000001B0AD8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2263161015.000001B0AD8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275220107.000001B0AD8D9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A900D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FC4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.5.dr
Source: Binary string: psapi.pdb source: firefox.exe, 00000005.00000003.2268984484.000001B0A900D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: DWrite.pdb source: firefox.exe, 00000005.00000003.2268345982.000001B0A90F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb0 source: firefox.exe, 00000005.00000003.2266052422.000001B0AD8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2263161015.000001B0AD8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275220107.000001B0AD8D9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dxgi.pdb source: firefox.exe, 00000005.00000003.2262540384.000001B0ADC2C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nss3.pdb source: firefox.exe, 00000005.00000003.2271122185.000001B0A6BA2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 00000005.00000003.2269260038.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277578864.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8linkinfo.pdb source: firefox.exe, 00000005.00000003.2288303735.000001B0A0852000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2287033614.000001B0A0865000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb }5 source: firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wsock32.pdb source: firefox.exe, 00000005.00000003.2271122185.000001B0A6BA2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb source: firefox.exe, 00000005.00000003.2290390166.000001B0A031E000.00000004.00000800.00020000.00000000.sdmp
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004142DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004142DE
Source: gmpopenh264.dll.tmp.5.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00430A76 push ecx; ret 0_2_00430A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0042F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0042F98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004A1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_004A1C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96047
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000002A13FA52377 rdtsc 15_2_000002A13FA52377
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.2 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0047DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0047DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0044C2A2 FindFirstFileExW,0_2_0044C2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004868EE FindFirstFileW,FindClose,0_2_004868EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0048698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0048698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0047D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0047D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0047D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0047D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00489642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00489642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0048979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0048979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00489B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00489B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00485C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00485C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004142DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004142DE
Source: firefox.exe, 0000000A.00000002.3266586976.000001E1C7240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllV
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: firefox.exe, 0000000A.00000002.3266586976.000001E1C7240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllM
Source: Web Data.8.drBinary or memory string: discord.comVMware20,11696428655f
Source: Web Data.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Web Data.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: Web Data.8.drBinary or memory string: global block list test formVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: firefox.exe, 0000000A.00000002.3261577298.000001E1C686A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3265484519.000002A13FEF0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3259873643.000002A13F75A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3265309940.0000024294360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 0000000A.00000002.3265628252.000001E1C6E13000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: Web Data.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Web Data.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Web Data.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: Web Data.8.drBinary or memory string: outlook.office365.comVMware20,11696428655t
Source: Web Data.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: firefox.exe, 0000000F.00000002.3265484519.000002A13FEF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Web Data.8.drBinary or memory string: outlook.office.comVMware20,11696428655s
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: Web Data.8.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: AMC password management pageVMware20,11696428655
Source: Web Data.8.drBinary or memory string: tasks.office.comVMware20,11696428655o
Source: Web Data.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Web Data.8.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Web Data.8.drBinary or memory string: interactivebrokers.comVMware20,11696428655
Source: firefox.exe, 0000000A.00000002.3261577298.000001E1C686A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllS@
Source: firefox.exe, 0000000A.00000002.3261577298.000001E1C686A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWPg
Source: Web Data.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: firefox.exe, 00000005.00000003.2026235778.000001B091274000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
Source: Web Data.8.drBinary or memory string: dev.azure.comVMware20,11696428655j
Source: Web Data.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: Web Data.8.drBinary or memory string: bankofamerica.comVMware20,11696428655x
Source: Web Data.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: firefox.exe, 00000014.00000002.3261244883.0000024293F7A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP_6
Source: Web Data.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000002A13FA52377 rdtsc 15_2_000002A13FA52377
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0048EAA2 BlockInput,0_2_0048EAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00442622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00442622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004142DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004142DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00434CE8 mov eax, dword ptr fs:[00000030h]0_2_00434CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00470B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00470B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00442622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00442622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0043083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0043083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004309D5 SetUnhandledExceptionFilter,0_2_004309D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00430C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00430C21
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00471201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00471201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00452BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00452BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0047B226 SendInput,keybd_event,0_2_0047B226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004922DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_004922DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00470B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00470B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00471663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00471663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00430698 cpuid 0_2_00430698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00488195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00488195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0046D27A GetUserNameW,0_2_0046D27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0044B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_0044B952
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004142DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004142DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00491204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00491204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00491806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00491806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1505339 Sample: file.exe Startdate: 06/09/2024 Architecture: WINDOWS Score: 64 44 youtube-ui.l.google.com 2->44 46 www.youtube.com 2->46 48 35 other IPs or domains 2->48 66 Multi AV Scanner detection for submitted file 2->66 68 Binary is likely a compiled AutoIt script file 2->68 70 Machine Learning detection for sample 2->70 72 AI detected suspicious sample 2->72 8 file.exe 1 2->8         started        11 msedge.exe 103 405 2->11         started        14 firefox.exe 1 2->14         started        signatures3 process4 dnsIp5 74 Binary is likely a compiled AutoIt script file 8->74 76 Found API chain indicative of sandbox detection 8->76 16 msedge.exe 10 8->16         started        18 firefox.exe 1 8->18         started        62 192.168.2.5, 443, 49444, 49506 unknown unknown 11->62 64 239.255.255.250 unknown Reserved 11->64 20 msedge.exe 11->20         started        23 msedge.exe 11->23         started        25 msedge.exe 11->25         started        30 4 other processes 11->30 27 firefox.exe 3 210 14->27         started        signatures6 process7 dnsIp8 32 msedge.exe 16->32         started        50 13.107.246.40, 443, 49753, 49754 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->50 52 s-part-0032.t-0009.t-msedge.net 13.107.246.60, 443, 49732, 49736 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->52 58 17 other IPs or domains 20->58 54 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49735, 49749, 49759 GOOGLEUS United States 27->54 56 push.services.mozilla.com 34.107.243.93, 443, 49783, 49798 GOOGLEUS United States 27->56 60 9 other IPs or domains 27->60 40 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 27->40 dropped 42 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 27->42 dropped 34 firefox.exe 27->34         started        36 firefox.exe 27->36         started        38 firefox.exe 27->38         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe29%VirustotalBrowse
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
example.org0%VirustotalBrowse
star-mini.c10r.facebook.com0%VirustotalBrowse
chrome.cloudflare-dns.com0%VirustotalBrowse
prod.classify-client.prod.webservices.mozgcp.net0%VirustotalBrowse
sni1gl.wpc.nucdn.net0%VirustotalBrowse
ssl.bingadsedgeextension-prod-europe.azurewebsites.net0%VirustotalBrowse
dyna.wikimedia.org0%VirustotalBrowse
prod.remote-settings.prod.webservices.mozgcp.net0%VirustotalBrowse
prod.detectportal.prod.cloudops.mozgcp.net0%VirustotalBrowse
services.addons.mozilla.org0%VirustotalBrowse
prod.content-signature-chains.prod.webservices.mozgcp.net0%VirustotalBrowse
twitter.com0%VirustotalBrowse
prod.balrog.prod.cloudops.mozgcp.net0%VirustotalBrowse
reddit.map.fastly.net0%VirustotalBrowse
push.services.mozilla.com0%VirustotalBrowse
prod.ads.prod.webservices.mozgcp.net0%VirustotalBrowse
us-west1.prod.sumo.prod.webservices.mozgcp.net0%VirustotalBrowse
googlehosted.l.googleusercontent.com0%VirustotalBrowse
contile.services.mozilla.com0%VirustotalBrowse
ipv4only.arpa0%VirustotalBrowse
youtube-ui.l.google.com0%VirustotalBrowse
s-part-0032.t-0009.t-msedge.net0%VirustotalBrowse
normandy-cdn.services.mozilla.com0%VirustotalBrowse
telemetry-incoming.r53-2.services.mozilla.com0%VirustotalBrowse
www.reddit.com0%VirustotalBrowse
spocs.getpocket.com0%VirustotalBrowse
clients2.googleusercontent.com0%VirustotalBrowse
support.mozilla.org0%VirustotalBrowse
firefox.settings.services.mozilla.com0%VirustotalBrowse
www.facebook.com0%VirustotalBrowse
content-signature-2.cdn.mozilla.net0%VirustotalBrowse
detectportal.firefox.com0%VirustotalBrowse
bzib.nelreports.net0%VirustotalBrowse
www.youtube.com0%VirustotalBrowse
shavar.services.mozilla.com0%VirustotalBrowse
www.wikipedia.org0%VirustotalBrowse
normandy.cdn.mozilla.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%URL Reputationsafe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge0%URL Reputationsafe
https://content-signature-2.cdn.mozilla.net/0%URL Reputationsafe
https://www.deezer.com/0%URL Reputationsafe
http://win.mail.ru/cgi-bin/sentmsg?mailto=%s0%URL Reputationsafe
https://excel.new?from=EdgeM365Shoreline0%URL Reputationsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%URL Reputationsafe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref0%URL Reputationsafe
https://outlook.live.com/mail/0/0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi0%URL Reputationsafe
https://datastudio.google.com/embed/reporting/0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%Avira URL Cloudsafe
http://www.mozilla.com00%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://outlook.live.com/mail/compose?isExtension=true0%URL Reputationsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%Avira URL Cloudsafe
https://merino.services.mozilla.com/api/v1/suggest0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%VirustotalBrowse
https://www.leboncoin.fr/0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill0%Avira URL Cloudsafe
https://spocs.getpocket.com/spocs0%Avira URL Cloudsafe
https://completion.amazon.com/search/complete?q=0%Avira URL Cloudsafe
https://docs.google.com/0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%Avira URL Cloudsafe
https://identity.mozilla.com/ids/ecosystem_telemetryU0%Avira URL Cloudsafe
https://www.instagram.com0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%Avira URL Cloudsafe
https://monitor.firefox.com/breach-details/0%Avira URL Cloudsafe
https://github.com/w3c/csswg-drafts/issues/46500%Avira URL Cloudsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%Avira URL Cloudsafe
https://xhr.spec.whatwg.org/#sync-warning0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://www.msn.com0%Avira URL Cloudsafe
https://outlook.office.com/mail/compose?isExtension=true0%Avira URL Cloudsafe
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%VirustotalBrowse
https://services.addons.mozilla.org/api/v4/addons/addon/0%Avira URL Cloudsafe
https://tracking-protection-issues.herokuapp.com/new0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%Avira URL Cloudsafe
https://web.telegram.org/0%Avira URL Cloudsafe
https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht0%Avira URL Cloudsafe
https://accounts.youtube.com/0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%Avira URL Cloudsafe
https://api.accounts.firefox.com/v10%Avira URL Cloudsafe
https://drive-daily-2.corp.google.com/0%Avira URL Cloudsafe
https://ok.ru/0%Avira URL Cloudsafe
https://www.amazon.com/0%Avira URL Cloudsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc0%Avira URL Cloudsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%Avira URL Cloudsafe
https://drive-daily-1.corp.google.com/0%Avira URL Cloudsafe
https://www.youtube.com/0%Avira URL Cloudsafe
https://drive-daily-5.corp.google.com/0%Avira URL Cloudsafe
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%Avira URL Cloudsafe
https://MD8.mozilla.org/1/m0%Avira URL Cloudsafe
https://www.bbc.co.uk/0%Avira URL Cloudsafe
https://addons.mozilla.org/firefox/addon/to-google-translate/0%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%Avira URL Cloudsafe
http://127.0.0.1:0%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=12662200%Avira URL Cloudsafe
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-1520%Avira URL Cloudsafe
https://bugzilla.mo0%Avira URL Cloudsafe
https://mitmdetection.services.mozilla.com/0%Avira URL Cloudsafe
https://static.adsafeprotected.com/firefox-etp-js0%Avira URL Cloudsafe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL0%Avira URL Cloudsafe
https://chromewebstore.google.com/0%Avira URL Cloudsafe
https://drive-preprod.corp.google.com/0%Avira URL Cloudsafe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde74770%Avira URL Cloudsafe
https://chrome.google.com/webstore/0%Avira URL Cloudsafe
https://spocs.getpocket.com/0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%Avira URL Cloudsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%Avira URL Cloudsafe
https://www.iqiyi.com/0%Avira URL Cloudsafe
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%Avira URL Cloudsafe
https://www.office.com0%Avira URL Cloudsafe
http://a9.com/-/spec/opensearch/1.0/0%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=15844640%Avira URL Cloudsafe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi0%Avira URL Cloudsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%Avira URL Cloudsafe
https://monitor.firefox.com/user/dashboard0%Avira URL Cloudsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%Avira URL Cloudsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%Avira URL Cloudsafe
https://monitor.firefox.com/about0%Avira URL Cloudsafe
http://mozilla.org/MPL/2.0/.0%Avira URL Cloudsafe
https://account.bellmedia.c0%Avira URL Cloudsafe
https://login.microsoftonline.com0%Avira URL Cloudsafe
https://coverage.mozilla.org0%Avira URL Cloudsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%Avira URL Cloudsafe
https://www.zhihu.com/0%Avira URL Cloudsafe
http://x1.c.lencr.org/00%Avira URL Cloudsafe
http://x1.i.lencr.org/00%Avira URL Cloudsafe
http://a9.com/-/spec/opensearch/1.1/0%Avira URL Cloudsafe
https://blocked.cdn.mozilla.net/0%Avira URL Cloudsafe
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalseunknown
star-mini.c10r.facebook.com
157.240.252.35
truefalseunknown
prod.classify-client.prod.webservices.mozgcp.net
35.190.72.216
truefalseunknown
chrome.cloudflare-dns.com
162.159.61.3
truefalseunknown
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
truefalseunknown
twitter.com
104.244.42.1
truefalseunknown
prod.detectportal.prod.cloudops.mozgcp.net
34.107.221.82
truefalseunknown
services.addons.mozilla.org
52.222.236.23
truefalseunknown
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
truefalseunknown
dyna.wikimedia.org
185.15.59.224
truefalseunknown
prod.remote-settings.prod.webservices.mozgcp.net
34.149.100.209
truefalseunknown
sni1gl.wpc.nucdn.net
152.199.21.175
truefalseunknown
contile.services.mozilla.com
34.117.188.166
truefalseunknown
prod.content-signature-chains.prod.webservices.mozgcp.net
34.160.144.191
truefalseunknown
youtube-ui.l.google.com
142.250.185.238
truefalseunknown
us-west1.prod.sumo.prod.webservices.mozgcp.net
34.149.128.2
truefalseunknown
reddit.map.fastly.net
151.101.1.140
truefalseunknown
ipv4only.arpa
192.0.0.171
truefalseunknown
prod.ads.prod.webservices.mozgcp.net
34.117.188.166
truefalseunknown
push.services.mozilla.com
34.107.243.93
truefalseunknown
normandy-cdn.services.mozilla.com
35.201.103.21
truefalseunknown
googlehosted.l.googleusercontent.com
142.250.181.225
truefalseunknown
s-part-0032.t-0009.t-msedge.net
13.107.246.60
truefalseunknown
telemetry-incoming.r53-2.services.mozilla.com
34.120.208.123
truefalseunknown
www.reddit.com
unknown
unknownfalseunknown
spocs.getpocket.com
unknown
unknownfalseunknown
clients2.googleusercontent.com
unknown
unknownfalseunknown
content-signature-2.cdn.mozilla.net
unknown
unknownfalseunknown
support.mozilla.org
unknown
unknownfalseunknown
firefox.settings.services.mozilla.com
unknown
unknownfalseunknown
www.youtube.com
unknown
unknownfalseunknown
www.facebook.com
unknown
unknownfalseunknown
detectportal.firefox.com
unknown
unknownfalseunknown
normandy.cdn.mozilla.net
unknown
unknownfalseunknown
bzib.nelreports.net
unknown
unknownfalseunknown
shavar.services.mozilla.com
unknown
unknownfalseunknown
www.wikipedia.org
unknown
unknownfalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://www.google.com/favicon.icofalse
  • Avira URL Cloud: safe
unknown
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000014.00000002.3261848823.00000242942C4000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://datastudio.google.com/embed/reporting/firefox.exe, 00000005.00000003.2287033614.000001B0A0865000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.mozilla.com0gmpopenh264.dll.tmp.5.drfalse
  • Avira URL Cloud: safe
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.firefox.exe, 0000000A.00000002.3262818798.000001E1C6CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F9EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3265979377.0000024294503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • URL Reputation: safe
unknown
https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000F.00000002.3260934072.000002A13F986000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3261848823.000002429428F000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.9.drfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.leboncoin.fr/firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://spocs.getpocket.com/spocsfirefox.exe, 00000005.00000003.2164783587.000001B0A90AF000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 00000005.00000003.2233174301.000001B0A6B29000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.google.com/manifest.json.8.drfalse
  • Avira URL Cloud: safe
unknown
https://completion.amazon.com/search/complete?q=firefox.exe, 00000005.00000003.2238960614.000001B0A6BAD000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 00000005.00000003.2268897674.000001B0A9073000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.instagram.com48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/breach-details/firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 00000005.00000003.2181611040.000001B0A8FDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232048117.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000005.00000003.2138330254.000001B0A9035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231604707.000001B0A9034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000005.00000003.2238960614.000001B0A6BAD000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.msn.comfirefox.exe, 00000005.00000003.2234698834.000001B0A2520000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://outlook.office.com/mail/compose?isExtension=true48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://github.com/mozilla-services/screenshotsfirefox.exe, 00000005.00000003.2057530477.000001B09EF50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2057940662.000001B09EF6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2057142590.000001B09EF1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2056996942.000001B09ED00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2057302275.000001B09EF36000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://content-signature-2.cdn.mozilla.net/firefox.exe, 00000005.00000003.2138330254.000001B0A9014000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.deezer.com/48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://web.telegram.org/48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 00000005.00000003.2275536625.000001B0AD26C000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://accounts.youtube.com/000003.log2.8.drfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://api.accounts.firefox.com/v1firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://drive-daily-2.corp.google.com/manifest.json.8.drfalse
  • Avira URL Cloud: safe
unknown
https://ok.ru/firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.amazon.com/firefox.exe, 00000005.00000003.2229770408.000001B0AC154000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 00000005.00000003.2231604707.000001B0A9044000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2138330254.000001B0A9044000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://win.mail.ru/cgi-bin/sentmsg?mailto=%sfirefox.exe, 00000005.00000003.2248888153.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241802563.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210256456.000001B09E73B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191522710.000001B09E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2194182324.000001B09E722000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2227061375.000001B09E729000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2224515175.000001B09E729000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://drive-daily-1.corp.google.com/manifest.json.8.drfalse
  • Avira URL Cloud: safe
unknown
https://excel.new?from=EdgeM365Shoreline48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://www.youtube.com/firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F90A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3261848823.000002429420C000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://drive-daily-5.corp.google.com/manifest.json.8.drfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://MD8.mozilla.org/1/mfirefox.exe, 00000005.00000003.2230854338.000001B0ABF44000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.bbc.co.uk/firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 00000005.00000003.2271365749.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278579760.000001B0A6B40000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.9.drfalse
  • URL Reputation: safe
unknown
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000014.00000002.3261848823.00000242942C4000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://127.0.0.1:firefox.exe, 00000005.00000003.2236989766.000001B0AC0DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2266808603.000001B0AC0DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 00000005.00000003.2251109340.000001B09FA14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2252880661.000001B09F9FC000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 00000005.00000003.2185860785.000001B0A0C2F000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mofirefox.exe, 00000005.00000003.2280023019.000001B0A23C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2276193542.000001B0AC17A000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://mitmdetection.services.mozilla.com/firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000005.00000003.2282784484.000001B0A0CD2000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLfirefox.exe, 00000005.00000003.2275536625.000001B0AD2ED000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffirefox.exe, 0000000A.00000002.3262818798.000001E1C6CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F9EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3265979377.0000024294503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • URL Reputation: safe
unknown
https://chromewebstore.google.com/manifest.json0.8.drfalse
  • Avira URL Cloud: safe
unknown
https://drive-preprod.corp.google.com/manifest.json.8.drfalse
  • Avira URL Cloud: safe
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477firefox.exe, 0000000A.00000002.3262818798.000001E1C6CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F9EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3265979377.0000024294503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore/manifest.json0.8.drfalse
  • Avira URL Cloud: safe
unknown
https://spocs.getpocket.com/firefox.exe, 00000005.00000003.2164783587.000001B0A90AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3260934072.000002A13F912000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3261848823.0000024294213000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.iqiyi.com/firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2109180108.000001B0AAAD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.office.com48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 00000005.00000003.2181611040.000001B0A8FDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232048117.000001B0A8FDE000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/0/48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drfalse
  • URL Reputation: safe
unknown
http://a9.com/-/spec/opensearch/1.0/firefox.exe, 00000005.00000003.2232445915.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270969555.000001B0A6BB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2182014843.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/aboutfirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://mozilla.org/MPL/2.0/.firefox.exe, 00000005.00000003.2207380446.000001B09F688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2273373182.000001B0A23D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2164783587.000001B0A908D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278349572.000001B0A6B6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241919051.000001B09C5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241149554.000001B0A01E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2229242773.000001B09EADF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2289597212.000001B0A0387000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2062302694.000001B09EACD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2234698834.000001B0A2516000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2273373182.000001B0A23AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2202340538.000001B0A91B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2234625054.000001B0A6A06000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2180260988.000001B0AD870000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2247031232.000001B0A01E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2280023019.000001B0A23D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291641896.000001B09F68F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2165154053.000001B0A1AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2207380446.000001B09F66A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2061381036.000001B09F6C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081448541.000001B0A91B5000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://account.bellmedia.cfirefox.exe, 00000005.00000003.2234698834.000001B0A2520000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://login.microsoftonline.comfirefox.exe, 00000005.00000003.2234698834.000001B0A2520000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://coverage.mozilla.orgfirefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.5.drfalse
  • Avira URL Cloud: safe
unknown
https://csp.withgoogle.com/csp/report-to/AccountsSignInUiReporting and NEL.9.drfalse
  • URL Reputation: safe
unknown
https://www.zhihu.com/firefox.exe, 00000005.00000003.2165154053.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2181611040.000001B0A8F25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2184930668.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2139474960.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274549780.000001B0A1A9B000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://x1.c.lencr.org/0firefox.exe, 00000005.00000003.2234271666.000001B0A6A38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2164783587.000001B0A908D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2238782593.000001B0A9091000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231406146.000001B0A908F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270715905.000001B0A8711000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2138330254.000001B0A908D000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://x1.i.lencr.org/0firefox.exe, 00000005.00000003.2234271666.000001B0A6A38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2164783587.000001B0A908D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2238782593.000001B0A9091000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231406146.000001B0A908F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270715905.000001B0A8711000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2138330254.000001B0A908D000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/compose?isExtension=true48de33f1-94cd-4379-9322-c81bbd669fe7.tmp.8.drfalse
  • URL Reputation: safe
unknown
http://a9.com/-/spec/opensearch/1.1/firefox.exe, 00000005.00000003.2232445915.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270969555.000001B0A6BB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2182014843.000001B0A6BB8000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://blocked.cdn.mozilla.net/firefox.exe, 0000000A.00000002.3262081774.000001E1C6970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.3264218473.000002A13FA00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3261031726.0000024293F20000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 00000005.00000003.2138330254.000001B0A9035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231604707.000001B0A9034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://json-schema.org/draft/2019-09/schemafirefox.exe, 00000005.00000003.2182014843.000001B0A6B8F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2271122185.000001B0A6B8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2232445915.000001B0A6B6F000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 00000005.00000003.2138330254.000001B0A9035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231604707.000001B0A9034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268984484.000001B0A9039000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
13.107.246.40
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
152.195.19.97
unknownUnited States
15133EDGECASTUSfalse
142.251.40.228
unknownUnited States
15169GOOGLEUSfalse
13.107.246.60
s-part-0032.t-0009.t-msedge.netUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
172.253.122.84
unknownUnited States
15169GOOGLEUSfalse
23.219.161.132
unknownUnited States
20940AKAMAI-ASN1EUfalse
162.159.61.3
chrome.cloudflare-dns.comUnited States
13335CLOUDFLARENETUSfalse
142.251.40.110
unknownUnited States
15169GOOGLEUSfalse
34.117.188.166
contile.services.mozilla.comUnited States
139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
52.222.236.23
services.addons.mozilla.orgUnited States
16509AMAZON-02USfalse
35.201.103.21
normandy-cdn.services.mozilla.comUnited States
15169GOOGLEUSfalse
172.64.41.3
unknownUnited States
13335CLOUDFLARENETUSfalse
34.120.208.123
telemetry-incoming.r53-2.services.mozilla.comUnited States
15169GOOGLEUSfalse
142.251.179.84
unknownUnited States
15169GOOGLEUSfalse
23.44.201.27
unknownUnited States
20940AKAMAI-ASN1EUfalse
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.netUnited Kingdom
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
34.149.100.209
prod.remote-settings.prod.webservices.mozgcp.netUnited States
2686ATGS-MMD-ASUSfalse
34.107.243.93
push.services.mozilla.comUnited States
15169GOOGLEUSfalse
34.107.221.82
prod.detectportal.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
35.244.181.201
prod.balrog.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
142.250.181.225
googlehosted.l.googleusercontent.comUnited States
15169GOOGLEUSfalse
239.255.255.250
unknownReserved
unknownunknownfalse
35.190.72.216
prod.classify-client.prod.webservices.mozgcp.netUnited States
15169GOOGLEUSfalse
34.160.144.191
prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
2686ATGS-MMD-ASUSfalse
142.250.72.110
unknownUnited States
15169GOOGLEUSfalse

Private

IP
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1505339
Start date and time:2024-09-06 02:56:06 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 39s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:23
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:file.exe
Detection:MAL
Classification:mal64.evad.winEXE@75/292@74/27
EGA Information:
  • Successful, ratio: 50%
HCA Information:
  • Successful, ratio: 96%
  • Number of executed functions: 35
  • Number of non-executed functions: 315
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 13.107.42.16, 108.177.15.84, 204.79.197.239, 13.107.21.239, 142.250.186.46, 13.107.6.158, 2.19.126.145, 2.19.126.152, 142.250.186.35, 2.23.209.133, 2.23.209.182, 2.23.209.149, 2.23.209.140, 2.23.209.130, 142.250.181.227, 142.251.168.84, 20.75.60.91, 35.81.254.255, 52.11.251.113, 44.239.24.213, 199.232.214.172, 192.229.221.95, 142.250.184.238, 2.22.61.59, 2.22.61.56, 216.58.206.78, 142.250.186.42, 142.250.185.138, 142.250.65.163, 142.250.81.227, 142.251.41.3
  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, edgeassetservice.afd.azureedge.net, aus5.mozilla.org, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, www.bing.com, fs.microsoft.com, shavar.prod.mozaws.net, bingadsedgeextension-prod.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, wildcardtlu-ssl.azureedge.net, edgeassetservice.azureedge.net, clients.l.google.com, location.services.mozilla.com, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, incoming.telemetry.mozilla.org, a17.rackcdn.com.mdc.edgesuite.net, arc.msn.com, iris-de-prod-azsc-v2-eus2-b.eastus2.cloudapp.azure.com, www.bing.com.edgekey.net, redirector.gvt1.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficmana
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtWriteVirtualMemory calls found.
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

TimeTypeDescription
20:57:18API Interceptor1x Sleep call for process: firefox.exe modified

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
  • www.aib.gov.uk/
NEW ORDER.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/3zs
PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/42Q
06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
  • 2s.gg/3zk
Quotation.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/3zM
152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
  • www.ust.com/
13.107.246.60https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1vGet hashmaliciousUnknownBrowse
  • www.mimecast.com/Customers/Support/Contact-support/
http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5Get hashmaliciousUnknownBrowse
  • wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5

Domains

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
  • 172.64.41.3
file.exeGet hashmaliciousUnknownBrowse
  • 162.159.61.3
file.exeGet hashmaliciousUnknownBrowse
  • 162.159.61.3
file.exeGet hashmaliciousUnknownBrowse
  • 162.159.61.3
https://ws.onehub.com/folders/xxma24lqGet hashmaliciousUnknownBrowse
  • 162.159.61.3
file.exeGet hashmaliciousUnknownBrowse
  • 172.64.41.3
file.exeGet hashmaliciousUnknownBrowse
  • 172.64.41.3
file.exeGet hashmaliciousUnknownBrowse
  • 162.159.61.3
file.exeGet hashmaliciousUnknownBrowse
  • 172.64.41.3
file.exeGet hashmaliciousUnknownBrowse
  • 162.159.61.3
example.orgfile.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
star-mini.c10r.facebook.comhttp://loginnetflixleiojfioje.blogspot.com.cy/Get hashmaliciousUnknownBrowse
  • 157.240.253.35
http://geminiak.weebly.com/Get hashmaliciousUnknownBrowse
  • 157.240.251.35
http://mettamask-org-exoi.webflow.io/Get hashmaliciousUnknownBrowse
  • 157.240.0.35
http://support-metamlk-exten.webflow.io/Get hashmaliciousUnknownBrowse
  • 157.240.252.35
http://help-s-sso-metmeask.webflow.io/Get hashmaliciousUnknownBrowse
  • 157.240.252.35
http://help-hub-metamasskk--net.webflow.io/Get hashmaliciousUnknownBrowse
  • 157.240.0.35
http://learn-help---mettamsks.webflow.io/Get hashmaliciousUnknownBrowse
  • 157.240.0.35
http://help-walletconect---sso.gitbook.io/Get hashmaliciousUnknownBrowse
  • 157.240.252.35
http://bt-108132.weeblysite.com/Get hashmaliciousUnknownBrowse
  • 157.240.252.35
http://walletconanect.gitbook.io/Get hashmaliciousUnknownBrowse
  • 157.240.252.35

ASNs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousUnknownBrowse
  • 20.75.60.91
file.exeGet hashmaliciousUnknownBrowse
  • 13.107.246.51
http://geminiak.weebly.com/Get hashmaliciousUnknownBrowse
  • 51.104.148.203
http://mettamask-org-exoi.webflow.io/Get hashmaliciousUnknownBrowse
  • 150.171.27.10
http://support-metamlk-exten.webflow.io/Get hashmaliciousUnknownBrowse
  • 150.171.28.10
http://help-s-sso-metmeask.webflow.io/Get hashmaliciousUnknownBrowse
  • 150.171.28.10
http://help-hub-metamasskk--net.webflow.io/Get hashmaliciousUnknownBrowse
  • 150.171.27.10
http://learn-help---mettamsks.webflow.io/Get hashmaliciousUnknownBrowse
  • 150.171.27.10
http://manta-network.de/Get hashmaliciousUnknownBrowse
  • 20.4.130.154
http://www.3659ggg.net/Get hashmaliciousUnknownBrowse
  • 52.184.8.29
AKAMAI-ASN1EUfile.exeGet hashmaliciousUnknownBrowse
  • 23.44.133.38
file.exeGet hashmaliciousUnknownBrowse
  • 104.126.116.43
file.exeGet hashmaliciousUnknownBrowse
  • 23.219.82.8
file.exeGet hashmaliciousUnknownBrowse
  • 104.70.121.219
file.exeGet hashmaliciousUnknownBrowse
  • 23.59.250.35
file.exeGet hashmaliciousUnknownBrowse
  • 23.219.82.26
Setup.exeGet hashmaliciousLummaC StealerBrowse
  • 23.197.127.21
https://jtielectrical-my.sharepoint.com/:f:/g/personal/wwise_jtielectric_com/EiRUStVFyApDuTy9pUHQbzMB7Ixh_nngG6WTsOeTzF4k1w?e=MsJpM6Get hashmaliciousUnknownBrowse
  • 2.16.238.149
https://webmail_208425654.itdays.net/271702705cloudstore-428375907?data=consumer-in@kenvue.comGet hashmaliciousHTMLPhisherBrowse
  • 2.16.6.30
https://eu2.contabostorage.com/0f057bf4d91340d3ae18d5f31372fa7e:new/document.html#rthurston@democracyforward.orgGet hashmaliciousUnknownBrowse
  • 23.55.252.214
EDGECASTUSfile.exeGet hashmaliciousUnknownBrowse
  • 152.195.19.97
file.exeGet hashmaliciousUnknownBrowse
  • 152.195.19.97
https://xy2.eu/3k2fIGet hashmaliciousUnknownBrowse
  • 192.229.221.25
file.exeGet hashmaliciousUnknownBrowse
  • 152.195.19.97
file.exeGet hashmaliciousUnknownBrowse
  • 152.195.19.97
file.exeGet hashmaliciousUnknownBrowse
  • 152.195.19.97
Status Update NGKUV.htmlGet hashmaliciousHTMLPhisherBrowse
  • 152.199.21.175
file.exeGet hashmaliciousUnknownBrowse
  • 152.195.19.97
https://emails.microsoft.com/dc/e_4JGRIDqcoiTU1HR-giCWWkyCmeORqUCO4pEjpDTddrBVlbCteZJj8QfhFvhzGnrSwkFwZUI8U0ElApY3ruN2moaZlprSDGWrxtrbI1MBxlzIbpGFmlWRXVz-DfjyzMo6DjGJvk2NdT1NgnbRCGzTYRw7PzgS1STErkGqov-2A=/MTU3LUdRRS0zODIAAAGVXrvPPFFO4qk2k5S0WBN6iOmgYzwr15ol9HTLY_vuNwgIljWNKTe4HuyrKAtA0lJBatyTgWI=Get hashmaliciousHTMLPhisherBrowse
  • 152.199.21.175
Jenny Baker-ln service Agreetment-##num##.pdfGet hashmaliciousHTMLPhisherBrowse
  • 152.199.21.175
MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousUnknownBrowse
  • 20.75.60.91
file.exeGet hashmaliciousUnknownBrowse
  • 13.107.246.51
http://geminiak.weebly.com/Get hashmaliciousUnknownBrowse
  • 51.104.148.203
http://mettamask-org-exoi.webflow.io/Get hashmaliciousUnknownBrowse
  • 150.171.27.10
http://support-metamlk-exten.webflow.io/Get hashmaliciousUnknownBrowse
  • 150.171.28.10
http://help-s-sso-metmeask.webflow.io/Get hashmaliciousUnknownBrowse
  • 150.171.28.10
http://help-hub-metamasskk--net.webflow.io/Get hashmaliciousUnknownBrowse
  • 150.171.27.10
http://learn-help---mettamsks.webflow.io/Get hashmaliciousUnknownBrowse
  • 150.171.27.10
http://manta-network.de/Get hashmaliciousUnknownBrowse
  • 20.4.130.154
http://www.3659ggg.net/Get hashmaliciousUnknownBrowse
  • 52.184.8.29

JA3 Fingerprints

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousUnknownBrowse
  • 13.85.23.86
  • 184.28.90.27
  • 20.12.23.50
file.exeGet hashmaliciousUnknownBrowse
  • 13.85.23.86
  • 184.28.90.27
  • 20.12.23.50
http://dappdefi-layer.com/Get hashmaliciousUnknownBrowse
  • 13.85.23.86
  • 184.28.90.27
  • 20.12.23.50
http://www.internal-checker.com/Get hashmaliciousUnknownBrowse
  • 13.85.23.86
  • 184.28.90.27
  • 20.12.23.50
http://hoangboy23.github.io/Get hashmaliciousHTMLPhisherBrowse
  • 13.85.23.86
  • 184.28.90.27
  • 20.12.23.50
https://bafkreih4ip5zjsxef3jbe32pyegreos33fovmx4546n5bglt5plmopvjiq.ipfs.dweb.link/Get hashmaliciousHTMLPhisherBrowse
  • 13.85.23.86
  • 184.28.90.27
  • 20.12.23.50
http://bafkreih4ip5zjsxef3jbe32pyegreos33fovmx4546n5bglt5plmopvjiq.ipfs.cf-ipfs.com/Get hashmaliciousHTMLPhisherBrowse
  • 13.85.23.86
  • 184.28.90.27
  • 20.12.23.50
https://onyxbusinesssolutions.co.za/ie/yoww6n/as5kb3lub3zaaxmtymcubmv0/Get hashmaliciousUnknownBrowse
  • 13.85.23.86
  • 184.28.90.27
  • 20.12.23.50
http://loginnetflixleiojfioje.blogspot.com.cy/Get hashmaliciousUnknownBrowse
  • 13.85.23.86
  • 184.28.90.27
  • 20.12.23.50
https://www.dhl886.top/?i=253635/Get hashmaliciousUnknownBrowse
  • 13.85.23.86
  • 184.28.90.27
  • 20.12.23.50
fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123

Dropped Files

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousUnknownBrowse
    file.exeGet hashmaliciousUnknownBrowse
      file.exeGet hashmaliciousUnknownBrowse
        file.exeGet hashmaliciousUnknownBrowse
          file.exeGet hashmaliciousUnknownBrowse
            file.exeGet hashmaliciousUnknownBrowse
              file.exeGet hashmaliciousUnknownBrowse
                file.exeGet hashmaliciousUnknownBrowse
                  file.exeGet hashmaliciousUnknownBrowse
                    file.exeGet hashmaliciousUnknownBrowse
                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                        file.exeGet hashmaliciousUnknownBrowse
                          file.exeGet hashmaliciousUnknownBrowse
                            file.exeGet hashmaliciousUnknownBrowse
                              file.exeGet hashmaliciousUnknownBrowse
                                file.exeGet hashmaliciousUnknownBrowse
                                  file.exeGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousUnknownBrowse

                                          Created / dropped Files

                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_a1de13d6-81fb-42b5-b999-eba476db9124.json (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):7813
                                          Entropy (8bit):5.175465372913794
                                          Encrypted:false
                                          SSDEEP:192:hnKMiWyW8WncbhbVbTbfbRbObtbyEl7nrzQryJA6wnSrDtTkd/Sb:hnPjcNhnzFSJLzQrhjnSrDhkd/C
                                          MD5:516207BE25FD47610071803068B5394C
                                          SHA1:FDA2BC9E64FD6067DEC572775FE75B837EF5187D
                                          SHA-256:99826DBF9F5B40C8DC11C8DA448022DCDF7ED167E39CAEDDA9D4E0E6BB2DE298
                                          SHA-512:9A92D4B4D799C9BB6F61DBB7F01F340494C55B59061E7CE8439FFFBEC41E26024560F87F016960BECC1285199E72EA2687CE1F3AF25B7DD67C0F05D2F00C33C1
                                          Malicious:false
                                          Preview:{"type":"uninstall","id":"a1de13d6-81fb-42b5-b999-eba476db9124","creationDate":"2024-09-06T02:13:32.388Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_a1de13d6-81fb-42b5-b999-eba476db9124.json.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):7813
                                          Entropy (8bit):5.175465372913794
                                          Encrypted:false
                                          SSDEEP:192:hnKMiWyW8WncbhbVbTbfbRbObtbyEl7nrzQryJA6wnSrDtTkd/Sb:hnPjcNhnzFSJLzQrhjnSrDhkd/C
                                          MD5:516207BE25FD47610071803068B5394C
                                          SHA1:FDA2BC9E64FD6067DEC572775FE75B837EF5187D
                                          SHA-256:99826DBF9F5B40C8DC11C8DA448022DCDF7ED167E39CAEDDA9D4E0E6BB2DE298
                                          SHA-512:9A92D4B4D799C9BB6F61DBB7F01F340494C55B59061E7CE8439FFFBEC41E26024560F87F016960BECC1285199E72EA2687CE1F3AF25B7DD67C0F05D2F00C33C1
                                          Malicious:false
                                          Preview:{"type":"uninstall","id":"a1de13d6-81fb-42b5-b999-eba476db9124","creationDate":"2024-09-06T02:13:32.388Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2f7c5b9e-987c-45fc-8bab-76eb7a1cbe28.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:modified
                                          Size (bytes):44596
                                          Entropy (8bit):6.096125516467313
                                          Encrypted:false
                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBWwu3hDO6vP6OwCKCF00PBy+FDFDcGoup1Xl3jVz6:z/Ps+wsI7ynE96QRichu3VlXr4CRo1
                                          MD5:55AFCF8B5D02B1DDC70A93DCBE4BA83A
                                          SHA1:CD5E6AA297B8528488DDD38F5BC3CEE7D7C91DE2
                                          SHA-256:88E06955DDAFC7724359CF0BAD76479CD19D145F2DAC378C81570C4C5937EB16
                                          SHA-512:278E7DEAAEEF2BE0321744C0E2BB344B19B245BEB667C532EABD5A3C9DE177880B159CB66473E77BBD6053AD94DC87F6CC01736F19A74CD113E315AA2B5E71D0
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\52d355ce-1265-4b96-94be-4c092174042e.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):44137
                                          Entropy (8bit):6.090715793362919
                                          Encrypted:false
                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMLwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynET6mtbz8hu3VlXr4CRo1
                                          MD5:DD63FCB72074D2C0F82286E3F11F7CBA
                                          SHA1:4ED5A70EEE12E25ACA35552C787C69637A6A63AA
                                          SHA-256:8114947890FD1244BB9E4E80CCAED2A733E2F5CE4485B88B7E51F09A617F9D8B
                                          SHA-512:505660156458586F58DB2F0FDCEB68662211339FD83060DE64B67073E7CADCB88E2AC325CB5A24927AD9551C5BDF3E5F71043F4D13251D2C51BD78B62BA05497
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\69f50775-afb4-41ae-89aa-64ef0662b8f9.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):44596
                                          Entropy (8bit):6.096125516467313
                                          Encrypted:false
                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBWwu3hDO6vP6OwCKCF00PBy+FDFDcGoup1Xl3jVz6:z/Ps+wsI7ynE96QRichu3VlXr4CRo1
                                          MD5:55AFCF8B5D02B1DDC70A93DCBE4BA83A
                                          SHA1:CD5E6AA297B8528488DDD38F5BC3CEE7D7C91DE2
                                          SHA-256:88E06955DDAFC7724359CF0BAD76479CD19D145F2DAC378C81570C4C5937EB16
                                          SHA-512:278E7DEAAEEF2BE0321744C0E2BB344B19B245BEB667C532EABD5A3C9DE177880B159CB66473E77BBD6053AD94DC87F6CC01736F19A74CD113E315AA2B5E71D0
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):107893
                                          Entropy (8bit):4.640145133154881
                                          Encrypted:false
                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7Y:fwUQC5VwBIiElEd2K57P7Y
                                          MD5:46BC3CA050C9032312C051408F8C6227
                                          SHA1:4EC92F610AC217A2AB2927A8B71AD8BF5157D72D
                                          SHA-256:CB9C9EED0F363C3193E8676B326299AED296899E17323BA2D48619BAF5249FC6
                                          SHA-512:BB3126EBAD87C08B80CF3125BCDF838CEB7012F72B142B6CE67C8DAB7E57C52478876CAF19ECAC5670D5A0C2C3505F92DFB2E3013791359BFDD7094B29FC157F
                                          Malicious:false
                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\c39a2d37-0d59-4d91-bac2-b5226f34cab6.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):107893
                                          Entropy (8bit):4.640145133154881
                                          Encrypted:false
                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7Y:fwUQC5VwBIiElEd2K57P7Y
                                          MD5:46BC3CA050C9032312C051408F8C6227
                                          SHA1:4EC92F610AC217A2AB2927A8B71AD8BF5157D72D
                                          SHA-256:CB9C9EED0F363C3193E8676B326299AED296899E17323BA2D48619BAF5249FC6
                                          SHA-512:BB3126EBAD87C08B80CF3125BCDF838CEB7012F72B142B6CE67C8DAB7E57C52478876CAF19ECAC5670D5A0C2C3505F92DFB2E3013791359BFDD7094B29FC157F
                                          Malicious:false
                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4194304
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3::
                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4194304
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3::
                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DA5358-1D40.pma

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4194304
                                          Entropy (8bit):0.47598082297786126
                                          Encrypted:false
                                          SSDEEP:3072:cGmQuoZp5IyAQGG/vrwug1HFhx2mLq7TskEexqiYycZOYfg1HFvAT:uQu+nAZG3rwuaHTxfWCexqbycZlaHZA
                                          MD5:41CB31FA0898A2FAFAEA9CDF67E53DE7
                                          SHA1:50696D5F528B2791AFF2530B55004ADB8E016BCA
                                          SHA-256:939974999296DEDB3F82493E385A9132EC7966057A5E3444CACB46F163B81CA6
                                          SHA-512:98D9F2D59A21EECF8B512B46B3ABDF62296FD7AA31D4503DD7B4BD5933209015BD53A49FEC4C9916E776A059F96490ACB99F57EF88A8E7B7F8FC74EC44817557
                                          Malicious:false
                                          Preview:...@..@...@.....C.].....@...............X...................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".drjpnt20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K..>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.............. .2......._.....

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):280
                                          Entropy (8bit):4.132041621771752
                                          Encrypted:false
                                          SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
                                          MD5:845CFA59D6B52BD2E8C24AC83A335C66
                                          SHA1:6882BB1CE71EB14CEF73413EFC591ACF84C63C75
                                          SHA-256:29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
                                          SHA-512:8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
                                          Malicious:false
                                          Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\286a6251-155f-4f18-bcd5-b6a8aa56ec3f.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):40504
                                          Entropy (8bit):5.5615981462737425
                                          Encrypted:false
                                          SSDEEP:768:MAxXXC7pLGLvftWPUGfAM8F1+UoAYDCx9Tuqh0VfUC9xbog/OVKRwXUgIrwR/4/O:MAxXXacvftWPUGfAMu1ja/RwkgZR/4ir
                                          MD5:9DD175FF1F2A43447A7E34819E4D3016
                                          SHA1:8460D49C37F762FE3351241EE39E397AEB52E007
                                          SHA-256:97A349007BC4A0DEA9578E5ADF664C86D22408A6CCB630D6E37594B4CBE40606
                                          SHA-512:337E9B32D2BEF804A0310B830FE5053973A870682841F1531718E9AF1C768077A4831462D77EB057014AF01D58F69A7F5110A71E5BA4F028D97956799CDCE0AD
                                          Malicious:false
                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370057816964993","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370057816964993","location":5,"ma

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3ea6855d-3f9c-461e-9baa-28b93d3b79a6.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:L:L
                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                          Malicious:false
                                          Preview:.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\48de33f1-94cd-4379-9322-c81bbd669fe7.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):115717
                                          Entropy (8bit):5.183660917461099
                                          Encrypted:false
                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                          Malicious:false
                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7381be72-96ad-4028-90d9-15d700f290e8.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):13425
                                          Entropy (8bit):5.280424798825041
                                          Encrypted:false
                                          SSDEEP:384:stQ+PGQSugsoFfhPFBqbGTQx6WzlaTYrb:slOXucFf7BqbGMxdaTY/
                                          MD5:C0BCCC53345EDA4C6EC8051D1EB4BB51
                                          SHA1:F9D4B2B1E881AE85D69C6BA401A43EEA1F69562E
                                          SHA-256:419ED5C5735B9F15D6A819AE517AC858837F336C2682034B73CA2F51330248D7
                                          SHA-512:59C326AF80E5D0BE20D03F006447AF104BEFEA1B5634B2541AE4F460FB00A43E350C91BC8F7C8E15A5521A39A58BD8E18EB78C3F699107EA54862DB74526ECE3
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370057817518204","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):33
                                          Entropy (8bit):3.5394429593752084
                                          Encrypted:false
                                          SSDEEP:3:iWstvhYNrkUn:iptAd
                                          MD5:F27314DD366903BBC6141EAE524B0FDE
                                          SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                          SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                          SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                          Malicious:false
                                          Preview:...m.................DB_VERSION.1

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):309
                                          Entropy (8bit):5.236023504789171
                                          Encrypted:false
                                          SSDEEP:6:PIdXLvM1923oH+Tcwtp3hBtB2KLllIdrVq2P923oH+Tcwtp3hBWsIFUv:PIjhYebp3dFLn0v4Yebp3eFUv
                                          MD5:2566A6456A53E4CE3C156B2548BE0029
                                          SHA1:0BC92D1D5B3173F32CD7D302E1109F431B4207D3
                                          SHA-256:510BE5384227E2AD534522178CAF8DFA214C3F9E1EC9A2E9876D7C279CB28CFA
                                          SHA-512:113131B0D339693308DB79AB1B5CAD5AC457C77F77AE0D91C895B6754E30ED9334023A0874482995BBF2C823C72EA2C03C37F4168F23DEAD842898D3C724B878
                                          Malicious:false
                                          Preview:2024/09/05-20:57:02.146 1dc4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/09/05-20:57:03.190 1dc4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:OpenPGP Secret Key
                                          Category:dropped
                                          Size (bytes):41
                                          Entropy (8bit):4.704993772857998
                                          Encrypted:false
                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                          Malicious:false
                                          Preview:.|.."....leveldb.BytewiseComparator......

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:modified
                                          Size (bytes):2163821
                                          Entropy (8bit):5.222857565333289
                                          Encrypted:false
                                          SSDEEP:24576:v+/PN8FnfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8Rfx2mjF
                                          MD5:9F9E4CFB0D08F1B293B00856B17801A9
                                          SHA1:2470A57527C9DACEA36B3BFA0FE7C76518E209BE
                                          SHA-256:3E179127D986FAD3D888E5E293103C4CA0DBBD0AC661185DAFEEC08049695438
                                          SHA-512:3A9826DE652A73DBE8984463E060650DCAE5499E5E3AB146A87DBC64D51C97072E50A416E8AF1D13F29B954294D61F7AC06C044730E3B7F71ACD5400557600B9
                                          Malicious:false
                                          Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):336
                                          Entropy (8bit):5.110694392542183
                                          Encrypted:false
                                          SSDEEP:6:PIdVLPHDM+q2P923oH+Tcwt9Eh1tIFUt82IdVLRFQgZmw+2IdVLdFQDMVkwO923A:PQPHDM+v4Yeb9Eh16FUt82QjQg/+2QHy
                                          MD5:4814042F52A425AA802CC12A6D8DFF07
                                          SHA1:9AAF80374F133E41E0ADEF378041E035E63D9CC8
                                          SHA-256:7D10B3AB9034B0AA59BA29F63A4189422C5C8A87FCF693E5D3FF13F120D27F0E
                                          SHA-512:1E483773AAF99B3A35D558EDD0FDFCCE3807E6952D8BBCDE1717D8534EC5BA6C6BA3C6BBB2FC81A63E52E841262132BFFC6FBC84A059FA5645BA44C07EC502D6
                                          Malicious:false
                                          Preview:2024/09/05-20:57:00.933 238c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/05-20:57:00.934 238c Recovering log #3.2024/09/05-20:57:00.938 238c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):336
                                          Entropy (8bit):5.110694392542183
                                          Encrypted:false
                                          SSDEEP:6:PIdVLPHDM+q2P923oH+Tcwt9Eh1tIFUt82IdVLRFQgZmw+2IdVLdFQDMVkwO923A:PQPHDM+v4Yeb9Eh16FUt82QjQg/+2QHy
                                          MD5:4814042F52A425AA802CC12A6D8DFF07
                                          SHA1:9AAF80374F133E41E0ADEF378041E035E63D9CC8
                                          SHA-256:7D10B3AB9034B0AA59BA29F63A4189422C5C8A87FCF693E5D3FF13F120D27F0E
                                          SHA-512:1E483773AAF99B3A35D558EDD0FDFCCE3807E6952D8BBCDE1717D8534EC5BA6C6BA3C6BBB2FC81A63E52E841262132BFFC6FBC84A059FA5645BA44C07EC502D6
                                          Malicious:false
                                          Preview:2024/09/05-20:57:00.933 238c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/05-20:57:00.934 238c Recovering log #3.2024/09/05-20:57:00.938 238c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):0.46532654605843743
                                          Encrypted:false
                                          SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfB4r5K:TouQq3qh7z3bY2LNW9WMcUvB4
                                          MD5:D2065F942E5E2813DBF1ED26DD26D519
                                          SHA1:B03B4F04A46529892C2FB306F8C994CBB371DD6E
                                          SHA-256:811FA8FC1BDA0AC239F155D7D88911EB0609EAA8189A6F984A9E94274B9F77AE
                                          SHA-512:AD5992679BCDB94428B1B8448D9043928855D7DDBC1B6F9DEAF3CC088E38B7D72F1B4312CCA2F1C088EB7FA37D939CEEEB6C33A1B29F4891D4FAEC3D6E4D41BF
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                          Category:dropped
                                          Size (bytes):10240
                                          Entropy (8bit):0.8708334089814068
                                          Encrypted:false
                                          SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                          MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                          SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                          SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                          SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):636554
                                          Entropy (8bit):6.0127694795093625
                                          Encrypted:false
                                          SSDEEP:12288:BhjHVMIvgjD8xIXualvzHR7iaQKR+8JbtlmkdBC1esJxrVcQNaiBa:Bhq+kaIXnQs+Qb3mkGbJo5
                                          MD5:CDE9ABB05D9CF09C0DA933480FEC3B64
                                          SHA1:D28F62243CA290594B0EB556FE0831AA6FCC6C8A
                                          SHA-256:036961C14225D6DD3397D4EA5B38D010A7F0EE778CFDBEFE9437F37DDE78E39F
                                          SHA-512:FFD65D76C5DF99F63EDE9695B15CE7D3AD175FB87AD8C708DDBBF5E3747379CBCA0F30C5146E7EE1A86037DB96A63F36AAAD5606D6D95BF45022E3024BF2F018
                                          Malicious:false
                                          Preview:...m.................DB_VERSION.1.!Z2.................BLOOM_FILTER:..&{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3767945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+o3+RncW1oGSCAJdFuTFqUW6YaGaAbCC0mXuZLc6TAdWf+a3VWHilOI7HUSutZN7jjBKd4Xi34zSVDgDggvk4iE7SFOUe0to/ca2Z9NKMxb3353s+Xz5MJEyQlwFGH9Q4NPsSG7/Mg0OzIizAAoQKAb68INGxcqMD8b8cjATmbZA8J3gaDgCBh+FwkLSt7ItZOvFiz1UWGdFoGeWLVoid0mXBF1tVxiUsnfZrTOYUq+ybxegQgLR7oDn/09U0naczNrckPPeVov9TOq080La20glc39nrbTQ161ERvbKrN6QBMsgiTOHVfZfSTGNbPb7sPb+5dDTy5Pj4SDC6TCZj8jX3zHAoaELBAojh3rXGAdRcmlzljl/F2zoyuFBIUzr1kW7W1ersVw2uiPbjdETQ6f6PzQr5AIUQSnGkCAK4eY8TDM6HLdxH8VjohD4l8UWF3Y9XOks322TYQmhq7J/I5qw0+ibgaYj2D0vvNSxCuIJMAcBjJAiV3jSfyJZCI7hs3VWZSRjobGr+J4EqQa3vtIovMi1uA9KKefV9pM81NjK5N2TORH5BQe9Np+dJNRjevW/vXAW4n+oqu76r1jaC4FKAy9+Xb5xIFPlpZDNzVhz/6/ct6Hct8kU9B96g6Gv3o9/8jKq///viYVNKvcp+tGhn40YSm6uaOjATydJjaZqudEoej2VEh/hMKMwBMZNV2DvJuxJfXP9Vxyc06+ZH2XLctB6KM125+jdQ7UtY9dujxJcJ6P5ONGgAQohAe9Jqk8wYOnC5u/cDvlnwhGVt8QSnkPqM+ce4mL

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000004.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):142
                                          Entropy (8bit):5.068909017288791
                                          Encrypted:false
                                          SSDEEP:3:xll/38E28xp4m3rscUSXQTk9qMUPGkjlf+nETPxpK2x7L8KFunLtPQF:B38D8xSEsIXGkmV+n0PxEWHFeJc
                                          MD5:8951F6398E0B286669A79E69FAC885F2
                                          SHA1:E55E0F88D19D4E3F3E6BBBC765D6C5E86BD55E06
                                          SHA-256:12F4DC4D9DBAC57E560C85E7745EA0B386E00AFD9F2AEEA02EBE5EDDF488B920
                                          SHA-512:C98F2870C419B817890B05A879006C087A90E5EDDFA00B8E73FD4AF69E6792B9BEE678236DD6D2B2AEF39D4F9CEC909056A5A2576AEEB3823D83E253C47F45F6
                                          Malicious:false
                                          Preview:j..9................BLOOM_FILTER_EXPIRY_TIME:.1725670624.293054.m.*G................BLOOM_FILTER_LAST_MODIFIED:.Thu, 05 Sep 2024 23:31:15 GMT

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):636529
                                          Entropy (8bit):6.012178686683981
                                          Encrypted:false
                                          SSDEEP:12288:vhEHVMavgBg8bIXuHlvzHM7iawKRt8AbtA0kdBO1esJxLVcWGaiQX:vh7cNaIXxwstXb+0kKbJ1l
                                          MD5:D06FF4898FA4B70F70844C78C74E85F1
                                          SHA1:343AACAE98E528494912A7795CFDA3320598B8B9
                                          SHA-256:7075C56053C9821ACF183DBB7CF38F0EB58DED5773450E7FC5D015DAF9885A11
                                          SHA-512:ADD667D77284908B8DE405827BA3BFA0D56A8E19DEC93D4E3B5CB6731001D86AA65899CEC389DDC0D50D40A95DFBFEF10838C3BB3E565330EE72F7E5C43A1AC1
                                          Malicious:false
                                          Preview:....&BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3767945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+o3+RncW1oGSCAJdFuTFqUW6YaGaAbCC0mXuZLc6TAdWf+a3VWHilOI7HUSutZN7jjBKd4Xi34zSVDgDggvk4iE7SFOUe0to/ca2Z9NKMxb3353s+Xz5MJEyQlwFGH9Q4NPsSG7/Mg0OzIizAAoQKAb68INGxcqMD8b8cjATmbZA8J3gaDgCBh+FwkLSt7ItZOvFiz1UWGdFoGeWLVoid0mXBF1tVxiUsnfZrTOYUq+ybxegQgLR7oDn/09U0naczNrckPPeVov9TOq080La20glc39nrbTQ161ERvbKrN6QBMsgiTOHVfZfSTGNbPb7sPb+5dDTy5Pj4SDC6TCZj8jX3zHAoaELBAojh3rXGAdRcmlzljl/F2zoyuFBIUzr1kW7W1ersVw2uiPbjdETQ6f6PzQr5AIUQSnGkCAK4eY8TDM6HLdxH8VjohD4l8UWF3Y9XOks322TYQmhq7J/I5qw0+ibgaYj2D0vvNSxCuIJMAcBjJAiV3jSfyJZCI7hs3VWZSRjobGr+J4EqQa3vtIovMi1uA9KKefV9pM81NjK5N2TORH5BQe9Np+dJNRjevW/vXAW4n+oqu76r1jaC4FKAy9+Xb5xIFPlpZDNzVhz/6/ct6Hct8kU9B96g6Gv3o9/8jKq///viYVNKvcp+tGhn40YSm6uaOjATydJjaZqudEoej2VEh/hMKMwBMZNV2DvJuxJfXP9Vxyc06+ZH2XLctB6KM125+jdQ7UtY9dujxJcJ6P5ONGgAQohAe9Jqk8wYOnC5u/cDvlnwhGVt8QSnkPqM+ce4mLoqavVr1W6M2pkmSIpauEh0cez8hN+5N/u78l15yvzNT5

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):512
                                          Entropy (8bit):5.227528201570055
                                          Encrypted:false
                                          SSDEEP:12:PIv4Yebn9GFUt82t1/+285LYebn95Z9lkAMWf0nknMWfr1K2kWSh:i4Yeb9ig8KgLYeb9zWXFkIh
                                          MD5:3AE68CF0F8C40B113073D2B69BEC146D
                                          SHA1:D3AC3F7F8BE1E12577AE88B8076821749BFE93E1
                                          SHA-256:2EEF640F4113781D225E83C4EEF3E0FD92A73FB7D0133054FDF93D5AE4EFF20A
                                          SHA-512:0A1A3512B80A1A89CD932D7F26464D5EA9B1CCE3B92C2A01CE2A0CDC3139BE1223D8F3EB48EB827BB6B520671ED89BD0121342FACC6B0040CF4E6873116B5580
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.032 1e10 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/05-20:56:57.034 1e10 Recovering log #3.2024/09/05-20:56:57.035 1e10 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/09/05-20:57:04.352 1dc8 Level-0 table #5: started.2024/09/05-20:57:04.416 1dc8 Level-0 table #5: 636529 bytes OK.2024/09/05-20:57:04.417 1dc8 Delete type=0 #3.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):512
                                          Entropy (8bit):5.227528201570055
                                          Encrypted:false
                                          SSDEEP:12:PIv4Yebn9GFUt82t1/+285LYebn95Z9lkAMWf0nknMWfr1K2kWSh:i4Yeb9ig8KgLYeb9zWXFkIh
                                          MD5:3AE68CF0F8C40B113073D2B69BEC146D
                                          SHA1:D3AC3F7F8BE1E12577AE88B8076821749BFE93E1
                                          SHA-256:2EEF640F4113781D225E83C4EEF3E0FD92A73FB7D0133054FDF93D5AE4EFF20A
                                          SHA-512:0A1A3512B80A1A89CD932D7F26464D5EA9B1CCE3B92C2A01CE2A0CDC3139BE1223D8F3EB48EB827BB6B520671ED89BD0121342FACC6B0040CF4E6873116B5580
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.032 1e10 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/05-20:56:57.034 1e10 Recovering log #3.2024/09/05-20:56:57.035 1e10 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/09/05-20:57:04.352 1dc8 Level-0 table #5: started.2024/09/05-20:57:04.416 1dc8 Level-0 table #5: 636529 bytes OK.2024/09/05-20:57:04.417 1dc8 Delete type=0 #3.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:OpenPGP Secret Key
                                          Category:dropped
                                          Size (bytes):103
                                          Entropy (8bit):5.287315490441997
                                          Encrypted:false
                                          SSDEEP:3:scoBAIxQRDKIVjGtCSluhFhinvsD8xFxN3erkEtl:scoBY7j6CSluGvlxFDkHl
                                          MD5:BBF990808A624C34FC58008F69BE5414
                                          SHA1:8E91249954C47ED58AFAA34373006A9A907A8B87
                                          SHA-256:2E9DF06E07493794BAE755C1954FDC37401D757916EBFBAA7F0EE64A8FD16E9E
                                          SHA-512:9F6863BCEE0782B211E95986AEDB74E0563A24D7FE448A7CA56EC94CD489A5BE0999757C25CB75DB6789759DCB81C20236EFB96945165E15E3D139CA4836B844
                                          Malicious:false
                                          Preview:.|.."....leveldb.BytewiseComparator..........7...............&.BLOOM_FILTER:.........DB_VERSION........

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.6146164793382022
                                          Encrypted:false
                                          SSDEEP:12:TLs9pRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWbEDZ2zzMAR:TLapR+DDNzWjJ0npnyXKUO8+jsXpm9mL
                                          MD5:CEFAE135F316B20ACF1CA5B93C406912
                                          SHA1:64B14542BD260A640D14B43BC2300190A54E8CE5
                                          SHA-256:13BA04FAEA77A32A1DCEAE69613652425DF8BD398D37B5B6BEA840EE626BC31F
                                          SHA-512:950372229B1090A711F65F82A5D24AE5DC5150A1D80FFDEC775346E8F75DC18AB71440F9C3C8AFD501CE59F3CDC4CAE8880A3944A01D88DBA30D10B45FEC4C79
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):375520
                                          Entropy (8bit):5.354149607689512
                                          Encrypted:false
                                          SSDEEP:6144:mA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:mFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                          MD5:DF0248C463B1F721B1A4AF388FB1B8EB
                                          SHA1:3C154494631A1E04E7CFAFB32F09020098D2CAEE
                                          SHA-256:98F69D82D0A087B5DDE2FD73BA7B9FCEA7F41E7315DDE6A17BFB745653611D07
                                          SHA-512:A366DB1428AF1CEF247CA4BFC05AA9CAB87E5B7C8711B0CCD5FC994B664D157E09847C8C6DF2244A1096C89CFF4E35C6954E320F0F15DCCBA3D3447E40FBBABA
                                          Malicious:false
                                          Preview:...m.................DB_VERSION.1....q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13370057822280539..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):5.166365980250582
                                          Encrypted:false
                                          SSDEEP:6:PIdAFQvFB1923oH+Tcwtk2WwnvB2KLllIdgJq2P923oH+Tcwtk2WwnvIFUv:P/FQOYebkxwnvFLnVv4YebkxwnQFUv
                                          MD5:2B66C48061185A40B91B867A3216BADB
                                          SHA1:60036C1E6014C7625ADE70172D900688A4C1D0DD
                                          SHA-256:9477AE5A2581D4DDD4CE624EC33E9AF6F0218E0EB03F408BFA06C229AC93B25A
                                          SHA-512:BF0B1905B6E2BA16D79653B16EC356E32D76FA44CA7266E927F4D5C1337AF132C160145A2580A7E8BA009F4DE7EA444A4310F8C9ED5BBFEF51A3D7C961AB7FFA
                                          Malicious:false
                                          Preview:2024/09/05-20:57:01.521 23b0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/05-20:57:01.619 23b0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:OpenPGP Secret Key
                                          Category:dropped
                                          Size (bytes):41
                                          Entropy (8bit):4.704993772857998
                                          Encrypted:false
                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                          Malicious:false
                                          Preview:.|.."....leveldb.BytewiseComparator......

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:modified
                                          Size (bytes):358860
                                          Entropy (8bit):5.324625683024354
                                          Encrypted:false
                                          SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R5:C1gAg1zfvB
                                          MD5:5B27B7B190520B5D86549124F5D6FA9B
                                          SHA1:DF0274C314298072F0145C309E689021FBD21BAB
                                          SHA-256:9F782A68F1F0B33CDFEF684DE60DFE662CECA881FC64134DCC6169C7EFC051C0
                                          SHA-512:612A40BBAC04E0B291DA63F763C0040108B666B2999A7391CCD4AE23FF361FE16550FBEB8660170E39CE472D478DA716227EAB3E7F36C5B2F5877DD27300D1FC
                                          Malicious:false
                                          Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):418
                                          Entropy (8bit):1.8784775129881184
                                          Encrypted:false
                                          SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                          MD5:BF097D724FDF1FCA9CF3532E86B54696
                                          SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                          SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                          SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                          Malicious:false
                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):324
                                          Entropy (8bit):5.1714893656711896
                                          Encrypted:false
                                          SSDEEP:6:PIX1N+q2P923oH+Tcwt8aPrqIFUt82IcHZZmw+2IcHNVkwO923oH+Tcwt8amLJ:P4+v4YebL3FUt82ZHZ/+2ZHz5LYebQJ
                                          MD5:8586F7816CF6D9BAF9764EBCE2D3DEA1
                                          SHA1:A58F31B25EF4DD58043F31C889BECED193AB85CD
                                          SHA-256:38E24B710A600467105F124E943B7D3DAE52E0A00F29D0898F2EB410696ADB24
                                          SHA-512:AB6B4AC65BCC26AB61218113D7D7D3D19FC7B1662390696D886E91D98B52B2B11D171739DBDD0DC1C3B35FE6F9CBD2C5F73B1D191524247D81FA3C9C8D43C8CD
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.140 1e08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/09/05-20:56:57.145 1e08 Recovering log #3.2024/09/05-20:56:57.145 1e08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):324
                                          Entropy (8bit):5.1714893656711896
                                          Encrypted:false
                                          SSDEEP:6:PIX1N+q2P923oH+Tcwt8aPrqIFUt82IcHZZmw+2IcHNVkwO923oH+Tcwt8amLJ:P4+v4YebL3FUt82ZHZ/+2ZHz5LYebQJ
                                          MD5:8586F7816CF6D9BAF9764EBCE2D3DEA1
                                          SHA1:A58F31B25EF4DD58043F31C889BECED193AB85CD
                                          SHA-256:38E24B710A600467105F124E943B7D3DAE52E0A00F29D0898F2EB410696ADB24
                                          SHA-512:AB6B4AC65BCC26AB61218113D7D7D3D19FC7B1662390696D886E91D98B52B2B11D171739DBDD0DC1C3B35FE6F9CBD2C5F73B1D191524247D81FA3C9C8D43C8CD
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.140 1e08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/09/05-20:56:57.145 1e08 Recovering log #3.2024/09/05-20:56:57.145 1e08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):418
                                          Entropy (8bit):1.8784775129881184
                                          Encrypted:false
                                          SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                          MD5:BF097D724FDF1FCA9CF3532E86B54696
                                          SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                          SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                          SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                          Malicious:false
                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):328
                                          Entropy (8bit):5.170595708913938
                                          Encrypted:false
                                          SSDEEP:6:PI41Uo3+q2P923oH+Tcwt865IFUt82I4wHZmw+2I46FNVkwO923oH+Tcwt86+ULJ:Pp/Ov4Yeb/WFUt82pwH/+2p25LYeb/+e
                                          MD5:B499F3A6BD4E567B18B138CA308361E1
                                          SHA1:55AA65D02F0798F13943DA6AB42A827343E189B4
                                          SHA-256:832AE09F470EFB5AAF56CE381C36E3049C2B818C7448060C00AD16250A11370C
                                          SHA-512:BAE9BF40EE413FFE4404A850D9A0579054C1B8019D844B8DE70BB138BBC2697C39EBAF819F96D8A7C070719CFC5DFD1934C9CD7996956FEA5A06D7B2F525C65A
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.208 1e08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/09/05-20:56:57.209 1e08 Recovering log #3.2024/09/05-20:56:57.210 1e08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):328
                                          Entropy (8bit):5.170595708913938
                                          Encrypted:false
                                          SSDEEP:6:PI41Uo3+q2P923oH+Tcwt865IFUt82I4wHZmw+2I46FNVkwO923oH+Tcwt86+ULJ:Pp/Ov4Yeb/WFUt82pwH/+2p25LYeb/+e
                                          MD5:B499F3A6BD4E567B18B138CA308361E1
                                          SHA1:55AA65D02F0798F13943DA6AB42A827343E189B4
                                          SHA-256:832AE09F470EFB5AAF56CE381C36E3049C2B818C7448060C00AD16250A11370C
                                          SHA-512:BAE9BF40EE413FFE4404A850D9A0579054C1B8019D844B8DE70BB138BBC2697C39EBAF819F96D8A7C070719CFC5DFD1934C9CD7996956FEA5A06D7B2F525C65A
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.208 1e08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/09/05-20:56:57.209 1e08 Recovering log #3.2024/09/05-20:56:57.210 1e08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1254
                                          Entropy (8bit):1.8784775129881184
                                          Encrypted:false
                                          SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                          MD5:826B4C0003ABB7604485322423C5212A
                                          SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                          SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                          SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                          Malicious:false
                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):324
                                          Entropy (8bit):5.193728993468792
                                          Encrypted:false
                                          SSDEEP:6:PI8s+q2P923oH+Tcwt8NIFUt82I8XFrWZmw+2I8XFuVkwO923oH+Tcwt8+eLJ:Pts+v4YebpFUt82tJW/+2t0V5LYebqJ
                                          MD5:5C4052C529B552710BEF45C90A9936E6
                                          SHA1:1381A62DE05565F94C397F1F94B2B5FB14565AFE
                                          SHA-256:F2615501DE86F6AF1B3C4D9FB7A24DFB5C741C66B5E7713C1BF45BC319D80EE0
                                          SHA-512:8F27EBB49C98C27135420E07CF71C62DE4AE64A7F66E2BEFA587FD5E5587DF41C0B50072B1D4066997A8C3CDBFC917126B17F944FAD0F644322973E5E05B9C05
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.679 1dcc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/05-20:56:57.680 1dcc Recovering log #3.2024/09/05-20:56:57.680 1dcc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):324
                                          Entropy (8bit):5.193728993468792
                                          Encrypted:false
                                          SSDEEP:6:PI8s+q2P923oH+Tcwt8NIFUt82I8XFrWZmw+2I8XFuVkwO923oH+Tcwt8+eLJ:Pts+v4YebpFUt82tJW/+2t0V5LYebqJ
                                          MD5:5C4052C529B552710BEF45C90A9936E6
                                          SHA1:1381A62DE05565F94C397F1F94B2B5FB14565AFE
                                          SHA-256:F2615501DE86F6AF1B3C4D9FB7A24DFB5C741C66B5E7713C1BF45BC319D80EE0
                                          SHA-512:8F27EBB49C98C27135420E07CF71C62DE4AE64A7F66E2BEFA587FD5E5587DF41C0B50072B1D4066997A8C3CDBFC917126B17F944FAD0F644322973E5E05B9C05
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.679 1dcc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/05-20:56:57.680 1dcc Recovering log #3.2024/09/05-20:56:57.680 1dcc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):429
                                          Entropy (8bit):5.809210454117189
                                          Encrypted:false
                                          SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                          MD5:5D1D9020CCEFD76CA661902E0C229087
                                          SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                          SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                          SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                          Malicious:false
                                          Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):2.4410596525987054
                                          Encrypted:false
                                          SSDEEP:96:0BCyFzRunelS9nsH4/AztcyuuoKw/OR8p:mN1APsHXzCyPo1/Oa
                                          MD5:9069A30E74595C9A57C8625B10D14F11
                                          SHA1:2953E1DA33E281A1FB363A0EBBC22AC83639F893
                                          SHA-256:605D1B994907AAA88B610DDA2E008952CB16A04D5AC24081802565F074EBA4CA
                                          SHA-512:AF9E8F03D5A081A5731763B22C15B5F92CFDBEE45C1938E9325666A0702EBEDB728BF629591A4570332855B54F8EB7CEB27A8554A1B6EBE5100B0A29F19E9F8A
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):155648
                                          Entropy (8bit):0.6758269952294969
                                          Encrypted:false
                                          SSDEEP:96:UR5ES8WyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kEm0YRM:UHr1hH+bDo3iN0Z2TVJkXBBE3ybJe
                                          MD5:462CF07C667C27A2323C18F889BEF632
                                          SHA1:FB823FA001C215AAED20A822A630456EE7504D50
                                          SHA-256:C52FB8880B223B9BFBC49CE710ABD64A4817B4A4F51B0F7DD1807B4FBD452D8B
                                          SHA-512:8A6B6EC59408F0749D1A86FF5B4DCD4C0C5139D64CAC791AAB6A78C9D64647562432C895846F5EC1BD3686B35E8B8C37F88E39031AB40743A3D1704D5375E1ED
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8720
                                          Entropy (8bit):0.21801331613199856
                                          Encrypted:false
                                          SSDEEP:3:bvtFlljq7A/mhWJFuQ3yy7IOWUF94dweytllrE9SFcTp4AGbNCV9RUI+:g75fOTud0Xi99pEYI
                                          MD5:8811E1567CACDA33C5D931F1A0E5AC1F
                                          SHA1:466FE770008FC35872790B2449254CDE148698B7
                                          SHA-256:4B24743B02F1D911296177FFA6BB555774CE829D56C41063BEB30FAD0566137C
                                          SHA-512:E32BAB2B768D47AA50348A51523BAD5C84B5185BD3A2486A897AEE8E8AC88134446AEEE20AE09E4E8F91DC5D3F3246CAA3768E3194964363DA1BA0BCFFB7ED82
                                          Malicious:false
                                          Preview:..............$r...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):115717
                                          Entropy (8bit):5.183660917461099
                                          Encrypted:false
                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                          Malicious:false
                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):3.6478159536749155
                                          Encrypted:false
                                          SSDEEP:384:aj9P0SQkQerkjlxP/KbtLcg773pLIRKToaA9gam6Iqhf:adFe2mlxP/Ng7WRKcca9
                                          MD5:FDCF230194D35AD103900CD54684264F
                                          SHA1:F2DC76F880CAA3757F7ED9BB767265BB9400E6C0
                                          SHA-256:B989FF77C56FC9C093AD35D0F8938044CD1A8CA329C978967391CE1BAEEF4E5C
                                          SHA-512:F1BF7D5C2CE3C21CCD1A39A340895ACB00068DD1FA133A6D794443B7CE2A57EDF93EBF8CAC632247302924C1A8EC5AC6A33E5658BE079857E8DF740D1C8AD49B
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):408
                                          Entropy (8bit):5.262785458687401
                                          Encrypted:false
                                          SSDEEP:12:P1qv4Yeb8rcHEZrELFUt821j/+21U5LYeb8rcHEZrEZSJ:NQ4Yeb8nZrExg8eReLYeb8nZrEZe
                                          MD5:D52C98B89F0E8CD348C06FD8E7EEB2EF
                                          SHA1:A53075ED5AF9A863356DA47DAD55881F4BAAD2C3
                                          SHA-256:7139A5B71F84C498D4E927637C22035D09C40FABCC10B404681C06E198C4E313
                                          SHA-512:7052189F9ABCD7E6A25EA48AEFC553F560168BBB0ED50059A3A1013A2806DF2E6D59808424162E2950218E26AFEFFCA3086CD26A6D375AE846D8F0A16FA5FCEE
                                          Malicious:false
                                          Preview:2024/09/05-20:56:59.552 1dc8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/05-20:56:59.552 1dc8 Recovering log #3.2024/09/05-20:56:59.553 1dc8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):408
                                          Entropy (8bit):5.262785458687401
                                          Encrypted:false
                                          SSDEEP:12:P1qv4Yeb8rcHEZrELFUt821j/+21U5LYeb8rcHEZrEZSJ:NQ4Yeb8nZrExg8eReLYeb8nZrEZe
                                          MD5:D52C98B89F0E8CD348C06FD8E7EEB2EF
                                          SHA1:A53075ED5AF9A863356DA47DAD55881F4BAAD2C3
                                          SHA-256:7139A5B71F84C498D4E927637C22035D09C40FABCC10B404681C06E198C4E313
                                          SHA-512:7052189F9ABCD7E6A25EA48AEFC553F560168BBB0ED50059A3A1013A2806DF2E6D59808424162E2950218E26AFEFFCA3086CD26A6D375AE846D8F0A16FA5FCEE
                                          Malicious:false
                                          Preview:2024/09/05-20:56:59.552 1dc8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/05-20:56:59.552 1dc8 Recovering log #3.2024/09/05-20:56:59.553 1dc8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):336
                                          Entropy (8bit):5.172130938223715
                                          Encrypted:false
                                          SSDEEP:6:PIVQyq2P923oH+Tcwt8a2jMGIFUt82I7FCG1Zmw+2I5FaSSQRkwO923oH+Tcwt8N:PMVv4Yeb8EFUt821G1/+2YFaVI5LYebw
                                          MD5:716D88218931339DA0AD0B4696AC87F9
                                          SHA1:4048196D52B4FBC67F2BC6DD743A5CCB542F8460
                                          SHA-256:FB02DF39B83CC058918A5B325ADDA0D019F87B91F8D179C8A5A918C9C45263DB
                                          SHA-512:1BA18EFF93A546B847A9AE9CF72C222C5894A05CEAA4943C41B623451787CC8C75477858FBA2E5C8898DBF4F4B5994753397FA82ADC100DEAD2D4AB3E7D3E869
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.934 1f30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/05-20:56:57.935 1f30 Recovering log #3.2024/09/05-20:56:57.937 1f30 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):336
                                          Entropy (8bit):5.172130938223715
                                          Encrypted:false
                                          SSDEEP:6:PIVQyq2P923oH+Tcwt8a2jMGIFUt82I7FCG1Zmw+2I5FaSSQRkwO923oH+Tcwt8N:PMVv4Yeb8EFUt821G1/+2YFaVI5LYebw
                                          MD5:716D88218931339DA0AD0B4696AC87F9
                                          SHA1:4048196D52B4FBC67F2BC6DD743A5CCB542F8460
                                          SHA-256:FB02DF39B83CC058918A5B325ADDA0D019F87B91F8D179C8A5A918C9C45263DB
                                          SHA-512:1BA18EFF93A546B847A9AE9CF72C222C5894A05CEAA4943C41B623451787CC8C75477858FBA2E5C8898DBF4F4B5994753397FA82ADC100DEAD2D4AB3E7D3E869
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.934 1f30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/05-20:56:57.935 1f30 Recovering log #3.2024/09/05-20:56:57.937 1f30 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\MediaDeviceSalts

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 6, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):24576
                                          Entropy (8bit):0.4041342921984993
                                          Encrypted:false
                                          SSDEEP:24:TLiCwbvwsw9VwLwcORslcDw3wJ6UwccI5fB5Isxde:TxKX0wxORAmA/U1cEB5Isxde
                                          MD5:601C2E8724059C231E9199F973EE0CCD
                                          SHA1:743B66D5B39C0B691356BB12B481A27F4D6F3DA5
                                          SHA-256:FBD11DC3143DEC89FEAAAD5FD0D11BE79F6BB1966441A8145CA8A483AEF0E82A
                                          SHA-512:D6ED27CDFFA0AEB030173FB8267983C9ADEE78AB0C3B5895C513CC6F5649E539633AF3705B20C142ACC472397127C936346E194A2F66ADDFF0134FF4B4EAE173
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...p."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0bc54714-f41a-423e-bcfe-fc235a53d6dd.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):188
                                          Entropy (8bit):5.3031978933892345
                                          Encrypted:false
                                          SSDEEP:3:YWRAWNjYtpVIVlPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZ6bp7a:YWyWNs0lBv31dB8wXwlmUUAnIMp5k97a
                                          MD5:808465487BD6D7B997778A0E90C71D0B
                                          SHA1:3E180538F84836B4333A8203FAD08E0B138099A7
                                          SHA-256:AC147450169F1267CDF98AC18DF3AE63323D503CD83625F893A0B4F84EE48A66
                                          SHA-512:93A8569FA50883AD29AB20C5693275E226B5639E1FE982FCFCCA7D8C568554F430F02DD62F52B4D3FFFB1646451A393D405AB2CA33DF7A0A8A043BB6038AB93B
                                          Malicious:false
                                          Preview:{"sts":[{"expiry":1757120288.003758,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725584288.003764}],"version":2}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\125e1b3c-4503-4543-9d5f-e27606ce4a4a.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6a73de34-1822-483c-9dca-ca9f653e1e57.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7b093822-6887-40dd-ba27-0739bb832bb3.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2917
                                          Entropy (8bit):5.317583206000029
                                          Encrypted:false
                                          SSDEEP:48:YcgCzsH1tstfc7leeEsVVgsNJC5sfaZkEs94RsRT+HQsNYsv+HGRCbx9+:Fe22kexV1J3aZkR4m4FP4GwV9+
                                          MD5:085938D85ACCA5C31F565A3237881FC9
                                          SHA1:266872D4AA2609248ACD96AB6CEA07872E723F77
                                          SHA-256:2E8935B33C016DB5F9893A4CF07A1928D71A460FF1067143220FFEEC0749D222
                                          SHA-512:ABECE8B05D432C8B4C95A1B948EDE6C9A9D0C8CB474A25692972F65F231E6795EAA556D10653B0AE70CE00095BD0D70E76894E0DAC33EFDAC7FCBEBAEA357DF7
                                          Malicious:false
                                          Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649819273606","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649821162796","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649823035760","port":443,"protocol_str":"quic"}],"anonymizatio

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):1.0855273173290139
                                          Encrypted:false
                                          SSDEEP:48:T2dKLopF+SawLUO1Xj8Bnj89pQ50m3AwpBrOFyPr:ige+AuB0m3AwbVr
                                          MD5:358555042CBD5C636D06E35FBC118ECF
                                          SHA1:E2FDDB01027D5DFCA2A811B3C2A13EE16D74DCE1
                                          SHA-256:201627957B707E9A87F6D38288A5DAECD2224F4AC178C151B21E7EA61AA899C1
                                          SHA-512:C87475F5E9FDE61F2E33B37CB9E4AFA4B8A1BCB70755FE8372D7CC431B6D0F895B09456C8AE803F5E7DE8E69C92F640B32142CE204159D715B744EFB26094D0A
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2917
                                          Entropy (8bit):5.317745391597062
                                          Encrypted:false
                                          SSDEEP:48:YcgCzsH1tstfc7leeEsVVgsNJC5sfaZkEs94RsRT+HQsNYsv+HGRCbxo+:Fe22kexV1J3aZkR4m4FP4GwVo+
                                          MD5:9C1362F9FBFA0725552629953ACC34D4
                                          SHA1:3F845665AFDBAE59281D1059B05835A31BFAB9F6
                                          SHA-256:577F3B6E56E8DEFB27DF98C8650B4E1A281FD3E107472B134A2092212717B67B
                                          SHA-512:F98A2E581BBE73E1BF37925EA02514D3B72DA14ABCA4A9FDDAC889C70E2E4A200F389BCD1E7DBDC48502A403A2F3FD8235D9DD9383D5EC6373BD9B40AF878865
                                          Malicious:false
                                          Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649819273606","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649821162796","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649823035760","port":443,"protocol_str":"quic"}],"anonymizatio

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4a47a.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2917
                                          Entropy (8bit):5.317745391597062
                                          Encrypted:false
                                          SSDEEP:48:YcgCzsH1tstfc7leeEsVVgsNJC5sfaZkEs94RsRT+HQsNYsv+HGRCbxo+:Fe22kexV1J3aZkR4m4FP4GwVo+
                                          MD5:9C1362F9FBFA0725552629953ACC34D4
                                          SHA1:3F845665AFDBAE59281D1059B05835A31BFAB9F6
                                          SHA-256:577F3B6E56E8DEFB27DF98C8650B4E1A281FD3E107472B134A2092212717B67B
                                          SHA-512:F98A2E581BBE73E1BF37925EA02514D3B72DA14ABCA4A9FDDAC889C70E2E4A200F389BCD1E7DBDC48502A403A2F3FD8235D9DD9383D5EC6373BD9B40AF878865
                                          Malicious:false
                                          Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649819273606","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649821162796","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649823035760","port":443,"protocol_str":"quic"}],"anonymizatio

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                          Category:dropped
                                          Size (bytes):36864
                                          Entropy (8bit):1.330705200933492
                                          Encrypted:false
                                          SSDEEP:96:uIEumQv8m1ccnvS6sDo2dQF2YQ9UZT1BRVkI:uIEumQv8m1ccnvS6Z282rUZTfd
                                          MD5:0EE572CBD8F0A6322D2B13B4C0B71277
                                          SHA1:62B168460BD96DC1B70835D8DE27C07911402D3E
                                          SHA-256:3AD16075D732D969106CF04F370D0115193905363B40C89C39437837775455EF
                                          SHA-512:5A6B440F1521B72B4E44E6CA84A8A9EE480695B2E6BBA84BCE669104CF83425148AC79A8377C697E131D936D3607B86F6180EF7F021E534A45307C0254DB0DDE
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3274f.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF341dc.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF348b2.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):40
                                          Entropy (8bit):4.1275671571169275
                                          Encrypted:false
                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                          MD5:20D4B8FA017A12A108C87F540836E250
                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                          Malicious:false
                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):188
                                          Entropy (8bit):5.27239674966054
                                          Encrypted:false
                                          SSDEEP:3:YWRAWNjYtIcdCs7TPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZwR/:YWyWNs2cAs7TBv31dB8wXwlmUUAnIMpU
                                          MD5:3F47606D4272854B8B9A2AD5239A71F4
                                          SHA1:CF564B2CED3ED22E7564BCCB90FABFB4DF4BE3D7
                                          SHA-256:A38C157389D2896C030D0BD9F4E139F1D8BBF0CEC6D665125F1C35ADFA445BD3
                                          SHA-512:7E67AC0E1350B661E5E6B6AD48218108CDBE3B5C3FE515D70432370D02EE3EE27BC0191AA9C7E832671092FB38F8725E6DA1A9B78A0D354ADE413FDD0BD3C452
                                          Malicious:false
                                          Preview:{"sts":[{"expiry":1757120227.980697,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725584227.980702}],"version":2}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF45456.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):188
                                          Entropy (8bit):5.27239674966054
                                          Encrypted:false
                                          SSDEEP:3:YWRAWNjYtIcdCs7TPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZwR/:YWyWNs2cAs7TBv31dB8wXwlmUUAnIMpU
                                          MD5:3F47606D4272854B8B9A2AD5239A71F4
                                          SHA1:CF564B2CED3ED22E7564BCCB90FABFB4DF4BE3D7
                                          SHA-256:A38C157389D2896C030D0BD9F4E139F1D8BBF0CEC6D665125F1C35ADFA445BD3
                                          SHA-512:7E67AC0E1350B661E5E6B6AD48218108CDBE3B5C3FE515D70432370D02EE3EE27BC0191AA9C7E832671092FB38F8725E6DA1A9B78A0D354ADE413FDD0BD3C452
                                          Malicious:false
                                          Preview:{"sts":[{"expiry":1757120227.980697,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725584227.980702}],"version":2}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a04c8cb7-1ddf-4adf-a59b-9e0d355f90b0.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):188
                                          Entropy (8bit):5.27239674966054
                                          Encrypted:false
                                          SSDEEP:3:YWRAWNjYtIcdCs7TPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZwR/:YWyWNs2cAs7TBv31dB8wXwlmUUAnIMpU
                                          MD5:3F47606D4272854B8B9A2AD5239A71F4
                                          SHA1:CF564B2CED3ED22E7564BCCB90FABFB4DF4BE3D7
                                          SHA-256:A38C157389D2896C030D0BD9F4E139F1D8BBF0CEC6D665125F1C35ADFA445BD3
                                          SHA-512:7E67AC0E1350B661E5E6B6AD48218108CDBE3B5C3FE515D70432370D02EE3EE27BC0191AA9C7E832671092FB38F8725E6DA1A9B78A0D354ADE413FDD0BD3C452
                                          Malicious:false
                                          Preview:{"sts":[{"expiry":1757120227.980697,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725584227.980702}],"version":2}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\bc566899-f804-490a-899f-86d9d484cc27.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):40
                                          Entropy (8bit):4.1275671571169275
                                          Encrypted:false
                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                          MD5:20D4B8FA017A12A108C87F540836E250
                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                          Malicious:false
                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d06599ce-4d03-4135-9f28-5db48336c5aa.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d2673b89-1f6d-4088-84b6-cfee6813b393.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2917
                                          Entropy (8bit):5.317745391597062
                                          Encrypted:false
                                          SSDEEP:48:YcgCzsH1tstfc7leeEsVVgsNJC5sfaZkEs94RsRT+HQsNYsv+HGRCbxo+:Fe22kexV1J3aZkR4m4FP4GwVo+
                                          MD5:9C1362F9FBFA0725552629953ACC34D4
                                          SHA1:3F845665AFDBAE59281D1059B05835A31BFAB9F6
                                          SHA-256:577F3B6E56E8DEFB27DF98C8650B4E1A281FD3E107472B134A2092212717B67B
                                          SHA-512:F98A2E581BBE73E1BF37925EA02514D3B72DA14ABCA4A9FDDAC889C70E2E4A200F389BCD1E7DBDC48502A403A2F3FD8235D9DD9383D5EC6373BD9B40AF878865
                                          Malicious:false
                                          Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649819273606","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649821162796","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372649823035760","port":443,"protocol_str":"quic"}],"anonymizatio

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e5316fed-5a2e-4a0e-9124-22d5bc2e3c98.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.7391107375212417
                                          Encrypted:false
                                          SSDEEP:12:TLSnAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isvhldvd0dtdjiG1d6XfN:TLSOUOq0afDdWec9sJAhvlXI7J5fc
                                          MD5:A74BFDCBFB880F469AD54BEF7B1B0C88
                                          SHA1:0012DD82FEB43839A30557EAF9E8DB2EB7259142
                                          SHA-256:63DFF3D10BF10F8F5326776956AF6DE1463CF0A14792C4451D4A76EFA1BF4BA2
                                          SHA-512:203FC220BF05344052340CCC6F77233669C200FDC6596EEE6F5D1E2203328D7D116BF07DE664D1D60EA2CD96F006406A9F0A2035BFAA86C93A103193E6EA4583
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):12642
                                          Entropy (8bit):5.206250452572271
                                          Encrypted:false
                                          SSDEEP:192:stQ+J99QTryDigabatSuyHsoPtsZihUk03i8ybV+FUsQA66WgaFIMYIPoqYJ:stQ+PGKSugsoFfhLbGTQx6WgaTYrb
                                          MD5:55231BF929DA3275DACEDAEF15BAA73C
                                          SHA1:E1AE86A1F01269AC67E0EFB515FA40AE9A4EA1FE
                                          SHA-256:D4EFA66DEF49D2354FE1D08B0C51D91E136A8D38AFD565E43A1498CD63AEE6D6
                                          SHA-512:DBD7B7DF426E034EA8AD3C055B482E4BA913A5F04F211AF361EDC1937B60098E9B1BFB88FE0959932BE3297EDCAAF7849D928DB0876CF2DBE26EE0BFE36BE34B
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370057817518204","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF36b9c.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):12642
                                          Entropy (8bit):5.206250452572271
                                          Encrypted:false
                                          SSDEEP:192:stQ+J99QTryDigabatSuyHsoPtsZihUk03i8ybV+FUsQA66WgaFIMYIPoqYJ:stQ+PGKSugsoFfhLbGTQx6WgaTYrb
                                          MD5:55231BF929DA3275DACEDAEF15BAA73C
                                          SHA1:E1AE86A1F01269AC67E0EFB515FA40AE9A4EA1FE
                                          SHA-256:D4EFA66DEF49D2354FE1D08B0C51D91E136A8D38AFD565E43A1498CD63AEE6D6
                                          SHA-512:DBD7B7DF426E034EA8AD3C055B482E4BA913A5F04F211AF361EDC1937B60098E9B1BFB88FE0959932BE3297EDCAAF7849D928DB0876CF2DBE26EE0BFE36BE34B
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370057817518204","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3b3ff.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):12642
                                          Entropy (8bit):5.206250452572271
                                          Encrypted:false
                                          SSDEEP:192:stQ+J99QTryDigabatSuyHsoPtsZihUk03i8ybV+FUsQA66WgaFIMYIPoqYJ:stQ+PGKSugsoFfhLbGTQx6WgaTYrb
                                          MD5:55231BF929DA3275DACEDAEF15BAA73C
                                          SHA1:E1AE86A1F01269AC67E0EFB515FA40AE9A4EA1FE
                                          SHA-256:D4EFA66DEF49D2354FE1D08B0C51D91E136A8D38AFD565E43A1498CD63AEE6D6
                                          SHA-512:DBD7B7DF426E034EA8AD3C055B482E4BA913A5F04F211AF361EDC1937B60098E9B1BFB88FE0959932BE3297EDCAAF7849D928DB0876CF2DBE26EE0BFE36BE34B
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370057817518204","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4292f.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):12642
                                          Entropy (8bit):5.206250452572271
                                          Encrypted:false
                                          SSDEEP:192:stQ+J99QTryDigabatSuyHsoPtsZihUk03i8ybV+FUsQA66WgaFIMYIPoqYJ:stQ+PGKSugsoFfhLbGTQx6WgaTYrb
                                          MD5:55231BF929DA3275DACEDAEF15BAA73C
                                          SHA1:E1AE86A1F01269AC67E0EFB515FA40AE9A4EA1FE
                                          SHA-256:D4EFA66DEF49D2354FE1D08B0C51D91E136A8D38AFD565E43A1498CD63AEE6D6
                                          SHA-512:DBD7B7DF426E034EA8AD3C055B482E4BA913A5F04F211AF361EDC1937B60098E9B1BFB88FE0959932BE3297EDCAAF7849D928DB0876CF2DBE26EE0BFE36BE34B
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370057817518204","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000001.dbtmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:modified
                                          Size (bytes):402
                                          Entropy (8bit):5.682356243507244
                                          Encrypted:false
                                          SSDEEP:6:iptA86ntFgj6GEvZdOE6GEiL6IX6GEXCXrDVRR6GE2afRU72EASJKSIpO6gfK/bJ:T86ntFJThwTQqTSvbcTle72EAaIM6Ak
                                          MD5:D41E0DBE362B6EC9D2E2835985040679
                                          SHA1:0682571F5C2D8BF780DF37F296D0615224EB77D3
                                          SHA-256:67D1F600AA6B5F6104F20A16BBFBBD9BEA0FAA348E3023874E75815AE129A70E
                                          SHA-512:E30C72DF671418ADF2D7254EB56C2F5DE50129A8714DA2165908B34E6C503A47E8BA8F75058B21677E81DDCDFC79DB1A862497920A5DA67465E1C2A2363B67C9
                                          Malicious:false
                                          Preview:...m.................DB_VERSION.1....j...............(QUERY_TIMESTAMP:product_category_en1.*.*.13370057828094533..QUERY:product_category_en1.*.*..[{"name":"product_category_en","url":"https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories","version":{"major":1,"minor":0,"patch":0},"hash":"r2jWYy3aqoi3+S+aPyOSfXOCPeLSy5AmAjNHvYRv9Hg=","size":82989}]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\CURRENT (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):309
                                          Entropy (8bit):5.177883678090514
                                          Encrypted:false
                                          SSDEEP:6:PIdu2Xndms1923oH+TcwtgctZQInvB2KLllIdg3+q2P923oH+TcwtgctZQInvIF2:PrLBYebgGZznvFLnMv4YebgGZznQFUv
                                          MD5:46B9934AB2D3E5CD51E79F50E618CCAA
                                          SHA1:855AB42A7D5C785F6525D6B131AD570D41F0C6B2
                                          SHA-256:DC7D95D03E3F150147CA608DF164CBC498DBE6B199A4CEEC732010C214D655F5
                                          SHA-512:FC521E48D440CF9429038162EE3C03AAA931F54220103F436BA6C4709EFBBF7DE1F3D1DF86403779E5ACFC2B83858C360C00CE00F031952D20F942755662C562
                                          Malicious:false
                                          Preview:2024/09/05-20:57:07.157 24d8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db since it was missing..2024/09/05-20:57:07.301 24d8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db/MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\MANIFEST-000001

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:OpenPGP Secret Key
                                          Category:dropped
                                          Size (bytes):41
                                          Entropy (8bit):4.704993772857998
                                          Encrypted:false
                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                          Malicious:false
                                          Preview:.|.."....leveldb.BytewiseComparator......

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):35272
                                          Entropy (8bit):5.556991644065754
                                          Encrypted:false
                                          SSDEEP:768:MAxX+tWPUGfDM8F1+UoAYDCx9Tuqh0VfUC9xbog/OVZXUgIrwR/beqKpRtuJ:MAxX+tWPUGfDMu1jaMkgZR/bb0ty
                                          MD5:913A24C194CE9BB0738FB71A626F38FD
                                          SHA1:3E04BB6D52DBAB91B2A7EA45B18FF6D09161B44F
                                          SHA-256:144B96ECDA03BEE290F6C858F182D898616C6BA13D350A2797F3838B2B65400E
                                          SHA-512:8A32D028ED962F7808142CBF8F835F7A8B64A0411171A426B73681C96D392C02A3F595D75AAC0E5E66F65FAFD94A64F4923BCE1CB79CFEED18E9B0F2841E6696
                                          Malicious:false
                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370057816964993","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370057816964993","location":5,"ma

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF365fe.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):35272
                                          Entropy (8bit):5.556991644065754
                                          Encrypted:false
                                          SSDEEP:768:MAxX+tWPUGfDM8F1+UoAYDCx9Tuqh0VfUC9xbog/OVZXUgIrwR/beqKpRtuJ:MAxX+tWPUGfDMu1jaMkgZR/bb0ty
                                          MD5:913A24C194CE9BB0738FB71A626F38FD
                                          SHA1:3E04BB6D52DBAB91B2A7EA45B18FF6D09161B44F
                                          SHA-256:144B96ECDA03BEE290F6C858F182D898616C6BA13D350A2797F3838B2B65400E
                                          SHA-512:8A32D028ED962F7808142CBF8F835F7A8B64A0411171A426B73681C96D392C02A3F595D75AAC0E5E66F65FAFD94A64F4923BCE1CB79CFEED18E9B0F2841E6696
                                          Malicious:false
                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370057816964993","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370057816964993","location":5,"ma

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):440
                                          Entropy (8bit):4.591518233943704
                                          Encrypted:false
                                          SSDEEP:12:S+a8ljljljljlIUqQ++CWQ3qQ7nGz3A/XkAvkAvkAv:Ra0ZZZZIUN+9N7G0Xk8k8k8
                                          MD5:520A4D2D4274633D169A3991F8023189
                                          SHA1:EEEAED1C86349EC4EF9BD7E619F8706D1AB8C2C0
                                          SHA-256:814C75A2364F2617A62B8E37E865A34AA2DAC2E838CE3678D174E1E8308CD46E
                                          SHA-512:01B9F349F9FC73127442BFD15F4C8A3660E9C3A0F8DE95C536502044AF4216BB881B9146938D16D1F844A635C7762BE72DAD92E84B0ED26A4645B1E8B1D4EDC5
                                          Malicious:false
                                          Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............uy..j................next-map-id.1.Knamespace-29f04415_447f_490f_888c_1c1caca24f47-https://accounts.google.com/.0...|k................next-map-id.2.Lnamespace-29f04415_447f_490f_888c_1c1caca24f47-https://accounts.youtube.com/.1. .................. .................. .................. .................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):324
                                          Entropy (8bit):5.1425129646100265
                                          Encrypted:false
                                          SSDEEP:6:PIOVSQyq2P923oH+TcwtrQMxIFUt82IaG1Zmw+2ITVQRkwO923oH+TcwtrQMFLJ:P/VSVv4YebCFUt82fG1/+2QVI5LYebtJ
                                          MD5:31696CDF048E094C8BFC1297641B05C7
                                          SHA1:36B7888626A1784B68A36349879E3D08D7C7624A
                                          SHA-256:21DCC950CB6933D27A38DFBAC938070E79F6202B1074A18A5F4F92B180E0B961
                                          SHA-512:8C3A8AD2422A8E527B1097D02F253B91C9492924DA274F5E346420CE3BFBB9B161D112B707FB5D128EE9E2D3435D569739AD3A09D3A80A635F321D63CB7F5165
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.923 1f30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/05-20:56:57.924 1f30 Recovering log #3.2024/09/05-20:56:57.927 1f30 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):324
                                          Entropy (8bit):5.1425129646100265
                                          Encrypted:false
                                          SSDEEP:6:PIOVSQyq2P923oH+TcwtrQMxIFUt82IaG1Zmw+2ITVQRkwO923oH+TcwtrQMFLJ:P/VSVv4YebCFUt82fG1/+2QVI5LYebtJ
                                          MD5:31696CDF048E094C8BFC1297641B05C7
                                          SHA1:36B7888626A1784B68A36349879E3D08D7C7624A
                                          SHA-256:21DCC950CB6933D27A38DFBAC938070E79F6202B1074A18A5F4F92B180E0B961
                                          SHA-512:8C3A8AD2422A8E527B1097D02F253B91C9492924DA274F5E346420CE3BFBB9B161D112B707FB5D128EE9E2D3435D569739AD3A09D3A80A635F321D63CB7F5165
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.923 1f30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/05-20:56:57.924 1f30 Recovering log #3.2024/09/05-20:56:57.927 1f30 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13370057819465018

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8853
                                          Entropy (8bit):4.116452460637418
                                          Encrypted:false
                                          SSDEEP:192:3kvRx3PwWKOEt3PwWsHe/qq3PwWSt3fR:0vnwWgVwWrnwWStJ
                                          MD5:CE9FBC1186623751E0DFC7AC890CA32B
                                          SHA1:861B15ACFDD5F60160D0A243D45B0B9A15A2823E
                                          SHA-256:5EF53282FA0314C8EF28AC739B47467F1081206F265406042FEF86092C51058F
                                          SHA-512:7FE88B98F5A9CB8F62E1F3E38E8FC0A2500F9A676F6177E7DB8762C96D14509D77BB4746BC74CDFC3D8F0C88ED23F94FC95C030ADAA7B051358C2D37DA4D627A
                                          Malicious:false
                                          Preview:SNSS..........'..............'......"...'..............'..........'..........'..........'....!.....'..................................'...'1..,......'$...29f04415_447f_490f_888c_1c1caca24f47......'..........'..................'......'..........................'....................5..0......'&...{98952893-68FF-4A5D-A164-705C709ED3DB}........'..............'..................'o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium....117.....Google Chrome.......117.........Not;A=Brand.....8.0.0.0.....Chromium....117.0.5938.132......Google Chrome.......117.0.5938.132......117.0.5938.132......Windows.....10.0.0......x86.............64.......................'..................'o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium....117.....Google Chrome.....

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.44194574462308833
                                          Encrypted:false
                                          SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                          MD5:B35F740AA7FFEA282E525838EABFE0A6
                                          SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                          SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                          SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):352
                                          Entropy (8bit):5.135455570805032
                                          Encrypted:false
                                          SSDEEP:6:PI64p+q2P923oH+Tcwt7Uh2ghZIFUt82I6/ZZmw+2I6/NVkwO923oH+Tcwt7Uh2w:PPv4YebIhHh2FUt82zZ/+2zz5LYebIh9
                                          MD5:791DC7E787EDF9B919106CAD983463F0
                                          SHA1:085377CBA76CEE9434325E6CF5AED5DB624EE7E6
                                          SHA-256:3DE82526642FAF8FD2EDED83198A5FD16E51FE80DAAA837D7E4BD6A992513AED
                                          SHA-512:5A5B5616C6D19BF9D2ACA38519D2C835E284888FE89F73239028A84A5A55B37723ACB4547C4FBE933F204F940A956D215792C72E11DAAAEE15369A25F32503CE
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.014 1e08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/05-20:56:57.015 1e08 Recovering log #3.2024/09/05-20:56:57.015 1e08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):352
                                          Entropy (8bit):5.135455570805032
                                          Encrypted:false
                                          SSDEEP:6:PI64p+q2P923oH+Tcwt7Uh2ghZIFUt82I6/ZZmw+2I6/NVkwO923oH+Tcwt7Uh2w:PPv4YebIhHh2FUt82zZ/+2zz5LYebIh9
                                          MD5:791DC7E787EDF9B919106CAD983463F0
                                          SHA1:085377CBA76CEE9434325E6CF5AED5DB624EE7E6
                                          SHA-256:3DE82526642FAF8FD2EDED83198A5FD16E51FE80DAAA837D7E4BD6A992513AED
                                          SHA-512:5A5B5616C6D19BF9D2ACA38519D2C835E284888FE89F73239028A84A5A55B37723ACB4547C4FBE933F204F940A956D215792C72E11DAAAEE15369A25F32503CE
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.014 1e08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/05-20:56:57.015 1e08 Recovering log #3.2024/09/05-20:56:57.015 1e08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):270336
                                          Entropy (8bit):0.0012471779557650352
                                          Encrypted:false
                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):270336
                                          Entropy (8bit):0.0012471779557650352
                                          Encrypted:false
                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):434
                                          Entropy (8bit):5.254987061572623
                                          Encrypted:false
                                          SSDEEP:12:PGVv4YebvqBQFUt82pG1/+24II5LYebvqBvJ:Q4YebvZg8z69LYebvk
                                          MD5:27FDCFC7E2E94BE3475A9A0D3567E6D3
                                          SHA1:DC356CE6881EDB1E7A9FA231DDD6B159FCB981FB
                                          SHA-256:92F7C939A9C8A7F0AC4C8BDAE3BDE29040BFD8BB8629E78CB99E35DD6605762A
                                          SHA-512:8BFBEF3C77812EC2FDC514E9653907D0B6656100485EFE94CCAA093252D88325DA40BBA5796120190B894B632BD51BB370DF7A4BD3E567C2AFE1A092ECF1AB4C
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.947 1f30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/05-20:56:57.948 1f30 Recovering log #3.2024/09/05-20:56:57.951 1f30 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):434
                                          Entropy (8bit):5.254987061572623
                                          Encrypted:false
                                          SSDEEP:12:PGVv4YebvqBQFUt82pG1/+24II5LYebvqBvJ:Q4YebvZg8z69LYebvk
                                          MD5:27FDCFC7E2E94BE3475A9A0D3567E6D3
                                          SHA1:DC356CE6881EDB1E7A9FA231DDD6B159FCB981FB
                                          SHA-256:92F7C939A9C8A7F0AC4C8BDAE3BDE29040BFD8BB8629E78CB99E35DD6605762A
                                          SHA-512:8BFBEF3C77812EC2FDC514E9653907D0B6656100485EFE94CCAA093252D88325DA40BBA5796120190B894B632BD51BB370DF7A4BD3E567C2AFE1A092ECF1AB4C
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.947 1f30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/05-20:56:57.948 1f30 Recovering log #3.2024/09/05-20:56:57.951 1f30 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\2018c95b-4270-4294-a6fc-96371707f8aa.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):40
                                          Entropy (8bit):4.1275671571169275
                                          Encrypted:false
                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                          MD5:20D4B8FA017A12A108C87F540836E250
                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                          Malicious:false
                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\63aa3207-5744-41e1-912c-74109eb92495.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6d4377c1-8e65-4163-9098-a857540139be.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\9e969c7c-cda9-4ced-90a4-6035e190dc63.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:modified
                                          Size (bytes):144
                                          Entropy (8bit):4.842082263530856
                                          Encrypted:false
                                          SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                          MD5:ABE81C38891A875B52127ACE9C314105
                                          SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                          SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                          SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                          Malicious:false
                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):144
                                          Entropy (8bit):4.842082263530856
                                          Encrypted:false
                                          SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                          MD5:ABE81C38891A875B52127ACE9C314105
                                          SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                          SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                          SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                          Malicious:false
                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF341dc.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF348b2.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):40
                                          Entropy (8bit):4.1275671571169275
                                          Encrypted:false
                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                          MD5:20D4B8FA017A12A108C87F540836E250
                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                          Malicious:false
                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                          Category:dropped
                                          Size (bytes):36864
                                          Entropy (8bit):0.3886039372934488
                                          Encrypted:false
                                          SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                          MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                          SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                          SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                          SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ab54686d-032d-4a3b-ad16-d92f5fb33150.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):80
                                          Entropy (8bit):3.4921535629071894
                                          Encrypted:false
                                          SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                          MD5:69449520FD9C139C534E2970342C6BD8
                                          SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                          SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                          SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                          Malicious:false
                                          Preview:*...#................version.1..namespace-..&f.................&f...............

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):422
                                          Entropy (8bit):5.2199810645016
                                          Encrypted:false
                                          SSDEEP:12:P7VVv4YebvqBZFUt822VG1/+2yI5LYebvqBaJ:zn4Yebvyg8yJLYebvL
                                          MD5:AE9D4073DDAA8E4B4F0936038D57384E
                                          SHA1:EF4108EB27695031B20A3925B69292BA581361AB
                                          SHA-256:014D800B49DF940C2352185CAB8541CDF36EA8087B21759829B7CA3B41B5ED6D
                                          SHA-512:C24132FEF73056FA3E87014522EF6C93EB43A8A2FFEA4283623891D4FDBF8E5EE980BA3DB39EDF4ABF4BCF71572AC8AB8A23B3453C1F596AA3051C5372087D03
                                          Malicious:false
                                          Preview:2024/09/05-20:57:14.294 1f30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/05-20:57:14.305 1f30 Recovering log #3.2024/09/05-20:57:14.312 1f30 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):422
                                          Entropy (8bit):5.2199810645016
                                          Encrypted:false
                                          SSDEEP:12:P7VVv4YebvqBZFUt822VG1/+2yI5LYebvqBaJ:zn4Yebvyg8yJLYebvL
                                          MD5:AE9D4073DDAA8E4B4F0936038D57384E
                                          SHA1:EF4108EB27695031B20A3925B69292BA581361AB
                                          SHA-256:014D800B49DF940C2352185CAB8541CDF36EA8087B21759829B7CA3B41B5ED6D
                                          SHA-512:C24132FEF73056FA3E87014522EF6C93EB43A8A2FFEA4283623891D4FDBF8E5EE980BA3DB39EDF4ABF4BCF71572AC8AB8A23B3453C1F596AA3051C5372087D03
                                          Malicious:false
                                          Preview:2024/09/05-20:57:14.294 1f30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/05-20:57:14.305 1f30 Recovering log #3.2024/09/05-20:57:14.312 1f30 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):328
                                          Entropy (8bit):5.2318319276257625
                                          Encrypted:false
                                          SSDEEP:6:PI6qQQ+q2P923oH+TcwtpIFUt82I6sQgZmw+2I6iQQVkwO923oH+Tcwta/WLJ:PGov4YebmFUt82M/+225LYebaUJ
                                          MD5:0DE31C54D2BCE86135E99E0C28A6579D
                                          SHA1:466978C7D1003E2FF066007F71DACC8FE72413FC
                                          SHA-256:A7FDC4E7B5081B74C0F5991C246E0F59C321BEFC165F9B74C49E94DD7B79C53A
                                          SHA-512:566A03D0F046D4B71948D04C8A813B2D880CD693AB89CE88F4FF56617EB244627A9F6129CE0CC6A935A04DCABCF2126F5CCF2256A5386281338BC17A564DA0A9
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.059 1df8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/05-20:56:57.071 1df8 Recovering log #3.2024/09/05-20:56:57.077 1df8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):328
                                          Entropy (8bit):5.2318319276257625
                                          Encrypted:false
                                          SSDEEP:6:PI6qQQ+q2P923oH+TcwtpIFUt82I6sQgZmw+2I6iQQVkwO923oH+Tcwta/WLJ:PGov4YebmFUt82M/+225LYebaUJ
                                          MD5:0DE31C54D2BCE86135E99E0C28A6579D
                                          SHA1:466978C7D1003E2FF066007F71DACC8FE72413FC
                                          SHA-256:A7FDC4E7B5081B74C0F5991C246E0F59C321BEFC165F9B74C49E94DD7B79C53A
                                          SHA-512:566A03D0F046D4B71948D04C8A813B2D880CD693AB89CE88F4FF56617EB244627A9F6129CE0CC6A935A04DCABCF2126F5CCF2256A5386281338BC17A564DA0A9
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.059 1df8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/05-20:56:57.071 1df8 Recovering log #3.2024/09/05-20:56:57.077 1df8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):131072
                                          Entropy (8bit):0.005561402189070063
                                          Encrypted:false
                                          SSDEEP:3:ImtVF+R5I/hXaXI/X+c1t:IiVEYB4
                                          MD5:3A1B68C0678420F1B9EA948A35C7E02E
                                          SHA1:AD2FD897B8AAB76A37144DC2FE7A47B05F9478CC
                                          SHA-256:DDD0E84B803B710BB231C91160C21CD9DF22D173A094D041A265A7F01611F065
                                          SHA-512:7794D2942A0B78F97F005D432F3E193255AE4BF04385398426858288FF8DCBDCF89135F3AAF77F9F897483B3DEC62A500D320E92E0007BC1B46BD94860E91F30
                                          Malicious:false
                                          Preview:VLnk.....?......?......+................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                          Category:dropped
                                          Size (bytes):196608
                                          Entropy (8bit):1.2653278439861795
                                          Encrypted:false
                                          SSDEEP:384:8/2qOB1nxCkMdtSAELyKOMq+8yC8F/YfU5m+OlTLVumz:Bq+n0JH9ELyKOMq+8y9/Owo
                                          MD5:0CB0FBF9A60449674C45D316339DCA80
                                          SHA1:AF2BF48CBCE52EF11C9CFF81A14C09F9364EF44D
                                          SHA-256:8BB921E4545E237419247CAFDB6E1DA0D5C950FC1390E3CEEE9C3DDFEE5065F4
                                          SHA-512:C0AB51E5205A97CC9132006F8A78FA97067C5A2F89DA76182D0B026421BFE1AF0B9098F25BA6BC275C4BA6A455D12412BC3F9D9A1A0C0D3061005C6955B7639A
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):14336
                                          Entropy (8bit):1.412747974697398
                                          Encrypted:false
                                          SSDEEP:48:fK3tjkSdj5IUltGhp22iSBgZ2RyYoKce2RyYouxj/:ftSjGhp22iSZRAZRz
                                          MD5:27A142DA73BAA785476BEB02C6B7753A
                                          SHA1:37B0CF1A4120A9804E3B6CA252DC9788D2104E82
                                          SHA-256:6D9277E125B849A2061610CDFD2957AE4E507A108FAB09D754D88D6388F663BB
                                          SHA-512:4C6AEAE01201BBB92E15A446946BCEEAE4EEBBFFDEAADA47019AEC22110F959DE12E3C7E51CD7A26925F5CFE4C2C97CF77E8C447A77C2EE1A8324DBD110E4F5F
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.41235120905181716
                                          Encrypted:false
                                          SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                          MD5:981F351994975A68A0DD3ECE5E889FD0
                                          SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                          SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                          SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\aec0eeea-1188-4d62-90b8-315ecff262ab.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):13425
                                          Entropy (8bit):5.280439689610464
                                          Encrypted:false
                                          SSDEEP:384:stQ+PGQSugsoFfhPFBqbGTQx6WWlaTYrb:slOXucFf7BqbGMxsaTY/
                                          MD5:31134D9983B3E21EDA4752E573F31E74
                                          SHA1:F125D9A03DC50E8B9C1066FC79AB0320BA64835B
                                          SHA-256:6053FA2D0910EBDF71D3CF7D79050D3BF744EA842D071C41115EAEE2412A3A78
                                          SHA-512:5CDD7D73E82C41C71FDAD00D1E2362C14A7FE78356EB6848CA57BB0CA01E5975786954ADA4B74B3EBB036174193BEE1246FA15E1F664C7E91DC4990DADDDA831
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370057817518204","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\af4baa4c-3ca4-4b71-b86c-32992985297b.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):35272
                                          Entropy (8bit):5.556991644065754
                                          Encrypted:false
                                          SSDEEP:768:MAxX+tWPUGfDM8F1+UoAYDCx9Tuqh0VfUC9xbog/OVZXUgIrwR/beqKpRtuJ:MAxX+tWPUGfDMu1jaMkgZR/bb0ty
                                          MD5:913A24C194CE9BB0738FB71A626F38FD
                                          SHA1:3E04BB6D52DBAB91B2A7EA45B18FF6D09161B44F
                                          SHA-256:144B96ECDA03BEE290F6C858F182D898616C6BA13D350A2797F3838B2B65400E
                                          SHA-512:8A32D028ED962F7808142CBF8F835F7A8B64A0411171A426B73681C96D392C02A3F595D75AAC0E5E66F65FAFD94A64F4923BCE1CB79CFEED18E9B0F2841E6696
                                          Malicious:false
                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370057816964993","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370057816964993","location":5,"ma

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):11755
                                          Entropy (8bit):5.190465908239046
                                          Encrypted:false
                                          SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                          MD5:07301A857C41B5854E6F84CA00B81EA0
                                          SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                          SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                          SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                          Malicious:false
                                          Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):0.3410017321959524
                                          Encrypted:false
                                          SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                          MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                          SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                          SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                          SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ddaa7385-f93e-455c-832e-e36f4d5b8cdd.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):13260
                                          Entropy (8bit):5.282798253496965
                                          Encrypted:false
                                          SSDEEP:192:stQ+J99QTryDiuabatSuyHsoPtsZihPFUu7k03i8ybV+FUsQA66WgaFIMYIPoqYJ:stQ+PGQSugsoFfhPFBqbGTQx6WgaTYrb
                                          MD5:6254D897F6DB75ABBB016B670391472E
                                          SHA1:14BC40135AFF1CCD28C0F1845AD9186E4574EBF1
                                          SHA-256:1A29D96528BDB9D127891F520E7B30EC5F931709140041A906AF671B4EE612C4
                                          SHA-512:B9A0D3A4EACBAFA9FF52D68D53DC7E139B1E7725E5022358249075388276E99D1F813FDC11C0111F33387C2025BCD780A4AAAA1D2FEFC468CBAABCFECAC33ABB
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370057817518204","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f7902a40-d0a6-4a2c-ae2a-7c146f9d08d1.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:L:L
                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                          Malicious:false
                                          Preview:.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fd8c1a00-7e06-4abe-841a-917805825157.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):12642
                                          Entropy (8bit):5.206250452572271
                                          Encrypted:false
                                          SSDEEP:192:stQ+J99QTryDigabatSuyHsoPtsZihUk03i8ybV+FUsQA66WgaFIMYIPoqYJ:stQ+PGKSugsoFfhLbGTQx6WgaTYrb
                                          MD5:55231BF929DA3275DACEDAEF15BAA73C
                                          SHA1:E1AE86A1F01269AC67E0EFB515FA40AE9A4EA1FE
                                          SHA-256:D4EFA66DEF49D2354FE1D08B0C51D91E136A8D38AFD565E43A1498CD63AEE6D6
                                          SHA-512:DBD7B7DF426E034EA8AD3C055B482E4BA913A5F04F211AF361EDC1937B60098E9B1BFB88FE0959932BE3297EDCAAF7849D928DB0876CF2DBE26EE0BFE36BE34B
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370057817518204","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):0.11604637301347259
                                          Encrypted:false
                                          SSDEEP:12:Wt2LILt2mpEjVl/PnnnnnnnnnnnnnnnvoQsUQo8AGS:WtbLtToPnnnnnnnnnnnnnnnvN3zd
                                          MD5:22E9EF70E138621B0E9CCD92AE8619E8
                                          SHA1:30CEA7C578C701DF6A05C9FB59A6F89151C2141C
                                          SHA-256:9DD8C57E20B2EC7FB0D059DE078D6527120038C3B9ED2ECF712CCC202C8A3EC3
                                          SHA-512:7ABEF696C8991E713DE5D579708A339390702D5D203C715A56D1A0F4E2418EC50C600A65CB368375EA53DF140A2F679400B6CCB558F975F96811A16575D992FD
                                          Malicious:false
                                          Preview:..-.............].......D.f....=.4..}...U...v...-.............].......D.f....=.4..}...U...v.........Y...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite Write-Ahead Log, version 3007000
                                          Category:dropped
                                          Size (bytes):383192
                                          Entropy (8bit):1.0817833398317478
                                          Encrypted:false
                                          SSDEEP:192:jt7/02b2oMqvQEECHHpi0Z7qTZ9or0LQo3/0y1oLa5I/05/7oLlI/0MKoIMSWlIQ:G2jHJi0ZWQO6RqIAQa12CWGTjT24
                                          MD5:9B6DAC7A5E2317612305F275B7B76BE0
                                          SHA1:0F27A6E1BA76AD2B50BCA4BE470EC4C39319A691
                                          SHA-256:A09722EB8B00C3B8C03FA66B17387A23184F4B048BEC457D043CC44E5C5A565F
                                          SHA-512:C5E4016F61374A2397E89DA09B34B83D0381AFAA32B1D6D3FA925CC481BFEFAA0F33A5126B45C9E4F1BBE8807423D323135951FB3A525EDBB9983DD1504816C4
                                          Malicious:false
                                          Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:modified
                                          Size (bytes):723
                                          Entropy (8bit):3.2114925046731697
                                          Encrypted:false
                                          SSDEEP:12:Wlc8NOuuuuuuuuuuuuuuuuuuuuuuua8y3:iD
                                          MD5:C93B32F035A0E3FD64DE1700E1B1AF41
                                          SHA1:B559C40599F8DBFC506D55C8AAC6D0B1DD3C3D0F
                                          SHA-256:30AF43E35C78F6780CAFE1EB57EE56483D28B9EB511AA90798765D5363A1B9F0
                                          SHA-512:853098730405006FA8E4FCC1DD095E4D834B0505AC5FB7C8F04AC288AE038A163E48313F92CB0EC3FAFA0A5B3F2E666321967073C3A428F4279ADB62DB4BE271
                                          Malicious:false
                                          Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=................iZW0................39_config..........6.....n ...1V.e................V.e................V.e................V.e................V.e................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):324
                                          Entropy (8bit):5.2377573382536164
                                          Encrypted:false
                                          SSDEEP:6:PIH84q2P923oH+TcwtfrK+IFUt82IH8JZmw+2IVDkwO923oH+TcwtfrUeLJ:Pc84v4Yeb23FUt82c8J/+2uD5LYeb3J
                                          MD5:6CEEDE9955359DAC87F893992DA8D506
                                          SHA1:32F487EE3C149B65EC3642D2F572C6A14056A68E
                                          SHA-256:3EB1BF5FDC32CD63BFAF60F3DBE24C8B4652F7662B9BB9D05FCDC93C86640E33
                                          SHA-512:BAB5FA0957FFC975594511293851698044D3212ACAFD20B7CC5B95B39421E985404DBDF5EB8DE81AA9A93B735AF1663DFE56762494A078DD69C8C66B7AD86D9E
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.573 1df4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/05-20:56:57.573 1df4 Recovering log #3.2024/09/05-20:56:57.574 1df4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):324
                                          Entropy (8bit):5.2377573382536164
                                          Encrypted:false
                                          SSDEEP:6:PIH84q2P923oH+TcwtfrK+IFUt82IH8JZmw+2IVDkwO923oH+TcwtfrUeLJ:Pc84v4Yeb23FUt82c8J/+2uD5LYeb3J
                                          MD5:6CEEDE9955359DAC87F893992DA8D506
                                          SHA1:32F487EE3C149B65EC3642D2F572C6A14056A68E
                                          SHA-256:3EB1BF5FDC32CD63BFAF60F3DBE24C8B4652F7662B9BB9D05FCDC93C86640E33
                                          SHA-512:BAB5FA0957FFC975594511293851698044D3212ACAFD20B7CC5B95B39421E985404DBDF5EB8DE81AA9A93B735AF1663DFE56762494A078DD69C8C66B7AD86D9E
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.573 1df4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/05-20:56:57.573 1df4 Recovering log #3.2024/09/05-20:56:57.574 1df4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):787
                                          Entropy (8bit):4.059252238767438
                                          Encrypted:false
                                          SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                          MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                          SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                          SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                          SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                          Malicious:false
                                          Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):342
                                          Entropy (8bit):5.215267661735972
                                          Encrypted:false
                                          SSDEEP:6:PIH2N+q2P923oH+TcwtfrzAdIFUt82IwWZmw+2IHVkwO923oH+TcwtfrzILJ:Pcu+v4Yeb9FUt829W/+2wV5LYeb2J
                                          MD5:0FA5F5802BB17073A44BA5DB9BE6187E
                                          SHA1:85D504668592D8DB26F4BD649384B54A62E547EA
                                          SHA-256:92428E5D5A14374978C0BF65339E8B36C1C9700A593FCC7B65E83E8F7CD1EAE7
                                          SHA-512:132A9CEF7125981BB94131D2D9477CFD121B80DCB31A7CDEAE6597DE90BFEEC3F8955F8C9F7503AA0102D2AE898C5F283F43E4E8D567F97CAFB2DDA7497C312E
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.573 1dcc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/05-20:56:57.574 1dcc Recovering log #3.2024/09/05-20:56:57.574 1dcc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):342
                                          Entropy (8bit):5.215267661735972
                                          Encrypted:false
                                          SSDEEP:6:PIH2N+q2P923oH+TcwtfrzAdIFUt82IwWZmw+2IHVkwO923oH+TcwtfrzILJ:Pcu+v4Yeb9FUt829W/+2wV5LYeb2J
                                          MD5:0FA5F5802BB17073A44BA5DB9BE6187E
                                          SHA1:85D504668592D8DB26F4BD649384B54A62E547EA
                                          SHA-256:92428E5D5A14374978C0BF65339E8B36C1C9700A593FCC7B65E83E8F7CD1EAE7
                                          SHA-512:132A9CEF7125981BB94131D2D9477CFD121B80DCB31A7CDEAE6597DE90BFEEC3F8955F8C9F7503AA0102D2AE898C5F283F43E4E8D567F97CAFB2DDA7497C312E
                                          Malicious:false
                                          Preview:2024/09/05-20:56:57.573 1dcc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/05-20:56:57.574 1dcc Recovering log #3.2024/09/05-20:56:57.574 1dcc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):120
                                          Entropy (8bit):3.32524464792714
                                          Encrypted:false
                                          SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                          MD5:A397E5983D4A1619E36143B4D804B870
                                          SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                          SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                          SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                          Malicious:false
                                          Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):13
                                          Entropy (8bit):2.7192945256669794
                                          Encrypted:false
                                          SSDEEP:3:NYLFRQI:ap2I
                                          MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                          SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                          SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                          SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                          Malicious:false
                                          Preview:117.0.2045.47

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):44137
                                          Entropy (8bit):6.090715793362919
                                          Encrypted:false
                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMLwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynET6mtbz8hu3VlXr4CRo1
                                          MD5:DD63FCB72074D2C0F82286E3F11F7CBA
                                          SHA1:4ED5A70EEE12E25ACA35552C787C69637A6A63AA
                                          SHA-256:8114947890FD1244BB9E4E80CCAED2A733E2F5CE4485B88B7E51F09A617F9D8B
                                          SHA-512:505660156458586F58DB2F0FDCEB68662211339FD83060DE64B67073E7CADCB88E2AC325CB5A24927AD9551C5BDF3E5F71043F4D13251D2C51BD78B62BA05497
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF315db.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):44137
                                          Entropy (8bit):6.090715793362919
                                          Encrypted:false
                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMLwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynET6mtbz8hu3VlXr4CRo1
                                          MD5:DD63FCB72074D2C0F82286E3F11F7CBA
                                          SHA1:4ED5A70EEE12E25ACA35552C787C69637A6A63AA
                                          SHA-256:8114947890FD1244BB9E4E80CCAED2A733E2F5CE4485B88B7E51F09A617F9D8B
                                          SHA-512:505660156458586F58DB2F0FDCEB68662211339FD83060DE64B67073E7CADCB88E2AC325CB5A24927AD9551C5BDF3E5F71043F4D13251D2C51BD78B62BA05497
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF315ea.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):44137
                                          Entropy (8bit):6.090715793362919
                                          Encrypted:false
                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMLwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynET6mtbz8hu3VlXr4CRo1
                                          MD5:DD63FCB72074D2C0F82286E3F11F7CBA
                                          SHA1:4ED5A70EEE12E25ACA35552C787C69637A6A63AA
                                          SHA-256:8114947890FD1244BB9E4E80CCAED2A733E2F5CE4485B88B7E51F09A617F9D8B
                                          SHA-512:505660156458586F58DB2F0FDCEB68662211339FD83060DE64B67073E7CADCB88E2AC325CB5A24927AD9551C5BDF3E5F71043F4D13251D2C51BD78B62BA05497
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3189a.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):44137
                                          Entropy (8bit):6.090715793362919
                                          Encrypted:false
                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMLwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynET6mtbz8hu3VlXr4CRo1
                                          MD5:DD63FCB72074D2C0F82286E3F11F7CBA
                                          SHA1:4ED5A70EEE12E25ACA35552C787C69637A6A63AA
                                          SHA-256:8114947890FD1244BB9E4E80CCAED2A733E2F5CE4485B88B7E51F09A617F9D8B
                                          SHA-512:505660156458586F58DB2F0FDCEB68662211339FD83060DE64B67073E7CADCB88E2AC325CB5A24927AD9551C5BDF3E5F71043F4D13251D2C51BD78B62BA05497
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF33f3c.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):44137
                                          Entropy (8bit):6.090715793362919
                                          Encrypted:false
                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMLwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynET6mtbz8hu3VlXr4CRo1
                                          MD5:DD63FCB72074D2C0F82286E3F11F7CBA
                                          SHA1:4ED5A70EEE12E25ACA35552C787C69637A6A63AA
                                          SHA-256:8114947890FD1244BB9E4E80CCAED2A733E2F5CE4485B88B7E51F09A617F9D8B
                                          SHA-512:505660156458586F58DB2F0FDCEB68662211339FD83060DE64B67073E7CADCB88E2AC325CB5A24927AD9551C5BDF3E5F71043F4D13251D2C51BD78B62BA05497
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF42900.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):44137
                                          Entropy (8bit):6.090715793362919
                                          Encrypted:false
                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMLwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynET6mtbz8hu3VlXr4CRo1
                                          MD5:DD63FCB72074D2C0F82286E3F11F7CBA
                                          SHA1:4ED5A70EEE12E25ACA35552C787C69637A6A63AA
                                          SHA-256:8114947890FD1244BB9E4E80CCAED2A733E2F5CE4485B88B7E51F09A617F9D8B
                                          SHA-512:505660156458586F58DB2F0FDCEB68662211339FD83060DE64B67073E7CADCB88E2AC325CB5A24927AD9551C5BDF3E5F71043F4D13251D2C51BD78B62BA05497
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF48578.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):44137
                                          Entropy (8bit):6.090715793362919
                                          Encrypted:false
                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMLwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynET6mtbz8hu3VlXr4CRo1
                                          MD5:DD63FCB72074D2C0F82286E3F11F7CBA
                                          SHA1:4ED5A70EEE12E25ACA35552C787C69637A6A63AA
                                          SHA-256:8114947890FD1244BB9E4E80CCAED2A733E2F5CE4485B88B7E51F09A617F9D8B
                                          SHA-512:505660156458586F58DB2F0FDCEB68662211339FD83060DE64B67073E7CADCB88E2AC325CB5A24927AD9551C5BDF3E5F71043F4D13251D2C51BD78B62BA05497
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5963118027796015
                                          Encrypted:false
                                          SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                          MD5:48A6A0713B06707BC2FE9A0F381748D3
                                          SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                          SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                          SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2031121
                                          Entropy (8bit):4.001535139479347
                                          Encrypted:false
                                          SSDEEP:49152:LgPY2N/MR+DgVFIlq6hhN7X4VrgKk+lzlVSa4YVxeUOolPKRayAH09bnwBXQ0a/Z:i
                                          MD5:7F4CBC7E09250B5D99FB95AE1BE8E67D
                                          SHA1:689B2E06B3B98270B156048A8620DE7213C07A4F
                                          SHA-256:DE95A59EAF1374E5D39D2E4D4BD06B6C81B19BB9AAF175580F595106639C3F74
                                          SHA-512:0F8B8F190F656E208F6D5050909ED1A4BEB6D7C27EDD1AE77CFEB19F753A135CB8DAF93ED4139FEF27B53F83EA87B8B243465B15303DDBF1CE280EDAA700AFE6
                                          Malicious:false
                                          Preview:.........{ .*..{.....{. ...{aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2031121
                                          Entropy (8bit):4.001535139479347
                                          Encrypted:false
                                          SSDEEP:49152:LgPY2N/MR+DgVFIlq6hhN7X4VrgKk+lzlVSa4YVxeUOolPKRayAH09bnwBXQ0a/Z:i
                                          MD5:7F4CBC7E09250B5D99FB95AE1BE8E67D
                                          SHA1:689B2E06B3B98270B156048A8620DE7213C07A4F
                                          SHA-256:DE95A59EAF1374E5D39D2E4D4BD06B6C81B19BB9AAF175580F595106639C3F74
                                          SHA-512:0F8B8F190F656E208F6D5050909ED1A4BEB6D7C27EDD1AE77CFEB19F753A135CB8DAF93ED4139FEF27B53F83EA87B8B243465B15303DDBF1CE280EDAA700AFE6
                                          Malicious:false
                                          Preview:.........{ .*..{.....{. ...{aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):47
                                          Entropy (8bit):4.3818353308528755
                                          Encrypted:false
                                          SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                          MD5:48324111147DECC23AC222A361873FC5
                                          SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                          SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                          SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                          Malicious:false
                                          Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):35
                                          Entropy (8bit):4.014438730983427
                                          Encrypted:false
                                          SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                          MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                          SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                          SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                          SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                          Malicious:false
                                          Preview:{"forceServiceDetermination":false}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):50
                                          Entropy (8bit):3.9904355005135823
                                          Encrypted:false
                                          SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                          MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                          SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                          SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                          SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                          Malicious:false
                                          Preview:topTraffic_170540185939602997400506234197983529371

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):575056
                                          Entropy (8bit):7.999649474060713
                                          Encrypted:true
                                          SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                          MD5:BE5D1A12C1644421F877787F8E76642D
                                          SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                          SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                          SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                          Malicious:false
                                          Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):86
                                          Entropy (8bit):4.3751917412896075
                                          Encrypted:false
                                          SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                          MD5:16B7586B9EBA5296EA04B791FC3D675E
                                          SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                          SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                          SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                          Malicious:false
                                          Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\dab2c1d0-a0d7-450e-88d8-565f09479cdc.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):45974
                                          Entropy (8bit):6.087910662199865
                                          Encrypted:false
                                          SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4JoaEHUhDO6vP6OwCK6l0ej+EZxVQavCAowGoup1Xl3jVb:mMGQ5XMB+oas6QRoyavRowhu3VlXr4Q
                                          MD5:1C52B76A6BB8748331EAAD5188A94AAC
                                          SHA1:4EAC5B64D4F985CCBE1E5E9D4848AC9D3E3E6645
                                          SHA-256:689DF1AF813C068741A35CCB5E4A1F9F298CB1856E6E1A1B84C551B5AD131BC5
                                          SHA-512:C4512703969B88487E8E0FDC6CDD3E735B0E8E3EF48F53568B22909FDA176E33C9199A58A37BD779E75272E07F67D7F05CD35278A1DB64FE9F5C635AB0350B57
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e9322dcd-9567-489e-876c-290aa367f9b5.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):45974
                                          Entropy (8bit):6.0879090102038935
                                          Encrypted:false
                                          SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4J9aEHUhDO6vP6OwCK6l0ej+EZxVQavCAowGoup1Xl3jVb:mMGQ5XMB+9as6QRoyavRowhu3VlXr4Q
                                          MD5:4D0AC809613EF03516747BD3B8E3BAAA
                                          SHA1:9452FB7BAADED4EF872262BDD5FB023D1B1DFC69
                                          SHA-256:F093C784A3C57936CA6D423FAE8B8B6198CA2260C3E637052E37D7706CAF73AF
                                          SHA-512:1C8E8FC637B4104A041758C533688D3A15D9DB74F4BC65886ADA55EBCEECD552782D59F6D5BB35D832BBA83F09DE8762D3A236E8EA5781A5322A886E70D7DB64
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f059b4f2-9611-4a86-8c4c-b4ec8f0d56a0.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):45897
                                          Entropy (8bit):6.08796529429035
                                          Encrypted:false
                                          SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4n9aEHUhDO6vP6OwCK6l0ej+EZxVQavCAowGoup1Xl3jVb:mMGQ5XMBG9as6QRoyavRowhu3VlXr4Q
                                          MD5:777A00846E42B86253BE3295C0E2A436
                                          SHA1:108C927DCEF9FC704F5E5947EB4CC73E95AC72CB
                                          SHA-256:7F38E5811F0EC1338DDD518F158EED33733B92B9AAB0D3C184F0EE5251E2F648
                                          SHA-512:54C4F89C3E1E728491440DCE50C977AEC8F853E05D8E1E528B06A1A51D3C2F8519249EE880C699D14C872215CB50B0BA65B5762A04F39BE712005EE9D3BD9356
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f620b0a2-7f84-404c-aca8-1aef3e392b19.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):44652
                                          Entropy (8bit):6.0966990811479205
                                          Encrypted:false
                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkB1wu3hDO6vP6OwCK6l0ej+EZxcGoup1Xl3jVzXr4z:z/Ps+wsI7yOEw6QRochu3VlXr4CRo1
                                          MD5:E43EF76B98E7393EE0593FF7F575D3F8
                                          SHA1:62360E691601593FC32E49AE37C278EDAD2F6DB6
                                          SHA-256:43A8DA9B8005B18DACA015C4F397C537190664C9E39D7D85AA2D8C0753790BC9
                                          SHA-512:770A692070FD7384E3DE5E42ECA39E5FF497C90C76AD216E8F24ED96A64E46BED55B24577B0B78DA50FE9D57F1CB809BF7DC076EED1E0904B1B8152883FE0D0A
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2278
                                          Entropy (8bit):3.838382435132131
                                          Encrypted:false
                                          SSDEEP:48:uiTrlKxrgxuxl9Il8u5RuOUdVl2zCrwmlr7l9ZRpyd1rc:mvY/RuZdP2zC9zZRP
                                          MD5:3BF461E2AB41C9A1E282598EC5CF85CD
                                          SHA1:72F28EB0471D7158237917C58D827D3D96028B33
                                          SHA-256:54916925BDEE5F4CF438E79F0518D4C18BF6E300801D4E42EDC7C6697DC987A3
                                          SHA-512:FAC93E0C4F7801742600E591BC4C73C968A6222B56C4DBA09C05AA16BEDE4D8CDD8102652F4695F2BC60B19D7AD4C3142ADDB869BBC4308C82C19D9CF5E25764
                                          Malicious:false
                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.O.c.L.D.w.A.A.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.n./.x.8.6.M.

                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4622
                                          Entropy (8bit):4.001941570227596
                                          Encrypted:false
                                          SSDEEP:96:BYiTwQ7PchRZF5McQdmGdfvxRgbKeiTNZV0YtBysX:BRTwQDch/FzQd04NZVdX
                                          MD5:A57662A01B27D3E979317A89688A4903
                                          SHA1:B791909550796D93CBF0F71B612BA02383AE2A98
                                          SHA-256:42089DC8B0064DEB3A79C75AA682FE8DA404658295A43F0E3154CDDE13A6881D
                                          SHA-512:32C49E83188BAD6226300CBA5CC10910892DD3DAFE161C716BEB6A841961F78ABD6D90024DC6B763D8F8964C9DB81DC880B75B1E0676F5D20C4D1F9A840942E9
                                          Malicious:false
                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".F.0.5.V.9.f.f./.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.2.x.K.Q.d.1.

                                          C:\Users\user\AppData\Local\Temp\19614526-5182-4f13-80fe-db5d27626631.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                          Category:dropped
                                          Size (bytes):206843
                                          Entropy (8bit):7.983950356843833
                                          Encrypted:false
                                          SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEIs:l81Lel7E6lEMVo/S01fDpWmEgfS
                                          MD5:88455860BD65014561DF9AB11A22A409
                                          SHA1:31DCA5BFACC933D6BF9F39FBC9C84C2B9FDE202E
                                          SHA-256:DC3CA85CDB8D358E8D383BB0CB6FEA37697DDCEE48380E7C79BD7AD01ED789FB
                                          SHA-512:7FE8A5FBF0C92BE1665C9529F3C4D549D0F3D77597B7543C8BEBC44E91AA4877323B00E7FFAA329C06BA635C8D37F38760DDBE1AD998E39E0C117E2D699C886A
                                          Malicious:false
                                          Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                          C:\Users\user\AppData\Local\Temp\7b2eda6f-c567-4b66-a58a-e6f219b316c8.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:L:L
                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                          Malicious:false
                                          Preview:.

                                          C:\Users\user\AppData\Local\Temp\974b654b-16d3-4ed9-a87d-6cb57173b37e.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:L:L
                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                          Malicious:false
                                          Preview:.

                                          C:\Users\user\AppData\Local\Temp\c4352ec6-5eb9-40b8-8bf3-09abf19ce3ea.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
                                          Category:dropped
                                          Size (bytes):76321
                                          Entropy (8bit):7.996057445951542
                                          Encrypted:true
                                          SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6wpGzxue:GdS8scZNzFrMa4M+lK5/nXexue
                                          MD5:D7A1AC56ED4F4D17DD0524C88892C56D
                                          SHA1:4153CA1A9A4FD0F781ECD5BA9D2A1E68C760ECD4
                                          SHA-256:0A29576C4002D863B0C5AE7A0B36C0BBEB0FB9AFD16B008451D4142C07E1FF2B
                                          SHA-512:31503F2F6831070E887EA104296E17EE755BB6BBFB1EF2A15371534BFA2D3F0CD53862389625CF498754B071885A53E1A7F82A3546275DB1F4588E0E80BF7BEE
                                          Malicious:false
                                          Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                          C:\Users\user\AppData\Local\Temp\ccbfa71c-f415-4330-957b-91a31ec2425e.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 693860
                                          Category:dropped
                                          Size (bytes):524328
                                          Entropy (8bit):7.99817772840175
                                          Encrypted:true
                                          SSDEEP:12288:UftGKcGDwmyu0bCD7gX1OHjz/H9mf+x4AsLXZ+E70G8OlmP6:UFNAmx1njzPO+x4AsLXZbx8OJ
                                          MD5:E8D3BE59D6D80F482C39F0CBBB7E2CA9
                                          SHA1:008CDA5E0E2433C641DB642B1E4AEBDB228BF8AD
                                          SHA-256:236E6BD4386F8C309A1C61C1E97EBD942DA4CA05BE57EDCF23BB77F8FEF6407B
                                          SHA-512:0C419F59ED7C77EF1DD71533A886D59CA4A8CE9899C6B44AD2144035482C9CFDDFB7471AA70E2262A4240B4E0C74CFE5E287EEF8ABD6E6DA1A29DAE3AEB08B27
                                          Malicious:false
                                          Preview:............o.6.........I....d[.z.6l.=...dIV...q..0...Iyk.C..8.R...v\7.....u..'..r...=.w..W.}..V_....W7......~..........<..f.-.O...l....a.../....l.m.e..kv.Y.n...~......}...ww..uSt.U..o.O...G..4w..|...........]]..y../..W.n...........".y..WB.2*C.7..W.4.....M...I..\&.($...."'....Y.e..o.7y.K.......oZ2.?..qW.O.$.............<.kV`2)G..%,...2.."Q..M.....}g.M`qa.x.Z_....N"......~.~.....;..4.....XEX...B0.Q=.'...z.,.|.>.5..W.6..$\RaT.&.m.%.b.2.....5#[..\...z.j.j|......~RN....@p.C.1.j.}..}..Z..Co'.i.%.TZ...O=%.`.J+............Y|.....mp.6...;v...l?...!..?"Q....a....'.8...)..)7..N...B.8...Yj.?..........V../...g....C..i.....IN...P..P.@.....N..u/...FJ.A<N<..gD. #..6....N.F.....C......4..........?R@.K../-%..P...|.././.o..?#K......%..=.8;........J..............6"..2.........jI....A..W.3......[.....$...>.%iJ..g..A...._....B.>.r...G.5.....$.P[.....J..r.y.4.KE.Lj/)i".w..Ig./.k?.....l../Z.f......"|%.-..T.....).l."Q..j*>%..E.J6...l...^.f.=`%./.l......7$D

                                          C:\Users\user\AppData\Local\Temp\cv_debug.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2110
                                          Entropy (8bit):5.401246370386553
                                          Encrypted:false
                                          SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rrt:8e2Fa116uCntc5toYCauM
                                          MD5:CBFF0525475C5C17D0C38DDB73A4BE33
                                          SHA1:711AA506A3AB2C853B8BD346B6F0979FFB32D0FE
                                          SHA-256:90E23BA75859D67D6E04F365620E8F4B366822B93149A64E45609FD1B4D6336B
                                          SHA-512:5AC1A04AA6664FE69BA44AF1F4F9E8A5F8FAE32B47A270224E14CB04DC2F0E3FB5298E734C71A399E194901DC8145B1F0EE64E8EE668EBD52A71A059AE062AD6
                                          Malicious:false
                                          Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

                                          C:\Users\user\AppData\Local\Temp\e6cb1df7-d126-44e4-8304-8258d417cf0c.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:Google Chrome extension, version 3
                                          Category:dropped
                                          Size (bytes):135751
                                          Entropy (8bit):7.804610863392373
                                          Encrypted:false
                                          SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                          MD5:83EF25FBEE6866A64F09323BFE1536E0
                                          SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                          SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                          SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                          Malicious:false
                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                          C:\Users\user\AppData\Local\Temp\f9b7cae4-d87f-4a2b-8d6e-f4daa47ee961.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:Google Chrome extension, version 3
                                          Category:dropped
                                          Size (bytes):11185
                                          Entropy (8bit):7.951995436832936
                                          Encrypted:false
                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                          Malicious:false
                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                          C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):0.4593089050301797
                                          Encrypted:false
                                          SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                          MD5:D910AD167F0217587501FDCDB33CC544
                                          SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                          SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                          SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                          Malicious:false
                                          Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\128.png

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):4982
                                          Entropy (8bit):7.929761711048726
                                          Encrypted:false
                                          SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                          MD5:913064ADAAA4C4FA2A9D011B66B33183
                                          SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                          SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                          SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                          Malicious:false
                                          Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\af\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):908
                                          Entropy (8bit):4.512512697156616
                                          Encrypted:false
                                          SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                          MD5:12403EBCCE3AE8287A9E823C0256D205
                                          SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                          SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                          SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\am\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1285
                                          Entropy (8bit):4.702209356847184
                                          Encrypted:false
                                          SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                          MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                          SHA1:58979859B28513608626B563138097DC19236F1F
                                          SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                          SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\ar\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1244
                                          Entropy (8bit):4.5533961615623735
                                          Encrypted:false
                                          SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                          MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                          SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                          SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                          SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\az\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):977
                                          Entropy (8bit):4.867640976960053
                                          Encrypted:false
                                          SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                          MD5:9A798FD298008074E59ECC253E2F2933
                                          SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                          SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                          SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\be\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):3107
                                          Entropy (8bit):3.535189746470889
                                          Encrypted:false
                                          SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                          MD5:68884DFDA320B85F9FC5244C2DD00568
                                          SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                          SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                          SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\bg\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1389
                                          Entropy (8bit):4.561317517930672
                                          Encrypted:false
                                          SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                          MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                          SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                          SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                          SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\bn\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1763
                                          Entropy (8bit):4.25392954144533
                                          Encrypted:false
                                          SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                          MD5:651375C6AF22E2BCD228347A45E3C2C9
                                          SHA1:109AC3A912326171D77869854D7300385F6E628C
                                          SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                          SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\ca\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):930
                                          Entropy (8bit):4.569672473374877
                                          Encrypted:false
                                          SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                          MD5:D177261FFE5F8AB4B3796D26835F8331
                                          SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                          SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                          SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\cs\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):913
                                          Entropy (8bit):4.947221919047
                                          Encrypted:false
                                          SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                          MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                          SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                          SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                          SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\cy\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):806
                                          Entropy (8bit):4.815663786215102
                                          Encrypted:false
                                          SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                          MD5:A86407C6F20818972B80B9384ACFBBED
                                          SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                          SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                          SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                          Malicious:false
                                          Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\da\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):883
                                          Entropy (8bit):4.5096240460083905
                                          Encrypted:false
                                          SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                          MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                          SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                          SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                          SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\de\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1031
                                          Entropy (8bit):4.621865814402898
                                          Encrypted:false
                                          SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                          MD5:D116453277CC860D196887CEC6432FFE
                                          SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                          SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                          SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\el\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1613
                                          Entropy (8bit):4.618182455684241
                                          Encrypted:false
                                          SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                          MD5:9ABA4337C670C6349BA38FDDC27C2106
                                          SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                          SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                          SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\en\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):851
                                          Entropy (8bit):4.4858053753176526
                                          Encrypted:false
                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\en_CA\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):851
                                          Entropy (8bit):4.4858053753176526
                                          Encrypted:false
                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\en_GB\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):848
                                          Entropy (8bit):4.494568170878587
                                          Encrypted:false
                                          SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                          MD5:3734D498FB377CF5E4E2508B8131C0FA
                                          SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                          SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                          SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\en_US\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1425
                                          Entropy (8bit):4.461560329690825
                                          Encrypted:false
                                          SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                          MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                          SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                          SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                          SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                          Malicious:false
                                          Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\es\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):961
                                          Entropy (8bit):4.537633413451255
                                          Encrypted:false
                                          SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                          MD5:F61916A206AC0E971CDCB63B29E580E3
                                          SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                          SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                          SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\es_419\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):959
                                          Entropy (8bit):4.570019855018913
                                          Encrypted:false
                                          SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                          MD5:535331F8FB98894877811B14994FEA9D
                                          SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                          SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                          SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\et\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):968
                                          Entropy (8bit):4.633956349931516
                                          Encrypted:false
                                          SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                          MD5:64204786E7A7C1ED9C241F1C59B81007
                                          SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                          SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                          SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\eu\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):838
                                          Entropy (8bit):4.4975520913636595
                                          Encrypted:false
                                          SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                          MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                          SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                          SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                          SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                          Malicious:false
                                          Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\fa\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1305
                                          Entropy (8bit):4.673517697192589
                                          Encrypted:false
                                          SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                          MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                          SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                          SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                          SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\fi\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):911
                                          Entropy (8bit):4.6294343834070935
                                          Encrypted:false
                                          SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                          MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                          SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                          SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                          SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\fil\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):939
                                          Entropy (8bit):4.451724169062555
                                          Encrypted:false
                                          SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                          MD5:FCEA43D62605860FFF41BE26BAD80169
                                          SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                          SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                          SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\fr\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):977
                                          Entropy (8bit):4.622066056638277
                                          Encrypted:false
                                          SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                          MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                          SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                          SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                          SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\fr_CA\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):972
                                          Entropy (8bit):4.621319511196614
                                          Encrypted:false
                                          SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                          MD5:6CAC04BDCC09034981B4AB567B00C296
                                          SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                          SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                          SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\gl\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):990
                                          Entropy (8bit):4.497202347098541
                                          Encrypted:false
                                          SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                          MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                          SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                          SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                          SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\gu\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1658
                                          Entropy (8bit):4.294833932445159
                                          Encrypted:false
                                          SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                          MD5:BC7E1D09028B085B74CB4E04D8A90814
                                          SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                          SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                          SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\hi\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1672
                                          Entropy (8bit):4.314484457325167
                                          Encrypted:false
                                          SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                          MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                          SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                          SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                          SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\hr\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):935
                                          Entropy (8bit):4.6369398601609735
                                          Encrypted:false
                                          SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                          MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                          SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                          SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                          SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\hu\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1065
                                          Entropy (8bit):4.816501737523951
                                          Encrypted:false
                                          SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                          MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                          SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                          SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                          SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\hy\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2771
                                          Entropy (8bit):3.7629875118570055
                                          Encrypted:false
                                          SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                          MD5:55DE859AD778E0AA9D950EF505B29DA9
                                          SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                          SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                          SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\id\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):858
                                          Entropy (8bit):4.474411340525479
                                          Encrypted:false
                                          SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                          MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                          SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                          SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                          SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\is\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):954
                                          Entropy (8bit):4.631887382471946
                                          Encrypted:false
                                          SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                          MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                          SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                          SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                          SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                          Malicious:false
                                          Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\it\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):899
                                          Entropy (8bit):4.474743599345443
                                          Encrypted:false
                                          SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                          MD5:0D82B734EF045D5FE7AA680B6A12E711
                                          SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                          SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                          SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\iw\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2230
                                          Entropy (8bit):3.8239097369647634
                                          Encrypted:false
                                          SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                          MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                          SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                          SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                          SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\ja\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1160
                                          Entropy (8bit):5.292894989863142
                                          Encrypted:false
                                          SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                          MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                          SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                          SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                          SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\ka\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):3264
                                          Entropy (8bit):3.586016059431306
                                          Encrypted:false
                                          SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                          MD5:83F81D30913DC4344573D7A58BD20D85
                                          SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                          SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                          SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\kk\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):3235
                                          Entropy (8bit):3.6081439490236464
                                          Encrypted:false
                                          SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                          MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                          SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                          SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                          SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\km\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):3122
                                          Entropy (8bit):3.891443295908904
                                          Encrypted:false
                                          SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                          MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                          SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                          SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                          SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\kn\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1880
                                          Entropy (8bit):4.295185867329351
                                          Encrypted:false
                                          SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                          MD5:8E16966E815C3C274EEB8492B1EA6648
                                          SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                          SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                          SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\ko\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1042
                                          Entropy (8bit):5.3945675025513955
                                          Encrypted:false
                                          SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                          MD5:F3E59EEEB007144EA26306C20E04C292
                                          SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                          SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                          SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\lo\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2535
                                          Entropy (8bit):3.8479764584971368
                                          Encrypted:false
                                          SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                          MD5:E20D6C27840B406555E2F5091B118FC5
                                          SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                          SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                          SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\lt\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1028
                                          Entropy (8bit):4.797571191712988
                                          Encrypted:false
                                          SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                          MD5:970544AB4622701FFDF66DC556847652
                                          SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                          SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                          SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\lv\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):994
                                          Entropy (8bit):4.700308832360794
                                          Encrypted:false
                                          SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                          MD5:A568A58817375590007D1B8ABCAEBF82
                                          SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                          SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                          SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\ml\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2091
                                          Entropy (8bit):4.358252286391144
                                          Encrypted:false
                                          SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                          MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                          SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                          SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                          SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\mn\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2778
                                          Entropy (8bit):3.595196082412897
                                          Encrypted:false
                                          SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                          MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                          SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                          SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                          SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\mr\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1719
                                          Entropy (8bit):4.287702203591075
                                          Encrypted:false
                                          SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                          MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                          SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                          SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                          SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\ms\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):936
                                          Entropy (8bit):4.457879437756106
                                          Encrypted:false
                                          SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                          MD5:7D273824B1E22426C033FF5D8D7162B7
                                          SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                          SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                          SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\my\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):3830
                                          Entropy (8bit):3.5483353063347587
                                          Encrypted:false
                                          SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                          MD5:342335A22F1886B8BC92008597326B24
                                          SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                          SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                          SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\ne\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1898
                                          Entropy (8bit):4.187050294267571
                                          Encrypted:false
                                          SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                          MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                          SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                          SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                          SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\nl\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):914
                                          Entropy (8bit):4.513485418448461
                                          Encrypted:false
                                          SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                          MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                          SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                          SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                          SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\no\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):878
                                          Entropy (8bit):4.4541485835627475
                                          Encrypted:false
                                          SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                          MD5:A1744B0F53CCF889955B95108367F9C8
                                          SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                          SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                          SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\pa\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2766
                                          Entropy (8bit):3.839730779948262
                                          Encrypted:false
                                          SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                          MD5:97F769F51B83D35C260D1F8CFD7990AF
                                          SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                          SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                          SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\pl\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):978
                                          Entropy (8bit):4.879137540019932
                                          Encrypted:false
                                          SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                          MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                          SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                          SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                          SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\pt_BR\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):907
                                          Entropy (8bit):4.599411354657937
                                          Encrypted:false
                                          SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                          MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                          SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                          SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                          SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\pt_PT\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):914
                                          Entropy (8bit):4.604761241355716
                                          Encrypted:false
                                          SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                          MD5:0963F2F3641A62A78B02825F6FA3941C
                                          SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                          SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                          SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\ro\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):937
                                          Entropy (8bit):4.686555713975264
                                          Encrypted:false
                                          SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                          MD5:BED8332AB788098D276B448EC2B33351
                                          SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                          SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                          SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\ru\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1337
                                          Entropy (8bit):4.69531415794894
                                          Encrypted:false
                                          SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                          MD5:51D34FE303D0C90EE409A2397FCA437D
                                          SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                          SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                          SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\si\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2846
                                          Entropy (8bit):3.7416822879702547
                                          Encrypted:false
                                          SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                          MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                          SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                          SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                          SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\sk\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):934
                                          Entropy (8bit):4.882122893545996
                                          Encrypted:false
                                          SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                          MD5:8E55817BF7A87052F11FE554A61C52D5
                                          SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                          SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                          SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\sl\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):963
                                          Entropy (8bit):4.6041913416245
                                          Encrypted:false
                                          SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                          MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                          SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                          SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                          SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\sr\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1320
                                          Entropy (8bit):4.569671329405572
                                          Encrypted:false
                                          SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                          MD5:7F5F8933D2D078618496C67526A2B066
                                          SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                          SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                          SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\sv\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):884
                                          Entropy (8bit):4.627108704340797
                                          Encrypted:false
                                          SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                          MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                          SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                          SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                          SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\sw\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):980
                                          Entropy (8bit):4.50673686618174
                                          Encrypted:false
                                          SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                          MD5:D0579209686889E079D87C23817EDDD5
                                          SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                          SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                          SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\ta\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1941
                                          Entropy (8bit):4.132139619026436
                                          Encrypted:false
                                          SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                          MD5:DCC0D1725AEAEAAF1690EF8053529601
                                          SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                          SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                          SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\te\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1969
                                          Entropy (8bit):4.327258153043599
                                          Encrypted:false
                                          SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                          MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                          SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                          SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                          SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\th\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1674
                                          Entropy (8bit):4.343724179386811
                                          Encrypted:false
                                          SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                          MD5:64077E3D186E585A8BEA86FF415AA19D
                                          SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                          SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                          SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\tr\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1063
                                          Entropy (8bit):4.853399816115876
                                          Encrypted:false
                                          SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                          MD5:76B59AAACC7B469792694CF3855D3F4C
                                          SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                          SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                          SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\uk\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1333
                                          Entropy (8bit):4.686760246306605
                                          Encrypted:false
                                          SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                          MD5:970963C25C2CEF16BB6F60952E103105
                                          SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                          SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                          SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\ur\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1263
                                          Entropy (8bit):4.861856182762435
                                          Encrypted:false
                                          SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                          MD5:8B4DF6A9281333341C939C244DDB7648
                                          SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                          SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                          SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\vi\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1074
                                          Entropy (8bit):5.062722522759407
                                          Encrypted:false
                                          SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                          MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                          SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                          SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                          SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\zh_CN\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):879
                                          Entropy (8bit):5.7905809868505544
                                          Encrypted:false
                                          SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                          MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                          SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                          SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                          SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\zh_HK\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1205
                                          Entropy (8bit):4.50367724745418
                                          Encrypted:false
                                          SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                          MD5:524E1B2A370D0E71342D05DDE3D3E774
                                          SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                          SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                          SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\zh_TW\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):843
                                          Entropy (8bit):5.76581227215314
                                          Encrypted:false
                                          SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                          MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                          SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                          SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                          SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_locales\zu\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):912
                                          Entropy (8bit):4.65963951143349
                                          Encrypted:false
                                          SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                          MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                          SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                          SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                          SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                          Malicious:false
                                          Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\_metadata\verified_contents.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):11280
                                          Entropy (8bit):5.754230909218899
                                          Encrypted:false
                                          SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                          MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                          SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                          SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                          SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                          Malicious:false
                                          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\dasherSettingSchema.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):854
                                          Entropy (8bit):4.284628987131403
                                          Encrypted:false
                                          SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                          MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                          SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                          SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                          SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                          Malicious:false
                                          Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\manifest.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2525
                                          Entropy (8bit):5.417689528134667
                                          Encrypted:false
                                          SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                          MD5:10FF8E5B674311683D27CE1879384954
                                          SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                          SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                          SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                          Malicious:false
                                          Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\offscreendocument.html

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:HTML document, ASCII text
                                          Category:dropped
                                          Size (bytes):97
                                          Entropy (8bit):4.862433271815736
                                          Encrypted:false
                                          SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                          MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                          SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                          SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                          SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                          Malicious:false
                                          Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\offscreendocument_main.js

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with very long lines (4369)
                                          Category:dropped
                                          Size (bytes):95567
                                          Entropy (8bit):5.4016395763198135
                                          Encrypted:false
                                          SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                          MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                          SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                          SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                          SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                          Malicious:false
                                          Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\page_embed_script.js

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):291
                                          Entropy (8bit):4.65176400421739
                                          Encrypted:false
                                          SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                          MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                          SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                          SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                          SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                          Malicious:false
                                          Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\CRX_INSTALL\service_worker_bin_prod.js

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with very long lines (4369)
                                          Category:dropped
                                          Size (bytes):103988
                                          Entropy (8bit):5.389407461078688
                                          Encrypted:false
                                          SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                          MD5:EA946F110850F17E637B15CF22B82837
                                          SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                          SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                          SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                          Malicious:false
                                          Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_1383628016\e6cb1df7-d126-44e4-8304-8258d417cf0c.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:Google Chrome extension, version 3
                                          Category:dropped
                                          Size (bytes):135751
                                          Entropy (8bit):7.804610863392373
                                          Encrypted:false
                                          SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                          MD5:83EF25FBEE6866A64F09323BFE1536E0
                                          SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                          SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                          SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                          Malicious:false
                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_577967929\CRX_INSTALL\_metadata\verified_contents.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1753
                                          Entropy (8bit):5.8889033066924155
                                          Encrypted:false
                                          SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                          MD5:738E757B92939B24CDBBD0EFC2601315
                                          SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                          SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                          SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                          Malicious:false
                                          Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_577967929\CRX_INSTALL\content.js

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                          Category:dropped
                                          Size (bytes):9815
                                          Entropy (8bit):6.1716321262973315
                                          Encrypted:false
                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                          MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                          SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                          SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                          SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                          Malicious:false
                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_577967929\CRX_INSTALL\content_new.js

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                          Category:dropped
                                          Size (bytes):10388
                                          Entropy (8bit):6.174387413738973
                                          Encrypted:false
                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                          MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                          SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                          SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                          SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                          Malicious:false
                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_577967929\CRX_INSTALL\manifest.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):962
                                          Entropy (8bit):5.698567446030411
                                          Encrypted:false
                                          SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                          MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                          SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                          SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                          SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                          Malicious:false
                                          Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7488_577967929\f9b7cae4-d87f-4a2b-8d6e-f4daa47ee961.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:Google Chrome extension, version 3
                                          Category:dropped
                                          Size (bytes):11185
                                          Entropy (8bit):7.951995436832936
                                          Encrypted:false
                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                          Malicious:false
                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                          C:\Users\user\AppData\Local\Temp\tmpaddon

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                          Category:dropped
                                          Size (bytes):453023
                                          Entropy (8bit):7.997718157581587
                                          Encrypted:true
                                          SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                          MD5:85430BAED3398695717B0263807CF97C
                                          SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                          SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                          SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                          Malicious:false
                                          Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):3621
                                          Entropy (8bit):4.9274346034100995
                                          Encrypted:false
                                          SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNyq9L1xE:8S+OVPUFRbOdwNIOdYpjvY1Q6LQr8P
                                          MD5:1F0DB7178284B900E90CE4B5C78EED22
                                          SHA1:C0341D45DA1632D336A79C7C1A8EE85C122DBB98
                                          SHA-256:18CA58D5B8B7DFA4E4C3627599676ACFC51766637E324065250649CECC995BA3
                                          SHA-512:081957B925D45E5FE3B3649013EE6AC6C2E4B3E28BC48E428698C19769D116069625595A8DB30927244780E8E2B99BEFE396941D5AC56A560CC9B9115BADF608
                                          Malicious:false
                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):3621
                                          Entropy (8bit):4.9274346034100995
                                          Encrypted:false
                                          SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNyq9L1xE:8S+OVPUFRbOdwNIOdYpjvY1Q6LQr8P
                                          MD5:1F0DB7178284B900E90CE4B5C78EED22
                                          SHA1:C0341D45DA1632D336A79C7C1A8EE85C122DBB98
                                          SHA-256:18CA58D5B8B7DFA4E4C3627599676ACFC51766637E324065250649CECC995BA3
                                          SHA-512:081957B925D45E5FE3B3649013EE6AC6C2E4B3E28BC48E428698C19769D116069625595A8DB30927244780E8E2B99BEFE396941D5AC56A560CC9B9115BADF608
                                          Malicious:false
                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4 (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                          Category:dropped
                                          Size (bytes):5308
                                          Entropy (8bit):6.599374203470186
                                          Encrypted:false
                                          SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                          MD5:EB56C2F4DA9435F3D5574161F414CD17
                                          SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                          SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                          SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                          Malicious:false
                                          Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                          Category:dropped
                                          Size (bytes):5308
                                          Entropy (8bit):6.599374203470186
                                          Encrypted:false
                                          SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                          MD5:EB56C2F4DA9435F3D5574161F414CD17
                                          SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                          SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                          SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                          Malicious:false
                                          Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):24
                                          Entropy (8bit):3.91829583405449
                                          Encrypted:false
                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                          Malicious:false
                                          Preview:{"schema":6,"addons":[]}

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):24
                                          Entropy (8bit):3.91829583405449
                                          Encrypted:false
                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                          Malicious:false
                                          Preview:{"schema":6,"addons":[]}

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\content-prefs.sqlite

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                          Category:dropped
                                          Size (bytes):262144
                                          Entropy (8bit):0.04905141882491872
                                          Encrypted:false
                                          SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                          MD5:8736A542C5564A922C47B19D9CC5E0F2
                                          SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                          SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                          SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4 (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                          Category:dropped
                                          Size (bytes):66
                                          Entropy (8bit):4.837595020998689
                                          Encrypted:false
                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                          Malicious:false
                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                          Category:dropped
                                          Size (bytes):66
                                          Entropy (8bit):4.837595020998689
                                          Encrypted:false
                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                          Malicious:false
                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):36830
                                          Entropy (8bit):5.1867463390487
                                          Encrypted:false
                                          SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                          MD5:98875950B62B398FFE70C0A8D0998017
                                          SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                          SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                          SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                          Malicious:false
                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):36830
                                          Entropy (8bit):5.1867463390487
                                          Encrypted:false
                                          SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                          MD5:98875950B62B398FFE70C0A8D0998017
                                          SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                          SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                          SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                          Malicious:false
                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqlite-shm

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):0.017262956703125623
                                          Encrypted:false
                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                          Malicious:false
                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):1021904
                                          Entropy (8bit):6.648417932394748
                                          Encrypted:false
                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                          MD5:FE3355639648C417E8307C6D051E3E37
                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Joe Sandbox View:
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):1021904
                                          Entropy (8bit):6.648417932394748
                                          Encrypted:false
                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                          MD5:FE3355639648C417E8307C6D051E3E37
                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Joe Sandbox View:
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):116
                                          Entropy (8bit):4.968220104601006
                                          Encrypted:false
                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                          Malicious:false
                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):116
                                          Entropy (8bit):4.968220104601006
                                          Encrypted:false
                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                          Malicious:false
                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):0.035699946889726504
                                          Encrypted:false
                                          SSDEEP:3:GtlstFM5eWbyiPlstFM5eWbydlllT89//alEl:GtWtO5RTWtO5R4lL89XuM
                                          MD5:158A64B4FAAA2F6454C32BE141BA7F14
                                          SHA1:DA84C2FAB505AE8EDB0443A132A719A74FE03CE1
                                          SHA-256:40D432E63C6541A9CEB6C0D144E4C210FEC76BEAB813434796B38E4ED3B809FA
                                          SHA-512:244667039AA4E9099E2E786844FE9C7FC3F3406FB3265D80982DC9D797330918E22B4B9B3C5B153CB73CC58E7C183BEEAF9A024324FFF43B0ED8739CC3F20C18
                                          Malicious:false
                                          Preview:..-......................\....>..! .3wVB-.../.....-......................\....>..! .3wVB-.../...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:SQLite Write-Ahead Log, version 3007000
                                          Category:dropped
                                          Size (bytes):32824
                                          Entropy (8bit):0.03998118428817617
                                          Encrypted:false
                                          SSDEEP:3:Ol1FF2WCQne2lfEpj5Vl8rEXsxdwhml8XW3R2:KpxCkujLl8dMhm93w
                                          MD5:423FB13D43E072D28BE5E3A4BF35BA7D
                                          SHA1:C6A97A2A23BFF5FFC59841DDF712A5ACE4DBF81B
                                          SHA-256:2CC4AE1571F5A421D590D1C7DE3E4816790C54440FD319FE90792BE40CF062EC
                                          SHA-512:2FA4A8C922883F88321CFDCAFBDFAB1104227468BEDCF386E5AD43D145236E8CD60BB7EE48A9C3E296C74EDAA6200A1765A51B814A0C3A3E3E7611370E1F982D
                                          Malicious:false
                                          Preview:7....-...........! .3wVB..$..s..........! .3wVB..\.>.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13187
                                          Entropy (8bit):5.478995729671046
                                          Encrypted:false
                                          SSDEEP:192:W/AyL2/6EnPOeRnLYbBp6lkJ0aX+HN6SEXKzzNQG5RHWNBw8dWSl:LDenJU0aJHHEwJ0
                                          MD5:32DA8700A8269AFB14B9F9A6C3550793
                                          SHA1:743AEDC9572F12BEB60F6BB20630C3DD4139200D
                                          SHA-256:46DF3AF0964FD737B48DD43641867C8977D3AD93CC73690849F427A0E18FDB7A
                                          SHA-512:F1D3A7EF1975FC3A82C77A8B625E7BFC7CAA3CC7DFE5BDA688EFB5A1728C8B909E02CD528A25CF7F2A4A79804F8EDAD8C4AF2700F2CF19F98344F64A49F6B54D
                                          Malicious:false
                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725588781);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725588781);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1725588781);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172558

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13187
                                          Entropy (8bit):5.478995729671046
                                          Encrypted:false
                                          SSDEEP:192:W/AyL2/6EnPOeRnLYbBp6lkJ0aX+HN6SEXKzzNQG5RHWNBw8dWSl:LDenJU0aJHHEwJ0
                                          MD5:32DA8700A8269AFB14B9F9A6C3550793
                                          SHA1:743AEDC9572F12BEB60F6BB20630C3DD4139200D
                                          SHA-256:46DF3AF0964FD737B48DD43641867C8977D3AD93CC73690849F427A0E18FDB7A
                                          SHA-512:F1D3A7EF1975FC3A82C77A8B625E7BFC7CAA3CC7DFE5BDA688EFB5A1728C8B909E02CD528A25CF7F2A4A79804F8EDAD8C4AF2700F2CF19F98344F64A49F6B54D
                                          Malicious:false
                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725588781);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725588781);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1725588781);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172558

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\protections.sqlite

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                          Category:dropped
                                          Size (bytes):65536
                                          Entropy (8bit):0.04062825861060003
                                          Encrypted:false
                                          SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                          MD5:60C09456D6362C6FBED48C69AA342C3C
                                          SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                          SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                          SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\7acd69d4-5ddb-4051-a04b-37a25393e230 (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):493
                                          Entropy (8bit):4.963461140947952
                                          Encrypted:false
                                          SSDEEP:12:YZFgcB2SeKGJiuIVHlW8cOlZGV1AQIYzvZcyBuLZGAvxn:YXhP0iuSlCOlZGV1AQIWZcy6ZXvx
                                          MD5:91CED6CD33A47E22E61AC5BBDE0E614A
                                          SHA1:D64CB16AC11D5C345D9F02894E3BBC88AA76F3D0
                                          SHA-256:F80EB4CC218B1165BC562BF6F37139EBC6483EC58720527ABE06AEF9B74DAA50
                                          SHA-512:459FB99BF96B925EBDEBEA33098EEBD17DFFFBCE326E19858890DDD5C45D12AB195B3FEB5BB23531A46FE9809E00F2AB1390CAABCD3D7B0629F0C72ABE20E411
                                          Malicious:false
                                          Preview:{"type":"health","id":"7acd69d4-5ddb-4051-a04b-37a25393e230","creationDate":"2024-09-06T02:13:32.871Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\7acd69d4-5ddb-4051-a04b-37a25393e230.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:modified
                                          Size (bytes):493
                                          Entropy (8bit):4.963461140947952
                                          Encrypted:false
                                          SSDEEP:12:YZFgcB2SeKGJiuIVHlW8cOlZGV1AQIYzvZcyBuLZGAvxn:YXhP0iuSlCOlZGV1AQIWZcy6ZXvx
                                          MD5:91CED6CD33A47E22E61AC5BBDE0E614A
                                          SHA1:D64CB16AC11D5C345D9F02894E3BBC88AA76F3D0
                                          SHA-256:F80EB4CC218B1165BC562BF6F37139EBC6483EC58720527ABE06AEF9B74DAA50
                                          SHA-512:459FB99BF96B925EBDEBEA33098EEBD17DFFFBCE326E19858890DDD5C45D12AB195B3FEB5BB23531A46FE9809E00F2AB1390CAABCD3D7B0629F0C72ABE20E411
                                          Malicious:false
                                          Preview:{"type":"health","id":"7acd69d4-5ddb-4051-a04b-37a25393e230","creationDate":"2024-09-06T02:13:32.871Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):90
                                          Entropy (8bit):4.194538242412464
                                          Encrypted:false
                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                          Malicious:false
                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):90
                                          Entropy (8bit):4.194538242412464
                                          Encrypted:false
                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                          Malicious:false
                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:Mozilla lz4 compressed data, originally 5946 bytes
                                          Category:dropped
                                          Size (bytes):1597
                                          Entropy (8bit):6.359497559075484
                                          Encrypted:false
                                          SSDEEP:48:fpR5S3+zeUGvxFynSMYge35pL2NoY2j7egbtPD:FsmUbySMZe3tYMim9D
                                          MD5:7114097CEFFD6A0DD7DAB0625E54BC87
                                          SHA1:77E56A3D1AE8039AC79256B337724B6ED656F030
                                          SHA-256:8582ED879B01D9A14DA685AAA672860EEB81241DFBDED9EDEC4AD734D30FEE53
                                          SHA-512:1DBB94BD11BFEDB1BD9589E41106E2DD0621182D91D544C9DF0945445D587CBF215CC490289DCE66B94AC20846F2DA216899DE8BBA6A4F106FB6EDB27EE423C6
                                          Malicious:false
                                          Preview:mozLz40.:.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":7,"docshellUU...D"{4c0950f2-602b-40c5-9ed4-e4bf10ee3aef}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":8,"persist":true}],"lastAccessed":1725588787762,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."normal"...BeforeMinimiz...#..workspace4...98952893-68ff-4a5d-a164-705c709ed3db","z>..1...W...f...........4....1":{..mUpdate...startTim..P49813...centCrash..B0},".....Dcook+. ho]..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..`"taarI'.bsecure...,..Donly..fexpiry..

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:Mozilla lz4 compressed data, originally 5946 bytes
                                          Category:dropped
                                          Size (bytes):1597
                                          Entropy (8bit):6.359497559075484
                                          Encrypted:false
                                          SSDEEP:48:fpR5S3+zeUGvxFynSMYge35pL2NoY2j7egbtPD:FsmUbySMZe3tYMim9D
                                          MD5:7114097CEFFD6A0DD7DAB0625E54BC87
                                          SHA1:77E56A3D1AE8039AC79256B337724B6ED656F030
                                          SHA-256:8582ED879B01D9A14DA685AAA672860EEB81241DFBDED9EDEC4AD734D30FEE53
                                          SHA-512:1DBB94BD11BFEDB1BD9589E41106E2DD0621182D91D544C9DF0945445D587CBF215CC490289DCE66B94AC20846F2DA216899DE8BBA6A4F106FB6EDB27EE423C6
                                          Malicious:false
                                          Preview:mozLz40.:.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":7,"docshellUU...D"{4c0950f2-602b-40c5-9ed4-e4bf10ee3aef}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":8,"persist":true}],"lastAccessed":1725588787762,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."normal"...BeforeMinimiz...#..workspace4...98952893-68ff-4a5d-a164-705c709ed3db","z>..1...W...f...........4....1":{..mUpdate...startTim..P49813...centCrash..B0},".....Dcook+. ho]..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..`"taarI'.bsecure...,..Donly..fexpiry..

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:Mozilla lz4 compressed data, originally 5946 bytes
                                          Category:dropped
                                          Size (bytes):1597
                                          Entropy (8bit):6.359497559075484
                                          Encrypted:false
                                          SSDEEP:48:fpR5S3+zeUGvxFynSMYge35pL2NoY2j7egbtPD:FsmUbySMZe3tYMim9D
                                          MD5:7114097CEFFD6A0DD7DAB0625E54BC87
                                          SHA1:77E56A3D1AE8039AC79256B337724B6ED656F030
                                          SHA-256:8582ED879B01D9A14DA685AAA672860EEB81241DFBDED9EDEC4AD734D30FEE53
                                          SHA-512:1DBB94BD11BFEDB1BD9589E41106E2DD0621182D91D544C9DF0945445D587CBF215CC490289DCE66B94AC20846F2DA216899DE8BBA6A4F106FB6EDB27EE423C6
                                          Malicious:false
                                          Preview:mozLz40.:.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":7,"docshellUU...D"{4c0950f2-602b-40c5-9ed4-e4bf10ee3aef}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":8,"persist":true}],"lastAccessed":1725588787762,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."normal"...BeforeMinimiz...#..workspace4...98952893-68ff-4a5d-a164-705c709ed3db","z>..1...W...f...........4....1":{..mUpdate...startTim..P49813...centCrash..B0},".....Dcook+. ho]..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..`"taarI'.bsecure...,..Donly..fexpiry..

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage.sqlite

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                          Category:dropped
                                          Size (bytes):4096
                                          Entropy (8bit):2.0836444556178684
                                          Encrypted:false
                                          SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                          MD5:8B40B1534FF0F4B533AF767EB5639A05
                                          SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                          SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                          SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):4537
                                          Entropy (8bit):5.029991458102834
                                          Encrypted:false
                                          SSDEEP:96:ycfMTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:aTEr5NX0z3DhRe
                                          MD5:70ED32F8F958C41DBF025BCBC603196A
                                          SHA1:885EE54EA3DC2FEF42FBC2FAB19F0E4348E41131
                                          SHA-256:7F4978B687D8D55858EBE5B5415978C7DBCBBBC5D4DD7A61AB9DF77BDEBFAEDD
                                          SHA-512:3B80EDECF4BD189BA77353BEFFAEB0DF41048F1EC28344DF1F7C7B3394953736B7DB2D6B789245D612E4BB872FF95650F3E824FEE2659109F77377A349A50A7A
                                          Malicious:false
                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-09-06T02:12:53.714Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):4537
                                          Entropy (8bit):5.029991458102834
                                          Encrypted:false
                                          SSDEEP:96:ycfMTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:aTEr5NX0z3DhRe
                                          MD5:70ED32F8F958C41DBF025BCBC603196A
                                          SHA1:885EE54EA3DC2FEF42FBC2FAB19F0E4348E41131
                                          SHA-256:7F4978B687D8D55858EBE5B5415978C7DBCBBBC5D4DD7A61AB9DF77BDEBFAEDD
                                          SHA-512:3B80EDECF4BD189BA77353BEFFAEB0DF41048F1EC28344DF1F7C7B3394953736B7DB2D6B789245D612E4BB872FF95650F3E824FEE2659109F77377A349A50A7A
                                          Malicious:false
                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-09-06T02:12:53.714Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\xulstore.json (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):138
                                          Entropy (8bit):4.508320854687134
                                          Encrypted:false
                                          SSDEEP:3:YGNDhK6c2us1pNGHfYS8dJ8KgfHVEBQulvhJBAuqRrHvN+M4fHhY:YGNTG/SJ8Kgf1Epv54rH0vHhY
                                          MD5:3D077488383DEAFEC70CCB166831D6F9
                                          SHA1:86CEAB4DE0AA8937A5AB50CE230C8F8335687B04
                                          SHA-256:D7AD2ADEBD1FD25B9A749DF2AF8E8FC4185CBBDDF321C07D07FD34C240FDE8CE
                                          SHA-512:C70A8F7D761DAFA78F38335B4714376C1348C7C781E3D6C98E93481A3469EE5E34D3AA10F4D78C1C48C8CB5C903677E8A74A733299150F8EB3996A64979FF51B
                                          Malicious:false
                                          Preview:{"chrome://browser/content/browser.xhtml":{"main-window":{"sizemode":"normal","screenX":"4","screenY":"4","width":"1164","height":"891"}}}

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\xulstore.json.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):138
                                          Entropy (8bit):4.508320854687134
                                          Encrypted:false
                                          SSDEEP:3:YGNDhK6c2us1pNGHfYS8dJ8KgfHVEBQulvhJBAuqRrHvN+M4fHhY:YGNTG/SJ8Kgf1Epv54rH0vHhY
                                          MD5:3D077488383DEAFEC70CCB166831D6F9
                                          SHA1:86CEAB4DE0AA8937A5AB50CE230C8F8335687B04
                                          SHA-256:D7AD2ADEBD1FD25B9A749DF2AF8E8FC4185CBBDDF321C07D07FD34C240FDE8CE
                                          SHA-512:C70A8F7D761DAFA78F38335B4714376C1348C7C781E3D6C98E93481A3469EE5E34D3AA10F4D78C1C48C8CB5C903677E8A74A733299150F8EB3996A64979FF51B
                                          Malicious:false
                                          Preview:{"chrome://browser/content/browser.xhtml":{"main-window":{"sizemode":"normal","screenX":"4","screenY":"4","width":"1164","height":"891"}}}

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Entropy (8bit):6.57959621311506
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:file.exe
                                          File size:917'504 bytes
                                          MD5:4a647aa681909bc4be4a392f39383151
                                          SHA1:cdaf58d4742cfb50ebd37c079562d8c714167638
                                          SHA256:2782b25644d705939d9b5f0138b2c6a45c9b82238154ada115307dc3e98cc76b
                                          SHA512:28f6196d6d5994a349e9f10693ca27752f842deec3cea90621e4f35dc39ae2b106d16098e14d7a25252c4852a1402fb0f7fc5ddd3b7d60341f0a4195e50e95c6
                                          SSDEEP:12288:rqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarT3:rqDEvCTbMWu7rQYlBQcBiT6rprG8av3
                                          TLSH:5E159E0273D1C062FF9B92334B5AF6515BBC69260123E61F13A81DB9BE701B1563E7A3
                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                          File Icon

                                          Icon Hash:aaf3e3e3938382a0

                                          Static PE Info

                                          General

                                          Entrypoint:0x420577
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                          Time Stamp:0x66DA52D3 [Fri Sep 6 00:54:43 2024 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:5
                                          OS Version Minor:1
                                          File Version Major:5
                                          File Version Minor:1
                                          Subsystem Version Major:5
                                          Subsystem Version Minor:1
                                          Import Hash:948cc502fe9226992dce9417f952fce3

                                          Entrypoint Preview

                                          Instruction
                                          call 00007FF040E6FD53h
                                          jmp 00007FF040E6F65Fh
                                          push ebp
                                          mov ebp, esp
                                          push esi
                                          push dword ptr [ebp+08h]
                                          mov esi, ecx
                                          call 00007FF040E6F83Dh
                                          mov dword ptr [esi], 0049FDF0h
                                          mov eax, esi
                                          pop esi
                                          pop ebp
                                          retn 0004h
                                          and dword ptr [ecx+04h], 00000000h
                                          mov eax, ecx
                                          and dword ptr [ecx+08h], 00000000h
                                          mov dword ptr [ecx+04h], 0049FDF8h
                                          mov dword ptr [ecx], 0049FDF0h
                                          ret
                                          push ebp
                                          mov ebp, esp
                                          push esi
                                          push dword ptr [ebp+08h]
                                          mov esi, ecx
                                          call 00007FF040E6F80Ah
                                          mov dword ptr [esi], 0049FE0Ch
                                          mov eax, esi
                                          pop esi
                                          pop ebp
                                          retn 0004h
                                          and dword ptr [ecx+04h], 00000000h
                                          mov eax, ecx
                                          and dword ptr [ecx+08h], 00000000h
                                          mov dword ptr [ecx+04h], 0049FE14h
                                          mov dword ptr [ecx], 0049FE0Ch
                                          ret
                                          push ebp
                                          mov ebp, esp
                                          push esi
                                          mov esi, ecx
                                          lea eax, dword ptr [esi+04h]
                                          mov dword ptr [esi], 0049FDD0h
                                          and dword ptr [eax], 00000000h
                                          and dword ptr [eax+04h], 00000000h
                                          push eax
                                          mov eax, dword ptr [ebp+08h]
                                          add eax, 04h
                                          push eax
                                          call 00007FF040E723FDh
                                          pop ecx
                                          pop ecx
                                          mov eax, esi
                                          pop esi
                                          pop ebp
                                          retn 0004h
                                          lea eax, dword ptr [ecx+04h]
                                          mov dword ptr [ecx], 0049FDD0h
                                          push eax
                                          call 00007FF040E72448h
                                          pop ecx
                                          ret
                                          push ebp
                                          mov ebp, esp
                                          push esi
                                          mov esi, ecx
                                          lea eax, dword ptr [esi+04h]
                                          mov dword ptr [esi], 0049FDD0h
                                          push eax
                                          call 00007FF040E72431h
                                          test byte ptr [ebp+08h], 00000001h
                                          pop ecx

                                          Rich Headers

                                          Programming Language:
                                          • [ C ] VS2008 SP1 build 30729
                                          • [IMP] VS2008 SP1 build 30729

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .rsrc0xd40000x95000x9600cd39873ced8037ed0771a5b533b03a66False0.2810416666666667data5.16096697312923IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                          RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                          RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                          RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                          RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                          RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                          RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                          RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                          RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                          RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                          RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                          RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                          RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                          RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                          RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                          RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                          RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                          RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                          RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                          RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                          RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                          RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                          RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                          RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                          RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                          RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                          Imports

                                          DLLImport
                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                          PSAPI.DLLGetProcessMemoryInfo
                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                          UxTheme.dllIsThemeActive
                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          EnglishGreat Britain

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Sep 6, 2024 02:56:52.108830929 CEST49675443192.168.2.523.1.237.91
                                          Sep 6, 2024 02:56:52.108913898 CEST49674443192.168.2.523.1.237.91
                                          Sep 6, 2024 02:56:52.202574015 CEST49673443192.168.2.523.1.237.91
                                          Sep 6, 2024 02:56:59.144531012 CEST49710443192.168.2.594.245.104.56
                                          Sep 6, 2024 02:56:59.144575119 CEST4434971094.245.104.56192.168.2.5
                                          Sep 6, 2024 02:56:59.144637108 CEST49710443192.168.2.594.245.104.56
                                          Sep 6, 2024 02:56:59.164036989 CEST49710443192.168.2.594.245.104.56
                                          Sep 6, 2024 02:56:59.164052010 CEST4434971094.245.104.56192.168.2.5
                                          Sep 6, 2024 02:56:59.948652029 CEST4434971094.245.104.56192.168.2.5
                                          Sep 6, 2024 02:56:59.949863911 CEST49710443192.168.2.594.245.104.56
                                          Sep 6, 2024 02:56:59.949872017 CEST4434971094.245.104.56192.168.2.5
                                          Sep 6, 2024 02:56:59.950797081 CEST4434971094.245.104.56192.168.2.5
                                          Sep 6, 2024 02:56:59.950858116 CEST49710443192.168.2.594.245.104.56
                                          Sep 6, 2024 02:56:59.955307007 CEST49710443192.168.2.594.245.104.56
                                          Sep 6, 2024 02:56:59.955368042 CEST4434971094.245.104.56192.168.2.5
                                          Sep 6, 2024 02:56:59.956083059 CEST49710443192.168.2.594.245.104.56
                                          Sep 6, 2024 02:56:59.956089020 CEST4434971094.245.104.56192.168.2.5
                                          Sep 6, 2024 02:57:00.080455065 CEST49710443192.168.2.594.245.104.56
                                          Sep 6, 2024 02:57:00.183944941 CEST4434971094.245.104.56192.168.2.5
                                          Sep 6, 2024 02:57:00.184443951 CEST4434971094.245.104.56192.168.2.5
                                          Sep 6, 2024 02:57:00.184504032 CEST49710443192.168.2.594.245.104.56
                                          Sep 6, 2024 02:57:00.287930012 CEST49710443192.168.2.594.245.104.56
                                          Sep 6, 2024 02:57:00.287949085 CEST4434971094.245.104.56192.168.2.5
                                          Sep 6, 2024 02:57:01.076770067 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:01.076790094 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:01.076854944 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:01.077334881 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:01.077347040 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:01.345321894 CEST49722443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:01.345362902 CEST4434972235.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:01.345418930 CEST49722443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:01.353140116 CEST49722443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:01.353162050 CEST4434972235.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:01.751727104 CEST49675443192.168.2.523.1.237.91
                                          Sep 6, 2024 02:57:01.788336992 CEST49674443192.168.2.523.1.237.91
                                          Sep 6, 2024 02:57:01.805538893 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:01.805998087 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:01.806022882 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:01.806621075 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:01.806631088 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:01.807295084 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:01.812499046 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:01.817760944 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:01.819437981 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:01.819649935 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:01.819654942 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:01.820158005 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:01.820497990 CEST4434972235.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:01.821579933 CEST49722443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:01.828191042 CEST49722443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:01.828197956 CEST4434972235.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:01.828355074 CEST4434972235.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:01.828382015 CEST49722443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:01.828387976 CEST4434972235.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:01.829186916 CEST49723443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:01.829221010 CEST4434972335.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:01.829488993 CEST49723443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:01.831974030 CEST49723443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:01.831986904 CEST4434972335.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:01.941770077 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:01.941772938 CEST49673443192.168.2.523.1.237.91
                                          Sep 6, 2024 02:57:01.941783905 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.032504082 CEST4434972235.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:02.032840014 CEST49722443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:02.048446894 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.070638895 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.070678949 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.073623896 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.073654890 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.079854965 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.079881907 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.080562115 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.080576897 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.083484888 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.086098909 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.091686010 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.091695070 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.092340946 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.095443964 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.095452070 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.098519087 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.103900909 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.103909016 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.104837894 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.107804060 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.107810020 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.111047029 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.111864090 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.111871004 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.158819914 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.159358025 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.159384012 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.159589052 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.159601927 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.165577888 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.171756029 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.171828032 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.174798965 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.174808979 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.178282976 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.184374094 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.185117960 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.190581083 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.190618992 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.191099882 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.191109896 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.196768045 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.202972889 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.203020096 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.206239939 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.206250906 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.208779097 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.214211941 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.214245081 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.219633102 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.219677925 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.221324921 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.221334934 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.225060940 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.230422974 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.230429888 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.230586052 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.231194019 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.231199980 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.235805988 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.238698959 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.238704920 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.241210938 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.241307020 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.241313934 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.247001886 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.250710964 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.250718117 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.253799915 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.258533001 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.258569002 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.259589911 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.259620905 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.262379885 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.262418032 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.265506983 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.265583038 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.267865896 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.267865896 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.267879963 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.270075083 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.272131920 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.272190094 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.275502920 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.275530100 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.279105902 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.279144049 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.280258894 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.280267954 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.282788992 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.283526897 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.283535957 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.286371946 CEST4434972335.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:02.288033009 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.288065910 CEST49723443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:02.290668964 CEST49723443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:02.290668964 CEST49723443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:02.290678024 CEST4434972335.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:02.290860891 CEST4434972335.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:02.290891886 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.290899038 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.291877031 CEST49723443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:02.291891098 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.294064999 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.294101954 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.294136047 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.294145107 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.295697927 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.296453953 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.299817085 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.299849987 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.303236961 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.303266048 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.306700945 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.306739092 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.308726072 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.308736086 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.310239077 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.312659979 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.312668085 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.313782930 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.316586018 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.316591978 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.317009926 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.320173025 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.320197105 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.323369026 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.323474884 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.326394081 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.326427937 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.326456070 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.328376055 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.328388929 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.329590082 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.332469940 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.332484007 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.332683086 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.347475052 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.400116920 CEST49721443192.168.2.5142.250.181.225
                                          Sep 6, 2024 02:57:02.400135040 CEST44349721142.250.181.225192.168.2.5
                                          Sep 6, 2024 02:57:02.871486902 CEST49729443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:02.871525049 CEST44349729184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:02.871594906 CEST49729443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:02.873126984 CEST49729443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:02.873142004 CEST44349729184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:03.090457916 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:03.090500116 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.095820904 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:03.096492052 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:03.096507072 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.196523905 CEST4973580192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:03.204514027 CEST804973534.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:03.205562115 CEST4973580192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:03.206192970 CEST4973580192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:03.211057901 CEST804973534.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:03.508701086 CEST4434970323.1.237.91192.168.2.5
                                          Sep 6, 2024 02:57:03.512960911 CEST49703443192.168.2.523.1.237.91
                                          Sep 6, 2024 02:57:03.531611919 CEST44349729184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:03.531687975 CEST49729443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:03.536895990 CEST49729443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:03.536914110 CEST44349729184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:03.537149906 CEST44349729184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:03.584212065 CEST49729443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:03.628526926 CEST44349729184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:03.649467945 CEST804973534.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:03.691518068 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:03.691560984 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.691637039 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:03.691843987 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:03.691859007 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.771210909 CEST4973580192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:03.772384882 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.783454895 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:03.783472061 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.784512043 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.784574032 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:03.785643101 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:03.785712957 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.785815001 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:03.809201956 CEST44349729184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:03.809259892 CEST44349729184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:03.809582949 CEST49729443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:03.809739113 CEST49729443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:03.809756041 CEST44349729184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:03.809767008 CEST49729443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:03.809773922 CEST44349729184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:03.832511902 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.887089968 CEST49739443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:03.887121916 CEST44349739184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:03.889641047 CEST49739443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:03.890074968 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.890084982 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.890094995 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.890127897 CEST49739443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:03.890141010 CEST44349739184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:03.890199900 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:03.890216112 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.890223980 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.890271902 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:03.972573996 CEST49741443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:03.972596884 CEST44349741172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:03.972765923 CEST49742443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:03.972791910 CEST44349742162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:03.974246979 CEST49742443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:03.974247932 CEST49741443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:03.974714994 CEST49742443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:03.974728107 CEST44349742162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:03.974869967 CEST49741443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:03.974881887 CEST44349741172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:03.977956057 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.977966070 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.977982998 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.977989912 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.978013992 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.978024960 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.979726076 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.979733944 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.979753017 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.979758978 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.979764938 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.979789019 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.984795094 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:03.985563040 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:03.985573053 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:03.985920906 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:03.985954046 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:03.997497082 CEST49743443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:03.997509956 CEST44349743162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:03.997891903 CEST49743443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:03.998404026 CEST49743443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:03.998409986 CEST44349743162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.071217060 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.071224928 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.071254015 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.071268082 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.071276903 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.071295977 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.071305990 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.071352005 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.072654009 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.072660923 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.072688103 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.072695971 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.074573994 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.074580908 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.074595928 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.074601889 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.075193882 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.075203896 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.076370001 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.076394081 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.076404095 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.076426983 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.077167988 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.077327013 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.077333927 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.090183020 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.094311953 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.162081003 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.162091017 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.162110090 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.162121058 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.162388086 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.162395000 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.162425995 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.162441015 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.162954092 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.162961960 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170366049 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.170386076 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170408964 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170466900 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170600891 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.170610905 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170619965 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170641899 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170784950 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.170797110 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170809031 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170825958 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.170835972 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170846939 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170866013 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170865059 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.170881033 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170891047 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170901060 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.170913935 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.170917988 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170933008 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170948029 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.170958042 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.170983076 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.171359062 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.251893044 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.251914024 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.252645016 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.252697945 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.252932072 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.252948046 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.253122091 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.253133059 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.253146887 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.253165960 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.254689932 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.254700899 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.254909992 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.254916906 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.254930973 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.255311012 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.255356073 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.255422115 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.255970001 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.257045031 CEST49732443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.257059097 CEST4434973213.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.344728947 CEST49745443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.344753981 CEST4434974513.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.346787930 CEST49745443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.347310066 CEST49745443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.347321987 CEST4434974513.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.360322952 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.361790895 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.361803055 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.362884998 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.363666058 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.365798950 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.365864992 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.365917921 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.408489943 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.440772057 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.440781116 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.442400932 CEST44349742162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.442925930 CEST44349741172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:04.453150034 CEST49746443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:04.453186989 CEST4434974634.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:04.454447985 CEST49742443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:04.454457045 CEST44349742162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.455569029 CEST44349742162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.456178904 CEST44349743162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.456845045 CEST49746443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:04.458558083 CEST49746443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:04.458568096 CEST4434974634.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:04.460884094 CEST49741443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:04.460892916 CEST44349741172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:04.461899996 CEST44349741172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:04.462208033 CEST49742443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:04.462426901 CEST49743443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:04.462440968 CEST44349743162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.463342905 CEST49742443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:04.463416100 CEST44349742162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.463526964 CEST49742443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:04.463558912 CEST44349743162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.464345932 CEST49741443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:04.465533972 CEST49741443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:04.465605974 CEST44349741172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:04.465667963 CEST49741443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:04.467101097 CEST49743443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:04.468023062 CEST49743443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:04.468122959 CEST44349743162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.468162060 CEST49743443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:04.469840050 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.469849110 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.469877005 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.469888926 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.469903946 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.471236944 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.471247911 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.475384951 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.480159998 CEST49747443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:04.480216026 CEST4434974734.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:04.480567932 CEST49748443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:04.480612040 CEST4434974835.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:04.488342047 CEST49747443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:04.488357067 CEST49748443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:04.496325970 CEST49747443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:04.496345043 CEST4434974734.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:04.496433020 CEST49748443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:04.496448994 CEST4434974835.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:04.504503965 CEST44349742162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.508507013 CEST44349741172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:04.512504101 CEST44349743162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.526196003 CEST44349739184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:04.536505938 CEST44349739184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:04.546726942 CEST49739443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:04.549788952 CEST49742443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:04.549803972 CEST44349742162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.552355051 CEST49739443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:04.559395075 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.559403896 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.559427977 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.559436083 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.564532042 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.564541101 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.564567089 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.566255093 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.566271067 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.567790985 CEST44349742162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.569361925 CEST44349741172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:04.579132080 CEST49741443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:04.579132080 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.579132080 CEST49743443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:04.579154968 CEST44349743162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.584012032 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.585161924 CEST44349743162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.586911917 CEST49742443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:04.587038040 CEST49741443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:04.587038040 CEST49743443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:04.590130091 CEST49743443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:04.590143919 CEST44349743162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.590472937 CEST49741443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:04.590477943 CEST44349741172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:04.590581894 CEST49742443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:04.590590000 CEST44349742162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:04.603787899 CEST49739443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:04.603806019 CEST44349739184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:04.604099035 CEST44349739184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:04.646339893 CEST49739443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:04.649873018 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.649889946 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.650532007 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.650605917 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.678051949 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.681898117 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.682008982 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.688503027 CEST44349739184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:04.689141989 CEST4974980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:04.693382025 CEST49736443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:04.693403006 CEST4434973613.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:04.693907976 CEST804974934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:04.708969116 CEST4974980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:04.708969116 CEST4974980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:04.713716984 CEST804974934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:04.831134081 CEST44349739184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:04.831208944 CEST44349739184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:04.856504917 CEST44349739184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:04.864207983 CEST49739443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:04.889858007 CEST49739443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:04.935383081 CEST4434974634.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:04.952503920 CEST4434974634.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:04.964016914 CEST4434974835.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:04.964031935 CEST4434974835.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:04.971700907 CEST49746443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:04.982846022 CEST4434974734.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:04.982861042 CEST4434974734.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:04.988497972 CEST4434974835.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:04.989955902 CEST49746443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:05.004498005 CEST4434974734.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:05.008218050 CEST4434974513.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:05.020181894 CEST49748443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:05.034128904 CEST49747443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:05.040602922 CEST49748443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:05.040617943 CEST4434974835.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:05.040940046 CEST4434974835.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:05.042759895 CEST49748443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:05.070451975 CEST49747443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:05.071194887 CEST49746443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:05.071204901 CEST4434974634.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:05.071266890 CEST49746443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:05.071441889 CEST4434974634.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:05.071932077 CEST49748443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:05.071997881 CEST49748443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:05.072107077 CEST4434974835.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:05.073405981 CEST49747443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:05.073412895 CEST4434974734.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:05.073520899 CEST49747443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:05.073631048 CEST4434974734.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:05.073870897 CEST49750443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:05.073898077 CEST4434975034.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:05.096489906 CEST4434974835.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:05.109020948 CEST49748443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:05.111454010 CEST49746443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:05.111469030 CEST49748443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:05.111511946 CEST49747443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:05.111526966 CEST49748443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:05.111546040 CEST49750443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:05.112977028 CEST49750443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:05.112993002 CEST4434975034.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:05.117063999 CEST49745443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:05.117091894 CEST4434974513.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:05.117516994 CEST4434974513.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:05.119282961 CEST49751443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.119306087 CEST44349751172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.119992971 CEST49752443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.120001078 CEST44349752172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.125924110 CEST49751443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.126039028 CEST49752443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.127155066 CEST49745443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:05.127233982 CEST4434974513.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:05.127332926 CEST49752443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.127345085 CEST44349752172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.127432108 CEST49751443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.127438068 CEST44349751172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.127537012 CEST49745443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:05.154719114 CEST49739443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:05.154742002 CEST44349739184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:05.154758930 CEST49739443192.168.2.5184.28.90.27
                                          Sep 6, 2024 02:57:05.154766083 CEST44349739184.28.90.27192.168.2.5
                                          Sep 6, 2024 02:57:05.165410995 CEST804974934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:05.172508955 CEST4434974513.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:05.220885038 CEST49753443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.220915079 CEST4434975313.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.221000910 CEST49754443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.221009016 CEST4434975413.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.221287966 CEST49755443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.221313953 CEST4434975513.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.221369982 CEST49756443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.221378088 CEST4434975613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.221626043 CEST49753443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.221631050 CEST49755443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.221651077 CEST49756443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.221651077 CEST49754443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.222316027 CEST49757443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.222326040 CEST4434975713.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.222492933 CEST49753443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.222507000 CEST4434975313.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.222604036 CEST49754443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.222615004 CEST4434975413.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.222704887 CEST49755443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.222714901 CEST4434975513.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.222852945 CEST49756443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.222861052 CEST4434975613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.223160982 CEST49757443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.223323107 CEST49757443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.223347902 CEST4434975713.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.227982044 CEST4434974513.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:05.228404999 CEST4434974513.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:05.231344938 CEST49745443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:05.233366013 CEST49745443192.168.2.513.107.246.60
                                          Sep 6, 2024 02:57:05.233386993 CEST4434974513.107.246.60192.168.2.5
                                          Sep 6, 2024 02:57:05.233683109 CEST49758443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.233691931 CEST4434975813.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.234868050 CEST49758443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.235048056 CEST49758443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.235058069 CEST4434975813.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.270582914 CEST4974980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:05.583796024 CEST4434975034.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:05.583811045 CEST4434975034.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:05.584192991 CEST49750443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:05.586239100 CEST44349751172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.587025881 CEST49751443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.587045908 CEST44349751172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.587399960 CEST44349751172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.588145971 CEST49750443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:05.588160992 CEST4434975034.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:05.588255882 CEST49750443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:05.588335037 CEST4434975034.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:05.588916063 CEST49750443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:05.589263916 CEST49751443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.589329004 CEST44349751172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.590954065 CEST44349752172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.591500044 CEST49752443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.591507912 CEST44349752172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.591876030 CEST44349752172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.592204094 CEST49752443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.592276096 CEST44349752172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.673240900 CEST49752443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.738967896 CEST49751443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.857009888 CEST4434975413.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.857266903 CEST49754443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.857297897 CEST4434975413.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.857669115 CEST4434975413.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.858007908 CEST49754443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.858068943 CEST4434975413.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.858144045 CEST49754443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.868922949 CEST4434975513.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.869261980 CEST49755443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.869276047 CEST4434975513.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.869606018 CEST4434975313.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.869793892 CEST49753443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.869802952 CEST4434975313.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.870182037 CEST4434975313.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.870282888 CEST4434975513.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.870502949 CEST49753443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.870582104 CEST4434975313.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.870630980 CEST49753443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.870718002 CEST49755443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.871119022 CEST49755443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.871176958 CEST4434975513.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.871241093 CEST49755443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.871248007 CEST4434975513.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.878815889 CEST4434975813.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.879441977 CEST49758443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.879448891 CEST4434975813.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.880420923 CEST4434975813.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.880553007 CEST49758443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.880897999 CEST49758443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.880953074 CEST4434975813.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.881009102 CEST49758443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.889712095 CEST4434975613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.892014027 CEST49756443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.892021894 CEST4434975613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.892982006 CEST4434975613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.893996000 CEST49756443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.894579887 CEST49756443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.894638062 CEST4434975613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.894691944 CEST49756443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.904496908 CEST4434975413.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.910495043 CEST4974980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:05.910518885 CEST4973580192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:05.915656090 CEST804974934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:05.915966988 CEST804973534.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:05.916502953 CEST4434975313.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.917511940 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:05.919253111 CEST4974980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:05.919259071 CEST4973580192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:05.922312021 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:05.922914028 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:05.928502083 CEST4434975813.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.930128098 CEST49760443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:05.930166960 CEST44349760142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:05.933608055 CEST49760443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:05.934026957 CEST49760443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:05.934039116 CEST44349760142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:05.940504074 CEST4434975613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.955338001 CEST4434975413.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.955573082 CEST4434975413.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.957680941 CEST49754443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.958740950 CEST49754443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.958753109 CEST4434975413.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.959032059 CEST49761443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.959058046 CEST4434976113.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.960760117 CEST49761443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.961199999 CEST49761443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.961211920 CEST4434976113.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.974678993 CEST4434975513.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.974735975 CEST4434975513.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.974827051 CEST4434975313.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.974894047 CEST4434975313.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.975276947 CEST49753443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.975280046 CEST49755443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.976716995 CEST49753443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.976723909 CEST4434975313.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.977078915 CEST49755443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.977089882 CEST4434975513.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.985894918 CEST4434975813.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.985945940 CEST4434975813.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.985982895 CEST49758443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.986299038 CEST49758443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.993792057 CEST49758443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.993803024 CEST4434975813.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.998218060 CEST4434975613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.998274088 CEST49756443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:05.998281002 CEST4434975613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.998326063 CEST4434975613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:05.998847961 CEST49756443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:06.008547068 CEST49756443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:06.008554935 CEST4434975613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:06.035320044 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:06.035768986 CEST49762443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:06.035803080 CEST4434976234.160.144.191192.168.2.5
                                          Sep 6, 2024 02:57:06.038784027 CEST49762443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:06.038932085 CEST49762443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:06.038944006 CEST4434976234.160.144.191192.168.2.5
                                          Sep 6, 2024 02:57:06.040107965 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:06.105380058 CEST49764443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:06.105391979 CEST4434976434.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:06.111920118 CEST49764443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:06.113414049 CEST49764443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:06.113429070 CEST4434976434.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:06.374572039 CEST49760443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:06.374769926 CEST49751443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.374808073 CEST49752443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.374861956 CEST44349751172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.374862909 CEST49757443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:06.374875069 CEST44349752172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.374898911 CEST49761443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:06.375056982 CEST44349751172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.375066042 CEST44349752172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.375111103 CEST49751443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.375111103 CEST49752443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.375123978 CEST49751443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.375143051 CEST49752443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.375313044 CEST49765443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:06.375336885 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:06.375633001 CEST49766443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:06.375643015 CEST4434976613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:06.376045942 CEST49767443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:06.376065016 CEST4434976713.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:06.376396894 CEST49765443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:06.376413107 CEST49767443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:06.376425982 CEST49766443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:06.377438068 CEST49767443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:06.377451897 CEST4434976713.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:06.377532959 CEST49766443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:06.377541065 CEST4434976613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:06.377618074 CEST49765443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:06.377624989 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:06.383682013 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:06.406513929 CEST44349760142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:06.406625986 CEST44349760142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:06.409249067 CEST49760443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:06.409276962 CEST49760443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:06.420500040 CEST4434976113.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:06.420511007 CEST4434975713.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:06.476965904 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:06.526333094 CEST4434976234.160.144.191192.168.2.5
                                          Sep 6, 2024 02:57:06.528373957 CEST49762443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:06.534262896 CEST49762443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:06.534277916 CEST4434976234.160.144.191192.168.2.5
                                          Sep 6, 2024 02:57:06.534620047 CEST4434976234.160.144.191192.168.2.5
                                          Sep 6, 2024 02:57:06.536271095 CEST49762443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:06.536401033 CEST49762443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:06.536444902 CEST4434976234.160.144.191192.168.2.5
                                          Sep 6, 2024 02:57:06.536724091 CEST49768443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:06.536746979 CEST4434976834.160.144.191192.168.2.5
                                          Sep 6, 2024 02:57:06.537383080 CEST49762443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:06.537398100 CEST49762443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:06.537436962 CEST49768443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:06.537585974 CEST49768443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:06.537597895 CEST4434976834.160.144.191192.168.2.5
                                          Sep 6, 2024 02:57:06.593974113 CEST4434976434.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:06.593987942 CEST4434976434.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:06.596121073 CEST49764443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:06.600656986 CEST49764443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:06.600663900 CEST4434976434.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:06.600769043 CEST49764443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:06.600821018 CEST4434976434.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:06.601136923 CEST49769443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:06.601180077 CEST4434976934.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:06.601238966 CEST49764443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:06.601264000 CEST49769443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:06.602586031 CEST49769443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:06.602600098 CEST4434976934.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:06.604334116 CEST4434976113.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:06.604443073 CEST4434976113.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:06.604669094 CEST49761443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:06.604669094 CEST49761443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:06.839739084 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:06.846782923 CEST49765443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:06.846801043 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:06.847234964 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:06.847407103 CEST49765443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:06.847994089 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:06.848107100 CEST49765443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:06.849150896 CEST49765443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:06.849216938 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:06.849330902 CEST49765443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:06.896503925 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:06.916132927 CEST49770443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:06.916174889 CEST44349770142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:06.917217016 CEST49770443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:06.926671028 CEST49770443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:06.926687002 CEST44349770142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:06.962804079 CEST4434976713.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:06.973522902 CEST49765443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:06.973541975 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.008821011 CEST49767443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:07.008836031 CEST4434976713.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.009321928 CEST4434976713.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.009805918 CEST49771443192.168.2.5152.195.19.97
                                          Sep 6, 2024 02:57:07.009839058 CEST44349771152.195.19.97192.168.2.5
                                          Sep 6, 2024 02:57:07.010412931 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.010452986 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.010483980 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.010526896 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.011434078 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.011476040 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.015177011 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.019025087 CEST49765443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:07.019027948 CEST49771443192.168.2.5152.195.19.97
                                          Sep 6, 2024 02:57:07.019042015 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.019049883 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.019197941 CEST4434976834.160.144.191192.168.2.5
                                          Sep 6, 2024 02:57:07.024158001 CEST49771443192.168.2.5152.195.19.97
                                          Sep 6, 2024 02:57:07.024173975 CEST44349771152.195.19.97192.168.2.5
                                          Sep 6, 2024 02:57:07.028501987 CEST4434976834.160.144.191192.168.2.5
                                          Sep 6, 2024 02:57:07.033973932 CEST49765443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:07.033997059 CEST49765443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:07.045793056 CEST49768443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:07.048091888 CEST4434976613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.049004078 CEST49768443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:07.049010038 CEST4434976834.160.144.191192.168.2.5
                                          Sep 6, 2024 02:57:07.049266100 CEST4434976834.160.144.191192.168.2.5
                                          Sep 6, 2024 02:57:07.052206993 CEST49768443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:07.052290916 CEST49768443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:07.052360058 CEST4434976834.160.144.191192.168.2.5
                                          Sep 6, 2024 02:57:07.056504011 CEST4434976834.160.144.191192.168.2.5
                                          Sep 6, 2024 02:57:07.063196898 CEST49768443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:07.063196898 CEST49768443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:07.063196898 CEST49768443192.168.2.534.160.144.191
                                          Sep 6, 2024 02:57:07.070939064 CEST49766443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:07.070952892 CEST4434976613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.071382999 CEST4434976613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.076603889 CEST49772443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.076628923 CEST44349772142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.076836109 CEST49767443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:07.076936960 CEST49766443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:07.076944113 CEST4434976713.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.077018023 CEST4434976613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.078052998 CEST49767443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:07.078149080 CEST49766443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:07.080012083 CEST49772443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.083887100 CEST49772443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.083899975 CEST44349772142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.096916914 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.096952915 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.097029924 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.097419977 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.097455025 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.097501993 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.097527027 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.097569942 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.097598076 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.098131895 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.098706961 CEST49765443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:07.098718882 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.098769903 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.107755899 CEST49765443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:07.113287926 CEST4434976934.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:07.114878893 CEST49769443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:07.124505997 CEST4434976613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.124506950 CEST4434976713.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.125829935 CEST49769443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:07.125849962 CEST4434976934.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:07.125921965 CEST49769443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:07.125991106 CEST4434976934.117.188.166192.168.2.5
                                          Sep 6, 2024 02:57:07.126744032 CEST49769443192.168.2.534.117.188.166
                                          Sep 6, 2024 02:57:07.132239103 CEST49765443192.168.2.5142.250.72.110
                                          Sep 6, 2024 02:57:07.132265091 CEST44349765142.250.72.110192.168.2.5
                                          Sep 6, 2024 02:57:07.174148083 CEST4434976713.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.174541950 CEST4434976713.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.174907923 CEST4434976613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.175244093 CEST4434976613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.175668955 CEST49767443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:07.175709009 CEST49766443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:07.175709009 CEST49767443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:07.341377974 CEST4434975713.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.341490030 CEST4434975713.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.348104954 CEST49757443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:07.348104954 CEST49757443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:07.394342899 CEST44349770142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.440043926 CEST49770443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.549118042 CEST44349772142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.600764990 CEST44349771152.195.19.97192.168.2.5
                                          Sep 6, 2024 02:57:07.651717901 CEST49771443192.168.2.5152.195.19.97
                                          Sep 6, 2024 02:57:07.681701899 CEST49772443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.724298954 CEST49770443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.724318027 CEST44349770142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.724387884 CEST49771443192.168.2.5152.195.19.97
                                          Sep 6, 2024 02:57:07.724399090 CEST44349771152.195.19.97192.168.2.5
                                          Sep 6, 2024 02:57:07.724466085 CEST49772443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.724469900 CEST44349772142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.724920034 CEST44349772142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.724934101 CEST44349772142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.724963903 CEST44349770142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.724978924 CEST44349770142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.725538015 CEST44349771152.195.19.97192.168.2.5
                                          Sep 6, 2024 02:57:07.725547075 CEST44349772142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.725550890 CEST49770443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.725550890 CEST49772443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.725552082 CEST44349771152.195.19.97192.168.2.5
                                          Sep 6, 2024 02:57:07.725563049 CEST44349772142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.725666046 CEST44349770142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.725677967 CEST49772443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.725681067 CEST49771443192.168.2.5152.195.19.97
                                          Sep 6, 2024 02:57:07.725722075 CEST49770443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.732403040 CEST49770443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.732470036 CEST44349770142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.732501030 CEST49772443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.732578039 CEST44349772142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.732601881 CEST49771443192.168.2.5152.195.19.97
                                          Sep 6, 2024 02:57:07.732692003 CEST44349771152.195.19.97192.168.2.5
                                          Sep 6, 2024 02:57:07.732892036 CEST49770443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.733254910 CEST49772443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.733305931 CEST49771443192.168.2.5152.195.19.97
                                          Sep 6, 2024 02:57:07.745729923 CEST49766443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:07.745759964 CEST4434976613.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.746064901 CEST49767443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:07.746085882 CEST4434976713.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:07.780493021 CEST44349770142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.780498028 CEST44349771152.195.19.97192.168.2.5
                                          Sep 6, 2024 02:57:07.780502081 CEST44349772142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.784378052 CEST49772443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.784384966 CEST44349772142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.835457087 CEST44349771152.195.19.97192.168.2.5
                                          Sep 6, 2024 02:57:07.835473061 CEST44349771152.195.19.97192.168.2.5
                                          Sep 6, 2024 02:57:07.835504055 CEST44349771152.195.19.97192.168.2.5
                                          Sep 6, 2024 02:57:07.835515976 CEST44349771152.195.19.97192.168.2.5
                                          Sep 6, 2024 02:57:07.835555077 CEST44349771152.195.19.97192.168.2.5
                                          Sep 6, 2024 02:57:07.840945005 CEST49771443192.168.2.5152.195.19.97
                                          Sep 6, 2024 02:57:07.840986967 CEST49771443192.168.2.5152.195.19.97
                                          Sep 6, 2024 02:57:07.841090918 CEST44349770142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.841429949 CEST49770443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.843080044 CEST44349772142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.845751047 CEST49772443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.850018978 CEST49770443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.850035906 CEST44349770142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.854582071 CEST49772443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.854587078 CEST44349772142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:07.857275963 CEST49771443192.168.2.5152.195.19.97
                                          Sep 6, 2024 02:57:07.857302904 CEST44349771152.195.19.97192.168.2.5
                                          Sep 6, 2024 02:57:08.175407887 CEST49773443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.175451994 CEST44349773142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.175910950 CEST49774443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.175920963 CEST44349774142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.176196098 CEST49773443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.176745892 CEST49773443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.176760912 CEST44349773142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.176876068 CEST49774443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.177308083 CEST49774443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.177318096 CEST44349774142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.331264019 CEST49776443192.168.2.5142.251.40.228
                                          Sep 6, 2024 02:57:08.331299067 CEST44349776142.251.40.228192.168.2.5
                                          Sep 6, 2024 02:57:08.332674980 CEST49776443192.168.2.5142.251.40.228
                                          Sep 6, 2024 02:57:08.332851887 CEST49776443192.168.2.5142.251.40.228
                                          Sep 6, 2024 02:57:08.332868099 CEST44349776142.251.40.228192.168.2.5
                                          Sep 6, 2024 02:57:08.652659893 CEST49778443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:08.652671099 CEST44349778162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:08.652916908 CEST49779443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:08.652942896 CEST44349779162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:08.652992964 CEST49778443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:08.653179884 CEST49778443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:08.653192997 CEST44349778162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:08.653237104 CEST49779443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:08.653333902 CEST49779443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:08.653348923 CEST44349779162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:08.673489094 CEST44349774142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.674139977 CEST49774443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.674154043 CEST44349774142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.674981117 CEST44349774142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.675055027 CEST49774443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.675676107 CEST44349774142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.675772905 CEST49774443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.675882101 CEST49774443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.677548885 CEST44349774142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.678281069 CEST44349773142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.678731918 CEST49773443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.678740978 CEST44349773142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.679131985 CEST44349773142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.679831982 CEST44349773142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.680845976 CEST49773443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.680855036 CEST44349773142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.681440115 CEST49773443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.681510925 CEST44349773142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.782036066 CEST49774443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.782044888 CEST44349774142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.821780920 CEST44349776142.251.40.228192.168.2.5
                                          Sep 6, 2024 02:57:08.822053909 CEST49776443192.168.2.5142.251.40.228
                                          Sep 6, 2024 02:57:08.822077036 CEST44349776142.251.40.228192.168.2.5
                                          Sep 6, 2024 02:57:08.823088884 CEST44349776142.251.40.228192.168.2.5
                                          Sep 6, 2024 02:57:08.824564934 CEST49776443192.168.2.5142.251.40.228
                                          Sep 6, 2024 02:57:08.825562000 CEST49776443192.168.2.5142.251.40.228
                                          Sep 6, 2024 02:57:08.825628996 CEST44349776142.251.40.228192.168.2.5
                                          Sep 6, 2024 02:57:08.825746059 CEST49776443192.168.2.5142.251.40.228
                                          Sep 6, 2024 02:57:08.845573902 CEST49773443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.845585108 CEST44349773142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.868511915 CEST44349776142.251.40.228192.168.2.5
                                          Sep 6, 2024 02:57:08.926134109 CEST44349776142.251.40.228192.168.2.5
                                          Sep 6, 2024 02:57:08.926188946 CEST44349776142.251.40.228192.168.2.5
                                          Sep 6, 2024 02:57:08.926196098 CEST49776443192.168.2.5142.251.40.228
                                          Sep 6, 2024 02:57:08.926215887 CEST44349776142.251.40.228192.168.2.5
                                          Sep 6, 2024 02:57:08.926256895 CEST49776443192.168.2.5142.251.40.228
                                          Sep 6, 2024 02:57:08.926261902 CEST44349776142.251.40.228192.168.2.5
                                          Sep 6, 2024 02:57:08.926275015 CEST44349776142.251.40.228192.168.2.5
                                          Sep 6, 2024 02:57:08.926402092 CEST49776443192.168.2.5142.251.40.228
                                          Sep 6, 2024 02:57:08.926409006 CEST44349776142.251.40.228192.168.2.5
                                          Sep 6, 2024 02:57:08.926420927 CEST44349776142.251.40.228192.168.2.5
                                          Sep 6, 2024 02:57:08.926656961 CEST49776443192.168.2.5142.251.40.228
                                          Sep 6, 2024 02:57:08.927557945 CEST49776443192.168.2.5142.251.40.228
                                          Sep 6, 2024 02:57:08.927572012 CEST44349776142.251.40.228192.168.2.5
                                          Sep 6, 2024 02:57:08.945811033 CEST49773443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.977056980 CEST49774443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:09.011581898 CEST49780443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:09.011614084 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:09.011691093 CEST49780443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:09.011871099 CEST49780443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:09.011887074 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:09.108900070 CEST44349779162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.109226942 CEST49779443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:09.109239101 CEST44349779162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.109555006 CEST44349779162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.111840010 CEST49779443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:09.111896992 CEST44349779162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.114165068 CEST44349778162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.114440918 CEST49778443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:09.114461899 CEST44349778162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.114820957 CEST44349778162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.117538929 CEST49778443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:09.117609024 CEST44349778162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.188978910 CEST49778443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:09.231367111 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:09.248378992 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:09.248445034 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:09.248547077 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:09.253248930 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:09.263295889 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:09.268064976 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:09.320517063 CEST44349779162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.320574045 CEST49779443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:09.360268116 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:09.478195906 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:09.671506882 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:09.671808958 CEST49780443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:09.671828032 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:09.672158003 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:09.672533035 CEST49780443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:09.672599077 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:09.672710896 CEST49780443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:09.692666054 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:09.720504999 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:09.747849941 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:10.083163977 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:10.087752104 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:10.087773085 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:10.087788105 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:10.092502117 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:10.092961073 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:10.092983961 CEST49780443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:10.093002081 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:10.093055010 CEST49780443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:10.093063116 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:10.093072891 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:10.095567942 CEST49780443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:10.095572948 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:10.096086979 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:10.108503103 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:10.111212969 CEST49780443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:10.122361898 CEST49780443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:10.126171112 CEST49780443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:10.126362085 CEST49780443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:10.182512045 CEST49780443192.168.2.513.107.246.40
                                          Sep 6, 2024 02:57:10.182528019 CEST4434978013.107.246.40192.168.2.5
                                          Sep 6, 2024 02:57:11.878885031 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:11.882345915 CEST49783443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:11.882371902 CEST4434978334.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:11.883549929 CEST49783443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:11.883758068 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:11.885091066 CEST49783443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:11.885107994 CEST4434978334.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:11.975328922 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:12.019212961 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:12.505950928 CEST4434978334.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:12.514465094 CEST49783443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:12.609164953 CEST49783443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:12.609184980 CEST4434978334.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:12.609424114 CEST4434978334.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:12.612140894 CEST49783443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:12.612149000 CEST4434978334.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:12.752058029 CEST49784443192.168.2.520.12.23.50
                                          Sep 6, 2024 02:57:12.752074957 CEST4434978420.12.23.50192.168.2.5
                                          Sep 6, 2024 02:57:12.752180099 CEST49784443192.168.2.520.12.23.50
                                          Sep 6, 2024 02:57:12.753278017 CEST49784443192.168.2.520.12.23.50
                                          Sep 6, 2024 02:57:12.753288031 CEST4434978420.12.23.50192.168.2.5
                                          Sep 6, 2024 02:57:12.820494890 CEST4434978334.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:12.828010082 CEST49783443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:13.345354080 CEST4434978420.12.23.50192.168.2.5
                                          Sep 6, 2024 02:57:13.346386909 CEST49784443192.168.2.520.12.23.50
                                          Sep 6, 2024 02:57:13.359272957 CEST49784443192.168.2.520.12.23.50
                                          Sep 6, 2024 02:57:13.359291077 CEST4434978420.12.23.50192.168.2.5
                                          Sep 6, 2024 02:57:13.359519958 CEST4434978420.12.23.50192.168.2.5
                                          Sep 6, 2024 02:57:13.401386976 CEST49784443192.168.2.520.12.23.50
                                          Sep 6, 2024 02:57:13.920913935 CEST49784443192.168.2.520.12.23.50
                                          Sep 6, 2024 02:57:13.968489885 CEST4434978420.12.23.50192.168.2.5
                                          Sep 6, 2024 02:57:14.451339006 CEST4434978420.12.23.50192.168.2.5
                                          Sep 6, 2024 02:57:14.451359034 CEST4434978420.12.23.50192.168.2.5
                                          Sep 6, 2024 02:57:14.451365948 CEST4434978420.12.23.50192.168.2.5
                                          Sep 6, 2024 02:57:14.451379061 CEST4434978420.12.23.50192.168.2.5
                                          Sep 6, 2024 02:57:14.451417923 CEST4434978420.12.23.50192.168.2.5
                                          Sep 6, 2024 02:57:14.452641964 CEST49784443192.168.2.520.12.23.50
                                          Sep 6, 2024 02:57:14.452657938 CEST4434978420.12.23.50192.168.2.5
                                          Sep 6, 2024 02:57:14.452694893 CEST49784443192.168.2.520.12.23.50
                                          Sep 6, 2024 02:57:14.452694893 CEST4434978420.12.23.50192.168.2.5
                                          Sep 6, 2024 02:57:14.452761889 CEST49784443192.168.2.520.12.23.50
                                          Sep 6, 2024 02:57:14.988457918 CEST49784443192.168.2.520.12.23.50
                                          Sep 6, 2024 02:57:14.988492966 CEST4434978420.12.23.50192.168.2.5
                                          Sep 6, 2024 02:57:14.988508940 CEST49784443192.168.2.520.12.23.50
                                          Sep 6, 2024 02:57:14.988514900 CEST4434978420.12.23.50192.168.2.5
                                          Sep 6, 2024 02:57:17.814294100 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:17.819092989 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:17.909219980 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:17.954596043 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:19.675437927 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:19.680285931 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:19.773504019 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:19.814981937 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:20.167828083 CEST49791443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:20.167869091 CEST4434979135.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:20.168276072 CEST49791443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:20.168513060 CEST49791443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:20.168526888 CEST4434979135.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:20.631649017 CEST4434979135.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:20.631719112 CEST49791443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:20.634701967 CEST49791443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:20.634711981 CEST4434979135.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:20.634928942 CEST4434979135.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:20.637844086 CEST49791443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:20.637922049 CEST49791443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:20.637978077 CEST4434979135.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:20.638041019 CEST49791443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:20.670356035 CEST49792443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:20.670387030 CEST4434979234.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:20.670510054 CEST49792443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:20.671854973 CEST49792443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:20.671875000 CEST4434979234.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:20.747703075 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:20.752587080 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:20.842303991 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:20.902519941 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:20.963865995 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:20.967876911 CEST49793443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:20.967910051 CEST4434979334.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:20.967968941 CEST49793443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:20.969224930 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:20.977081060 CEST49793443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:20.977093935 CEST4434979334.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:21.066138029 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:21.116060019 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:21.141463995 CEST4434979234.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:21.142095089 CEST49792443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:21.145920992 CEST49792443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:21.145931005 CEST4434979234.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:21.146023035 CEST49792443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:21.146074057 CEST4434979234.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:21.147109032 CEST49792443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:21.150335073 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:21.155078888 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:21.168653965 CEST49794443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:21.168679953 CEST4434979434.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:21.169933081 CEST49794443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:21.171093941 CEST49794443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:21.171111107 CEST4434979434.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:21.244498968 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:21.298070908 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:21.457910061 CEST4434979334.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:21.457988024 CEST49793443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:21.527331114 CEST49793443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:21.527355909 CEST4434979334.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:21.527429104 CEST49793443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:21.527580976 CEST4434979334.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:21.527631998 CEST49793443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:21.554734945 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:21.557980061 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:21.559516907 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:21.562757015 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:21.628881931 CEST4434979434.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:21.628964901 CEST49794443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:21.648524046 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:21.652841091 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:21.704197884 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:21.704288006 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:23.034200907 CEST49795443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:23.034243107 CEST4434979534.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:23.035974979 CEST49794443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:23.036004066 CEST4434979434.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:23.036043882 CEST49795443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:23.036142111 CEST49794443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:23.036267042 CEST4434979434.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:23.036500931 CEST49794443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.017335892 CEST44349779162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:24.017446041 CEST44349779162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:24.017520905 CEST49779443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:24.023180962 CEST44349778162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:24.023247004 CEST44349778162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:24.023345947 CEST49778443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:24.101511002 CEST49795443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.101536989 CEST4434979534.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:24.102413893 CEST49796443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.102457047 CEST4434979634.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:24.103013992 CEST49796443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.103120089 CEST49796443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.103133917 CEST4434979634.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:24.121709108 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:24.126584053 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:24.216665983 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:24.267535925 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:24.323457003 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:24.328273058 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:24.340599060 CEST49797443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.340641022 CEST4434979734.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:24.340857029 CEST49798443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:24.340905905 CEST4434979834.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:24.340954065 CEST49797443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.341088057 CEST49798443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:24.342236042 CEST49797443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.342252016 CEST4434979734.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:24.343689919 CEST49798443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:24.343703985 CEST4434979834.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:24.418039083 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:24.461947918 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:24.509140015 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:24.513912916 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:24.560409069 CEST4434979534.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:24.560499907 CEST49795443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.565301895 CEST4434979634.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:24.565392971 CEST49796443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.579221010 CEST49795443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.579246044 CEST4434979534.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:24.579477072 CEST4434979534.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:24.581864119 CEST49796443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.581877947 CEST4434979634.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:24.582098961 CEST4434979634.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:24.585562944 CEST49795443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.585654974 CEST49795443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.585704088 CEST4434979534.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:24.585740089 CEST49796443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.585838079 CEST49796443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.585890055 CEST4434979634.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:24.585968018 CEST49796443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.585984945 CEST49795443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.588130951 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:24.592869997 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:24.603796959 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:24.645172119 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:24.682796955 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:24.686300993 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:24.691133976 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:24.737206936 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:24.780224085 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:24.797671080 CEST4434979734.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:24.797745943 CEST49797443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.801388025 CEST49797443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.801397085 CEST4434979734.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:24.801479101 CEST49797443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.801522017 CEST4434979734.120.208.123192.168.2.5
                                          Sep 6, 2024 02:57:24.802520037 CEST49797443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:57:24.803656101 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:24.808445930 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:24.817087889 CEST4434979834.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:24.817162037 CEST49798443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:24.820712090 CEST49798443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:24.820720911 CEST4434979834.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:24.820775032 CEST49798443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:24.820862055 CEST4434979834.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:24.820950031 CEST49798443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:24.830090046 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:24.900027037 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:24.902447939 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:24.907284021 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:24.946010113 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:24.997046947 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:25.047374010 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:31.059357882 CEST49799443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:31.059429884 CEST4434979935.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:31.064330101 CEST49799443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:31.064367056 CEST49799443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:31.064373970 CEST4434979935.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:31.082238913 CEST49800443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:31.082283020 CEST4434980034.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:31.082921982 CEST49800443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:31.083055019 CEST49800443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:31.083069086 CEST4434980034.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:31.096699953 CEST49801443192.168.2.552.222.236.23
                                          Sep 6, 2024 02:57:31.096714973 CEST4434980152.222.236.23192.168.2.5
                                          Sep 6, 2024 02:57:31.097129107 CEST49801443192.168.2.552.222.236.23
                                          Sep 6, 2024 02:57:31.097229958 CEST49801443192.168.2.552.222.236.23
                                          Sep 6, 2024 02:57:31.097244978 CEST4434980152.222.236.23192.168.2.5
                                          Sep 6, 2024 02:57:31.115375996 CEST49802443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:31.115387917 CEST4434980235.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:31.118220091 CEST49802443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:31.119466066 CEST49802443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:31.119478941 CEST4434980235.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:31.161390066 CEST49803443192.168.2.535.201.103.21
                                          Sep 6, 2024 02:57:31.161431074 CEST4434980335.201.103.21192.168.2.5
                                          Sep 6, 2024 02:57:31.162254095 CEST49803443192.168.2.535.201.103.21
                                          Sep 6, 2024 02:57:31.163697004 CEST49803443192.168.2.535.201.103.21
                                          Sep 6, 2024 02:57:31.163707018 CEST4434980335.201.103.21192.168.2.5
                                          Sep 6, 2024 02:57:31.806266069 CEST4434979935.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:31.806344986 CEST49799443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:31.807199955 CEST4434980034.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:31.807267904 CEST49800443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:31.807332993 CEST4434980235.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:31.807390928 CEST49802443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:31.809293032 CEST49799443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:31.809303045 CEST4434979935.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:31.809514046 CEST4434979935.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:31.811525106 CEST49800443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:31.811537027 CEST4434980034.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:31.811781883 CEST4434980034.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:31.812410116 CEST4434980335.201.103.21192.168.2.5
                                          Sep 6, 2024 02:57:31.815020084 CEST49803443192.168.2.535.201.103.21
                                          Sep 6, 2024 02:57:31.817107916 CEST49799443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:31.817251921 CEST4434979935.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:31.817305088 CEST49799443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:31.817317963 CEST4434979935.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:31.817646027 CEST49800443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:31.817747116 CEST49800443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:31.817835093 CEST4434980034.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:31.818233013 CEST49804443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:31.818254948 CEST4434980434.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:31.818855047 CEST49802443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:31.818866014 CEST4434980235.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:31.818917990 CEST49802443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:31.818993092 CEST4434980235.190.72.216192.168.2.5
                                          Sep 6, 2024 02:57:31.822520018 CEST49803443192.168.2.535.201.103.21
                                          Sep 6, 2024 02:57:31.822530031 CEST4434980335.201.103.21192.168.2.5
                                          Sep 6, 2024 02:57:31.822587967 CEST49803443192.168.2.535.201.103.21
                                          Sep 6, 2024 02:57:31.822827101 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:31.824189901 CEST49800443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:31.824244022 CEST49804443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:31.824376106 CEST49804443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:31.824388027 CEST4434980434.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:31.824676037 CEST4434980335.201.103.21192.168.2.5
                                          Sep 6, 2024 02:57:31.825423956 CEST49802443192.168.2.535.190.72.216
                                          Sep 6, 2024 02:57:31.825453997 CEST49803443192.168.2.535.201.103.21
                                          Sep 6, 2024 02:57:31.827580929 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:31.835901976 CEST49805443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:31.835932016 CEST4434980534.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:31.836616993 CEST49805443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:31.836744070 CEST49805443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:31.836754084 CEST4434980534.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:31.850136995 CEST4434980152.222.236.23192.168.2.5
                                          Sep 6, 2024 02:57:31.855843067 CEST49801443192.168.2.552.222.236.23
                                          Sep 6, 2024 02:57:31.863174915 CEST49801443192.168.2.552.222.236.23
                                          Sep 6, 2024 02:57:31.863183975 CEST4434980152.222.236.23192.168.2.5
                                          Sep 6, 2024 02:57:31.863370895 CEST4434980152.222.236.23192.168.2.5
                                          Sep 6, 2024 02:57:31.866012096 CEST49801443192.168.2.552.222.236.23
                                          Sep 6, 2024 02:57:31.866136074 CEST49801443192.168.2.552.222.236.23
                                          Sep 6, 2024 02:57:31.866147041 CEST4434980152.222.236.23192.168.2.5
                                          Sep 6, 2024 02:57:31.871685028 CEST49801443192.168.2.552.222.236.23
                                          Sep 6, 2024 02:57:31.873532057 CEST49806443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:31.873543978 CEST4434980635.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:31.874057055 CEST49806443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:31.874181032 CEST49806443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:31.874192953 CEST4434980635.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:31.876163006 CEST49807443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:31.876177073 CEST4434980735.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:31.877327919 CEST49807443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:31.877424955 CEST49807443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:31.877438068 CEST4434980735.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:31.878881931 CEST49808443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:31.878914118 CEST4434980835.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:31.879024029 CEST49808443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:31.879072905 CEST49808443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:31.879081011 CEST4434980835.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:31.917167902 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:31.920180082 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:31.925004005 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:31.971585989 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:32.014667988 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:32.028505087 CEST4434979935.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:32.028563023 CEST49799443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:32.056272030 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:32.306225061 CEST4434980434.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:32.306421995 CEST49804443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:32.309631109 CEST49804443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:32.309643984 CEST4434980434.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:32.309869051 CEST4434980434.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:32.312381029 CEST49804443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:32.312478065 CEST49804443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:32.312526941 CEST4434980434.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:32.312623024 CEST49804443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:32.315413952 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:32.318157911 CEST4434980534.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:32.318232059 CEST49805443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:32.320180893 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:32.320979118 CEST49805443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:32.320992947 CEST4434980534.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:32.321212053 CEST4434980534.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:32.323271990 CEST49805443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:32.323340893 CEST49805443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:32.323415995 CEST4434980534.149.100.209192.168.2.5
                                          Sep 6, 2024 02:57:32.323568106 CEST49805443192.168.2.534.149.100.209
                                          Sep 6, 2024 02:57:32.340115070 CEST4434980735.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:32.340163946 CEST4434980635.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:32.340178013 CEST49807443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:32.340430021 CEST49806443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:32.342878103 CEST49807443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:32.342885017 CEST4434980735.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:32.343110085 CEST4434980735.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:32.345105886 CEST49806443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:32.345112085 CEST4434980635.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:32.345345020 CEST4434980635.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:32.347883940 CEST49807443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:32.347939014 CEST49807443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:32.348012924 CEST4434980735.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:32.348413944 CEST49806443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:32.348462105 CEST49806443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:32.348563910 CEST4434980635.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:32.348607063 CEST49807443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:32.348623991 CEST49806443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:32.362632990 CEST4434980835.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:32.362888098 CEST49808443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:32.365096092 CEST49808443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:32.365106106 CEST4434980835.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:32.365324974 CEST4434980835.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:32.367552042 CEST49808443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:32.367620945 CEST49808443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:32.367681980 CEST4434980835.244.181.201192.168.2.5
                                          Sep 6, 2024 02:57:32.367788076 CEST49808443192.168.2.535.244.181.201
                                          Sep 6, 2024 02:57:32.409750938 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:32.411926985 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:32.416680098 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:32.457431078 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:32.506254911 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:32.559746027 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:34.827073097 CEST49810443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:34.827099085 CEST4434981034.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:34.827408075 CEST49810443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:34.828880072 CEST49810443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:34.828892946 CEST4434981034.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:35.284425020 CEST4434981034.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:35.284626961 CEST49810443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:35.289320946 CEST49810443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:35.289335012 CEST4434981034.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:35.289460897 CEST4434981034.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:35.289491892 CEST49810443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:35.289498091 CEST4434981034.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:35.292294025 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:35.297059059 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:35.387121916 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:35.391684055 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:35.396492958 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:35.427999973 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:35.485744953 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:35.496503115 CEST4434981034.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:35.496548891 CEST49810443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:35.527488947 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:45.394289970 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:45.399135113 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:45.494564056 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:45.499507904 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:48.354912043 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:48.359689951 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:48.449558973 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:48.452459097 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:48.457225084 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:48.503632069 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:48.547013998 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:48.603774071 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:51.863751888 CEST49812443192.168.2.513.85.23.86
                                          Sep 6, 2024 02:57:51.863787889 CEST4434981213.85.23.86192.168.2.5
                                          Sep 6, 2024 02:57:51.863852978 CEST49812443192.168.2.513.85.23.86
                                          Sep 6, 2024 02:57:51.864159107 CEST49812443192.168.2.513.85.23.86
                                          Sep 6, 2024 02:57:51.864173889 CEST4434981213.85.23.86192.168.2.5
                                          Sep 6, 2024 02:57:52.641802073 CEST4434981213.85.23.86192.168.2.5
                                          Sep 6, 2024 02:57:52.641963005 CEST49812443192.168.2.513.85.23.86
                                          Sep 6, 2024 02:57:52.645117998 CEST49812443192.168.2.513.85.23.86
                                          Sep 6, 2024 02:57:52.645127058 CEST4434981213.85.23.86192.168.2.5
                                          Sep 6, 2024 02:57:52.645366907 CEST4434981213.85.23.86192.168.2.5
                                          Sep 6, 2024 02:57:52.653244972 CEST49812443192.168.2.513.85.23.86
                                          Sep 6, 2024 02:57:52.700516939 CEST4434981213.85.23.86192.168.2.5
                                          Sep 6, 2024 02:57:52.900737047 CEST4434981213.85.23.86192.168.2.5
                                          Sep 6, 2024 02:57:52.900753975 CEST4434981213.85.23.86192.168.2.5
                                          Sep 6, 2024 02:57:52.900767088 CEST4434981213.85.23.86192.168.2.5
                                          Sep 6, 2024 02:57:52.900827885 CEST49812443192.168.2.513.85.23.86
                                          Sep 6, 2024 02:57:52.900841951 CEST4434981213.85.23.86192.168.2.5
                                          Sep 6, 2024 02:57:52.901501894 CEST4434981213.85.23.86192.168.2.5
                                          Sep 6, 2024 02:57:52.901536942 CEST4434981213.85.23.86192.168.2.5
                                          Sep 6, 2024 02:57:52.902221918 CEST4434981213.85.23.86192.168.2.5
                                          Sep 6, 2024 02:57:52.902817011 CEST49812443192.168.2.513.85.23.86
                                          Sep 6, 2024 02:57:52.902858973 CEST49812443192.168.2.513.85.23.86
                                          Sep 6, 2024 02:57:52.904248953 CEST49812443192.168.2.513.85.23.86
                                          Sep 6, 2024 02:57:52.904248953 CEST49812443192.168.2.513.85.23.86
                                          Sep 6, 2024 02:57:52.904263973 CEST4434981213.85.23.86192.168.2.5
                                          Sep 6, 2024 02:57:52.904273033 CEST4434981213.85.23.86192.168.2.5
                                          Sep 6, 2024 02:57:53.798542976 CEST49774443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:53.798561096 CEST44349774142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:53.860027075 CEST49773443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:53.860037088 CEST44349773142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:56.447710991 CEST49813443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:56.447761059 CEST4434981334.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:56.447840929 CEST49813443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:56.449027061 CEST49813443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:56.449037075 CEST4434981334.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:57.546823025 CEST4434981334.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:57.546897888 CEST49813443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:57.551196098 CEST49813443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:57.551211119 CEST4434981334.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:57.551280022 CEST49813443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:57.551398993 CEST4434981334.107.243.93192.168.2.5
                                          Sep 6, 2024 02:57:57.553580046 CEST49813443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:57:57.554297924 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:57.559081078 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:57.648902893 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:57.652324915 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:57.657285929 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:57.689157963 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:57.746721983 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:57:57.798420906 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:57:58.465703964 CEST49779443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:58.465723038 CEST44349779162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:58.465748072 CEST49778443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:58.465771914 CEST44349778162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:58:00.895368099 CEST49815443192.168.2.523.219.161.132
                                          Sep 6, 2024 02:58:00.895416021 CEST4434981523.219.161.132192.168.2.5
                                          Sep 6, 2024 02:58:00.895486116 CEST49815443192.168.2.523.219.161.132
                                          Sep 6, 2024 02:58:00.895679951 CEST49815443192.168.2.523.219.161.132
                                          Sep 6, 2024 02:58:00.895689964 CEST4434981523.219.161.132192.168.2.5
                                          Sep 6, 2024 02:58:01.379415989 CEST4434981523.219.161.132192.168.2.5
                                          Sep 6, 2024 02:58:01.379738092 CEST49815443192.168.2.523.219.161.132
                                          Sep 6, 2024 02:58:01.379755020 CEST4434981523.219.161.132192.168.2.5
                                          Sep 6, 2024 02:58:01.380130053 CEST4434981523.219.161.132192.168.2.5
                                          Sep 6, 2024 02:58:01.381103992 CEST49815443192.168.2.523.219.161.132
                                          Sep 6, 2024 02:58:01.381165028 CEST4434981523.219.161.132192.168.2.5
                                          Sep 6, 2024 02:58:01.381294012 CEST49815443192.168.2.523.219.161.132
                                          Sep 6, 2024 02:58:01.428498983 CEST4434981523.219.161.132192.168.2.5
                                          Sep 6, 2024 02:58:01.435446024 CEST49815443192.168.2.523.219.161.132
                                          Sep 6, 2024 02:58:01.518513918 CEST4434981523.219.161.132192.168.2.5
                                          Sep 6, 2024 02:58:01.518579960 CEST4434981523.219.161.132192.168.2.5
                                          Sep 6, 2024 02:58:01.518639088 CEST49815443192.168.2.523.219.161.132
                                          Sep 6, 2024 02:58:01.518836021 CEST49815443192.168.2.523.219.161.132
                                          Sep 6, 2024 02:58:01.518850088 CEST4434981523.219.161.132192.168.2.5
                                          Sep 6, 2024 02:58:02.766223907 CEST49816443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:02.766271114 CEST4434981634.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:02.769452095 CEST49817443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:02.769493103 CEST4434981734.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:02.770808935 CEST49816443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:02.770946980 CEST49817443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:02.770951033 CEST49816443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:02.770967007 CEST4434981634.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:02.771066904 CEST49817443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:02.771089077 CEST4434981734.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.232918978 CEST4434981634.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.233778954 CEST49816443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.243994951 CEST4434981734.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.244405985 CEST49817443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.245593071 CEST49816443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.245605946 CEST4434981634.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.245858908 CEST4434981634.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.248111010 CEST49817443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.248121977 CEST4434981734.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.248377085 CEST4434981734.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.253206968 CEST49816443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.253303051 CEST49816443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.253369093 CEST4434981634.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.253899097 CEST49817443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.253962994 CEST49817443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.254055023 CEST4434981734.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.254345894 CEST49816443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.254360914 CEST49817443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.291765928 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:03.295439005 CEST49818443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.295473099 CEST4434981834.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.296272039 CEST49818443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.296343088 CEST49818443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.296348095 CEST4434981834.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.297303915 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:03.303957939 CEST49819443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.303992987 CEST4434981934.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.304066896 CEST49820443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.304078102 CEST4434982034.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.304497004 CEST49819443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.304503918 CEST49820443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.304620981 CEST49819443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.304636955 CEST4434981934.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.304723978 CEST49820443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.304735899 CEST4434982034.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.387162924 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:03.419828892 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:03.424766064 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:03.438918114 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:03.514861107 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:03.565042973 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:03.760313988 CEST4434981934.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.760385036 CEST49819443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.763890982 CEST49819443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.763904095 CEST4434981934.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.764136076 CEST4434981934.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.766554117 CEST49819443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.766657114 CEST49819443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.766701937 CEST4434981934.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.767708063 CEST49819443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.770025015 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:03.771574974 CEST4434982034.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.771857023 CEST49820443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.774749041 CEST49820443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.774758101 CEST4434982034.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.775003910 CEST4434982034.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.776953936 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:03.777121067 CEST49820443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.777215958 CEST49820443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.777267933 CEST4434982034.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.777447939 CEST49820443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.781970978 CEST4434981834.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.782200098 CEST49818443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.785718918 CEST49818443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.785725117 CEST4434981834.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.785952091 CEST4434981834.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.788527966 CEST49818443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.788609982 CEST49818443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.788667917 CEST4434981834.120.208.123192.168.2.5
                                          Sep 6, 2024 02:58:03.788790941 CEST49818443192.168.2.534.120.208.123
                                          Sep 6, 2024 02:58:03.864754915 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:03.867136955 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:03.871918917 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:03.906290054 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:03.961575031 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:04.016865969 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:13.876492023 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:13.881369114 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:13.976783037 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:13.981589079 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:23.881680012 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:23.886581898 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:23.981916904 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:23.986711979 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:33.892471075 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:33.901175022 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:33.992980957 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:33.997860909 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:37.561851025 CEST49822443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:58:37.561888933 CEST4434982234.107.243.93192.168.2.5
                                          Sep 6, 2024 02:58:37.562042952 CEST49822443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:58:37.563437939 CEST49822443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:58:37.563448906 CEST4434982234.107.243.93192.168.2.5
                                          Sep 6, 2024 02:58:38.025674105 CEST4434982234.107.243.93192.168.2.5
                                          Sep 6, 2024 02:58:38.025757074 CEST49822443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:58:38.030241013 CEST49822443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:58:38.030251980 CEST4434982234.107.243.93192.168.2.5
                                          Sep 6, 2024 02:58:38.030337095 CEST49822443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:58:38.030390978 CEST4434982234.107.243.93192.168.2.5
                                          Sep 6, 2024 02:58:38.031081915 CEST49822443192.168.2.534.107.243.93
                                          Sep 6, 2024 02:58:38.033032894 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:38.037770033 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:38.127645016 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:38.130626917 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:38.135406017 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:38.174401045 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:38.225430965 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:38.267657995 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:38.818077087 CEST49774443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:58:38.818090916 CEST44349774142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:58:38.864947081 CEST49773443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:58:38.864957094 CEST44349773142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:58:48.144083023 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:48.149610996 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:48.244440079 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:48.249594927 CEST804978234.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:58.175461054 CEST4975980192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:58.180715084 CEST804975934.107.221.82192.168.2.5
                                          Sep 6, 2024 02:58:58.256051064 CEST4978280192.168.2.534.107.221.82
                                          Sep 6, 2024 02:58:58.261337996 CEST804978234.107.221.82192.168.2.5

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Sep 6, 2024 02:56:59.086916924 CEST53561131.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:00.154881954 CEST4999753192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:00.155307055 CEST6351353192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:01.067590952 CEST6031653192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:01.067821026 CEST5712253192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:01.074193954 CEST53603161.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:01.076090097 CEST53571221.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:01.346060991 CEST4956953192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:01.353715897 CEST53495691.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:01.356268883 CEST5402053192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:01.363554955 CEST53540201.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:01.998251915 CEST53583711.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:03.030010939 CEST53633801.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:03.151674986 CEST5076753192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:03.161550045 CEST5366953192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:03.168051958 CEST53536691.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:03.172801971 CEST4944453192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:03.179400921 CEST53494441.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:03.955398083 CEST6496253192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:03.955535889 CEST6247053192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:03.955858946 CEST4977853192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:03.955986977 CEST6327253192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:03.962426901 CEST53624701.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:03.962613106 CEST53649621.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:03.962950945 CEST53497781.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:03.962960005 CEST53632721.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:03.986604929 CEST5510253192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:03.986740112 CEST6483053192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:03.993124962 CEST53551021.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:03.993563890 CEST53648301.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:04.434353113 CEST5666753192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:04.436300993 CEST5162353192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:04.441046000 CEST53566671.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:04.442615986 CEST53516231.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:04.445611954 CEST5362053192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:04.452075958 CEST53536201.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:04.453835011 CEST6199853192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:04.465111017 CEST53619981.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:04.516032934 CEST6243253192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:04.516227961 CEST5864253192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:04.522818089 CEST53586421.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:04.522959948 CEST53624321.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:04.551168919 CEST5467753192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:04.568543911 CEST53546771.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:04.594434977 CEST5568353192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:04.598442078 CEST5844253192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:04.600871086 CEST6210053192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:04.601032019 CEST4977453192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:04.604923010 CEST53584421.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:04.607544899 CEST53621001.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:04.607672930 CEST53497741.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:04.648051023 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.103336096 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.103470087 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.103481054 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.103491068 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.117432117 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.118539095 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.118844986 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.119576931 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.119680882 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.121861935 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.121958017 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.214519024 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.214785099 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.214801073 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.214811087 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.214819908 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.215540886 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.215610027 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.217051983 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.218852043 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.219237089 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.220256090 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.309417009 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.336932898 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.831778049 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.832787037 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.833357096 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.833643913 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.916816950 CEST6508953192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:05.923566103 CEST53650891.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:05.926162958 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.927505016 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.929250956 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.929264069 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.929490089 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.929585934 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:05.929672003 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:05.933865070 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.036698103 CEST6046153192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:06.043764114 CEST53604611.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:06.045026064 CEST6066353192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:06.051724911 CEST53606631.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:06.084372044 CEST5343953192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:06.158637047 CEST53615141.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:06.303071022 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.303194046 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.377068043 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.378820896 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.379014969 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.379096985 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.404084921 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.404102087 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.404125929 CEST44352819172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.414103985 CEST52819443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.514534950 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.514626026 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.749377966 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.749468088 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.773552895 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.773757935 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.843588114 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.847225904 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.849616051 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.849637985 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.849649906 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.849692106 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.849915981 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.850073099 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.850112915 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.851018906 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.851648092 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.851804972 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.852471113 CEST54172443192.168.2.5172.253.122.84
                                          Sep 6, 2024 02:57:06.853503942 CEST54172443192.168.2.5172.253.122.84
                                          Sep 6, 2024 02:57:06.853708982 CEST54172443192.168.2.5172.253.122.84
                                          Sep 6, 2024 02:57:06.910088062 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.910654068 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.910891056 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.915421963 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.915551901 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:06.963529110 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.975048065 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.975063086 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.975075006 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:06.975089073 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:07.003814936 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:07.009233952 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:07.014678955 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:07.016776085 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:07.045504093 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:07.077228069 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:07.316261053 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:07.317003012 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:07.317039013 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:07.317055941 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:07.317073107 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:07.723587036 CEST54172443192.168.2.5172.253.122.84
                                          Sep 6, 2024 02:57:07.724114895 CEST54172443192.168.2.5172.253.122.84
                                          Sep 6, 2024 02:57:07.828538895 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:07.829736948 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:07.829751968 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:07.845189095 CEST54172443192.168.2.5172.253.122.84
                                          Sep 6, 2024 02:57:07.845663071 CEST54172443192.168.2.5172.253.122.84
                                          Sep 6, 2024 02:57:07.857956886 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:07.912319899 CEST54172443192.168.2.5172.253.122.84
                                          Sep 6, 2024 02:57:07.974642038 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:08.174518108 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.219472885 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:08.219487906 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:08.219613075 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:08.219834089 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:08.219979048 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:08.221858978 CEST54172443192.168.2.5172.253.122.84
                                          Sep 6, 2024 02:57:08.222927094 CEST54172443192.168.2.5172.253.122.84
                                          Sep 6, 2024 02:57:08.223838091 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:08.223922968 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:08.315109015 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.315130949 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.318202972 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:08.319190979 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:08.319744110 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:08.321749926 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.321818113 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.321829081 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.321840048 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.321850061 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:08.322540045 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:08.323182106 CEST44359675172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:57:08.325783014 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:08.327270031 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:08.327523947 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.328408957 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.328967094 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.330066919 CEST59675443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:57:08.330554962 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.330696106 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.331492901 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.331506014 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.336841106 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.425112963 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.425126076 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.425484896 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.426381111 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.431540012 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.433749914 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.440505028 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.442147017 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.443317890 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.446732044 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.454539061 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:08.548546076 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:08.641963959 CEST50221443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:08.748697042 CEST54172443192.168.2.5172.253.122.84
                                          Sep 6, 2024 02:57:08.877475023 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:08.898998022 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:08.899008989 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:08.899018049 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:08.899291992 CEST54172443192.168.2.5172.253.122.84
                                          Sep 6, 2024 02:57:08.899379015 CEST54172443192.168.2.5172.253.122.84
                                          Sep 6, 2024 02:57:08.946362972 CEST50221443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:09.027365923 CEST44354172172.253.122.84192.168.2.5
                                          Sep 6, 2024 02:57:09.103606939 CEST44350221162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.103620052 CEST44350221162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.103631973 CEST44350221162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.103643894 CEST44350221162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.103656054 CEST44350221162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.106461048 CEST50221443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:09.108093023 CEST50221443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:09.108196020 CEST50221443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:09.108407974 CEST50221443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:09.108525038 CEST50221443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:09.203247070 CEST44350221162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.203259945 CEST44350221162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.203284025 CEST44350221162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.203360081 CEST44350221162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.204257011 CEST44350221162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.204386950 CEST50221443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:09.204459906 CEST44350221162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.204473972 CEST50221443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:09.205940962 CEST50221443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:09.298464060 CEST44350221162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:57:09.332135916 CEST50221443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:57:09.342957973 CEST5114753192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:09.352807999 CEST53511471.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:09.354495049 CEST5732853192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:09.361001968 CEST53573281.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:09.365258932 CEST5518753192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:09.372216940 CEST53551871.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:11.622586012 CEST6382453192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:11.630172014 CEST53638241.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:11.630834103 CEST5885853192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:11.637973070 CEST53588581.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:11.639704943 CEST6193753192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:11.647119999 CEST53619371.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:11.879031897 CEST5501653192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:15.762171030 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:15.762204885 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:15.857264042 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:15.886312008 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:15.888566017 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:15.888807058 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:15.888849020 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:15.917670965 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:16.008078098 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:20.157696009 CEST5123453192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:20.164594889 CEST53512341.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:20.670667887 CEST5177653192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:20.677175045 CEST53517761.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:20.677809000 CEST5030153192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:20.684530020 CEST53503011.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:20.955765009 CEST5749653192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:20.966619968 CEST53574961.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:20.968043089 CEST5157553192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:20.974895954 CEST53515751.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:20.977392912 CEST5822353192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:20.983973980 CEST53582231.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:24.339989901 CEST5039853192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:24.346550941 CEST53503981.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:24.366796970 CEST5165453192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:24.373508930 CEST53516541.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:26.202356100 CEST5259953192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:26.202620029 CEST5495453192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:26.202838898 CEST6214553192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:26.210608959 CEST53549541.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:26.210624933 CEST53525991.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:26.210783005 CEST53621451.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:26.211473942 CEST6411253192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:26.211890936 CEST6022453192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:26.212188959 CEST5653853192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:26.218388081 CEST53602241.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:26.218595982 CEST53641121.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:26.219510078 CEST53565381.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:26.223782063 CEST6432853192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:26.231003046 CEST53643281.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:26.243051052 CEST5506953192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:26.249423981 CEST6404353192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:26.253871918 CEST53550691.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:26.257174015 CEST53640431.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:26.261095047 CEST6107053192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:26.261517048 CEST5417153192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:26.267967939 CEST53610701.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:26.268054008 CEST5632153192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:26.268258095 CEST53541711.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:26.274574041 CEST53563211.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:26.277862072 CEST5972453192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:26.285662889 CEST53597241.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:26.287445068 CEST6447853192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:26.294121027 CEST53644781.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:26.300107002 CEST4956553192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:26.306487083 CEST53495651.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:31.064836979 CEST5306353192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:31.071871042 CEST53530631.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:31.078988075 CEST5171553192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:31.095907927 CEST53517151.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:31.097035885 CEST5639253192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:31.105907917 CEST53563921.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:31.106420994 CEST5427053192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:31.113821983 CEST53542701.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:31.117970943 CEST5641053192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:31.126167059 CEST53564101.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:31.161858082 CEST5020753192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:31.168782949 CEST53502071.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:31.179527044 CEST6302053192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:31.186162949 CEST53630201.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:34.827413082 CEST5639453192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:34.834681988 CEST53563941.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:37.273943901 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:37.383200884 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:37.383331060 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:37.383840084 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:37.418507099 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:37.503201962 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:37.891052961 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:37.999588966 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:38.000133038 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:38.002465010 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:38.035931110 CEST59682443192.168.2.5142.251.40.110
                                          Sep 6, 2024 02:57:38.120290995 CEST44359682142.251.40.110192.168.2.5
                                          Sep 6, 2024 02:57:56.447268963 CEST5786353192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:56.453896999 CEST53578631.1.1.1192.168.2.5
                                          Sep 6, 2024 02:57:56.455188036 CEST6068953192.168.2.51.1.1.1
                                          Sep 6, 2024 02:57:56.461714983 CEST53606891.1.1.1192.168.2.5
                                          Sep 6, 2024 02:58:00.160001993 CEST55810443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:58:00.160147905 CEST55810443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:58:00.160372019 CEST55810443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:58:00.160460949 CEST55810443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:58:00.604595900 CEST44355810172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:58:00.605231047 CEST55810443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:58:00.637564898 CEST55810443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:58:00.700611115 CEST44355810172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:58:00.700627089 CEST44355810172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:58:00.700635910 CEST44355810172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:58:00.700654030 CEST44355810172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:58:00.700855017 CEST55810443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:58:00.700921059 CEST55810443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:58:00.796257019 CEST44355810172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:58:00.796560049 CEST55810443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:58:00.893368959 CEST44355810172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:58:00.894505978 CEST44355810172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:58:00.894515991 CEST44355810172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:58:00.894799948 CEST55810443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:58:02.764389038 CEST6498753192.168.2.51.1.1.1
                                          Sep 6, 2024 02:58:02.771856070 CEST53649871.1.1.1192.168.2.5
                                          Sep 6, 2024 02:58:02.949970961 CEST55810443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:58:02.950087070 CEST55810443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:58:03.049791098 CEST44355810172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:58:03.050635099 CEST44355810172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:58:03.051103115 CEST44355810172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:58:03.051513910 CEST55810443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:58:03.052566051 CEST57715443192.168.2.523.44.201.27
                                          Sep 6, 2024 02:58:03.293056965 CEST6094853192.168.2.51.1.1.1
                                          Sep 6, 2024 02:58:03.365561962 CEST57715443192.168.2.523.44.201.27
                                          Sep 6, 2024 02:58:03.501498938 CEST4435771523.44.201.27192.168.2.5
                                          Sep 6, 2024 02:58:03.502275944 CEST4435771523.44.201.27192.168.2.5
                                          Sep 6, 2024 02:58:03.502289057 CEST4435771523.44.201.27192.168.2.5
                                          Sep 6, 2024 02:58:03.502338886 CEST4435771523.44.201.27192.168.2.5
                                          Sep 6, 2024 02:58:03.502351046 CEST4435771523.44.201.27192.168.2.5
                                          Sep 6, 2024 02:58:03.505925894 CEST57715443192.168.2.523.44.201.27
                                          Sep 6, 2024 02:58:03.508146048 CEST57715443192.168.2.523.44.201.27
                                          Sep 6, 2024 02:58:03.508289099 CEST57715443192.168.2.523.44.201.27
                                          Sep 6, 2024 02:58:03.610163927 CEST4435771523.44.201.27192.168.2.5
                                          Sep 6, 2024 02:58:03.610176086 CEST4435771523.44.201.27192.168.2.5
                                          Sep 6, 2024 02:58:03.610184908 CEST4435771523.44.201.27192.168.2.5
                                          Sep 6, 2024 02:58:03.610193968 CEST4435771523.44.201.27192.168.2.5
                                          Sep 6, 2024 02:58:03.610551119 CEST57715443192.168.2.523.44.201.27
                                          Sep 6, 2024 02:58:03.611283064 CEST57715443192.168.2.523.44.201.27
                                          Sep 6, 2024 02:58:03.713255882 CEST4435771523.44.201.27192.168.2.5
                                          Sep 6, 2024 02:58:07.940995932 CEST55810443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:58:07.941108942 CEST55810443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:58:08.038964987 CEST44355810172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:58:08.043781042 CEST44355810172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:58:08.043791056 CEST44355810172.64.41.3192.168.2.5
                                          Sep 6, 2024 02:58:08.050865889 CEST55810443192.168.2.5172.64.41.3
                                          Sep 6, 2024 02:58:08.052139997 CEST59278443192.168.2.5142.251.179.84
                                          Sep 6, 2024 02:58:08.052270889 CEST59278443192.168.2.5142.251.179.84
                                          Sep 6, 2024 02:58:08.517704010 CEST44359278142.251.179.84192.168.2.5
                                          Sep 6, 2024 02:58:08.517718077 CEST44359278142.251.179.84192.168.2.5
                                          Sep 6, 2024 02:58:08.517726898 CEST44359278142.251.179.84192.168.2.5
                                          Sep 6, 2024 02:58:08.518430948 CEST59278443192.168.2.5142.251.179.84
                                          Sep 6, 2024 02:58:08.518501997 CEST59278443192.168.2.5142.251.179.84
                                          Sep 6, 2024 02:58:08.540030003 CEST44359278142.251.179.84192.168.2.5
                                          Sep 6, 2024 02:58:08.564095020 CEST59278443192.168.2.5142.251.179.84
                                          Sep 6, 2024 02:58:08.617233992 CEST44359278142.251.179.84192.168.2.5
                                          Sep 6, 2024 02:58:08.664103031 CEST59278443192.168.2.5142.251.179.84
                                          Sep 6, 2024 02:58:08.769191980 CEST59278443192.168.2.5142.251.179.84
                                          Sep 6, 2024 02:58:08.868383884 CEST44359278142.251.179.84192.168.2.5
                                          Sep 6, 2024 02:58:08.895730019 CEST59278443192.168.2.5142.251.179.84
                                          Sep 6, 2024 02:58:08.929955006 CEST44359278142.251.179.84192.168.2.5
                                          Sep 6, 2024 02:58:08.930057049 CEST44359278142.251.179.84192.168.2.5
                                          Sep 6, 2024 02:58:08.930067062 CEST44359278142.251.179.84192.168.2.5
                                          Sep 6, 2024 02:58:08.930265903 CEST59278443192.168.2.5142.251.179.84
                                          Sep 6, 2024 02:58:08.931448936 CEST59278443192.168.2.5142.251.179.84
                                          Sep 6, 2024 02:58:09.054739952 CEST44359278142.251.179.84192.168.2.5
                                          Sep 6, 2024 02:58:23.607626915 CEST4435771523.44.201.27192.168.2.5
                                          Sep 6, 2024 02:58:23.634310007 CEST57715443192.168.2.523.44.201.27
                                          Sep 6, 2024 02:58:24.141431093 CEST4435771523.44.201.27192.168.2.5
                                          Sep 6, 2024 02:58:24.175777912 CEST57715443192.168.2.523.44.201.27
                                          Sep 6, 2024 02:58:29.450052977 CEST53048443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:58:29.450187922 CEST53048443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:58:29.450392962 CEST53048443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:58:29.450481892 CEST53048443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:58:29.898974895 CEST53048443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:58:29.919612885 CEST44353048162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:58:29.920126915 CEST53048443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:58:29.960656881 CEST53048443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:58:29.996942043 CEST44353048162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:58:29.996953011 CEST44353048162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:58:29.996957064 CEST44353048162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:58:29.997076035 CEST44353048162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:58:29.997261047 CEST53048443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:58:29.997323990 CEST53048443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:58:30.018047094 CEST44353048162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:58:30.053935051 CEST53048443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:58:30.094993114 CEST44353048162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:58:30.095192909 CEST53048443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:58:30.194745064 CEST44353048162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:58:30.195621014 CEST44353048162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:58:30.195889950 CEST44353048162.159.61.3192.168.2.5
                                          Sep 6, 2024 02:58:30.196088076 CEST53048443192.168.2.5162.159.61.3
                                          Sep 6, 2024 02:58:33.606940985 CEST4435771523.44.201.27192.168.2.5
                                          Sep 6, 2024 02:58:37.554198980 CEST4950653192.168.2.51.1.1.1
                                          Sep 6, 2024 02:58:37.560987949 CEST53495061.1.1.1192.168.2.5
                                          Sep 6, 2024 02:58:37.561784983 CEST5448453192.168.2.51.1.1.1
                                          Sep 6, 2024 02:58:37.568556070 CEST53544841.1.1.1192.168.2.5
                                          Sep 6, 2024 02:59:03.001508951 CEST52951443192.168.2.523.44.201.27
                                          Sep 6, 2024 02:59:03.449562073 CEST4435295123.44.201.27192.168.2.5
                                          Sep 6, 2024 02:59:03.449790001 CEST4435295123.44.201.27192.168.2.5
                                          Sep 6, 2024 02:59:03.450370073 CEST52951443192.168.2.523.44.201.27
                                          Sep 6, 2024 02:59:03.554474115 CEST4435295123.44.201.27192.168.2.5
                                          Sep 6, 2024 02:59:03.554486990 CEST4435295123.44.201.27192.168.2.5
                                          Sep 6, 2024 02:59:03.554495096 CEST4435295123.44.201.27192.168.2.5
                                          Sep 6, 2024 02:59:03.794506073 CEST4435295123.44.201.27192.168.2.5
                                          Sep 6, 2024 02:59:04.000411987 CEST4435295123.44.201.27192.168.2.5

                                          ICMP Packets

                                          TimestampSource IPDest IPChecksumCodeType
                                          Sep 6, 2024 02:57:03.101754904 CEST192.168.2.51.1.1.1c2ba(Port unreachable)Destination Unreachable

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Sep 6, 2024 02:57:00.154881954 CEST192.168.2.51.1.1.10xa3f4Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:00.155307055 CEST192.168.2.51.1.1.10x4e9aStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                          Sep 6, 2024 02:57:01.067590952 CEST192.168.2.51.1.1.10x2b68Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:01.067821026 CEST192.168.2.51.1.1.10xa3c8Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                          Sep 6, 2024 02:57:01.346060991 CEST192.168.2.51.1.1.10x4b4bStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:01.356268883 CEST192.168.2.51.1.1.10x8a3fStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                          Sep 6, 2024 02:57:03.151674986 CEST192.168.2.51.1.1.10x5ddfStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.161550045 CEST192.168.2.51.1.1.10x119bStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.172801971 CEST192.168.2.51.1.1.10xe0dStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                          Sep 6, 2024 02:57:03.955398083 CEST192.168.2.51.1.1.10x7734Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.955535889 CEST192.168.2.51.1.1.10xd7c0Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                          Sep 6, 2024 02:57:03.955858946 CEST192.168.2.51.1.1.10x3fb7Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.955986977 CEST192.168.2.51.1.1.10x8be1Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                          Sep 6, 2024 02:57:03.986604929 CEST192.168.2.51.1.1.10x32e9Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.986740112 CEST192.168.2.51.1.1.10xe192Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                          Sep 6, 2024 02:57:04.434353113 CEST192.168.2.51.1.1.10x6344Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.436300993 CEST192.168.2.51.1.1.10xa6beStandard query (0)example.orgA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.445611954 CEST192.168.2.51.1.1.10x48a8Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.453835011 CEST192.168.2.51.1.1.10x2d50Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.516032934 CEST192.168.2.51.1.1.10x5052Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.516227961 CEST192.168.2.51.1.1.10xcdddStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.551168919 CEST192.168.2.51.1.1.10xad3bStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.594434977 CEST192.168.2.51.1.1.10x8ba0Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.598442078 CEST192.168.2.51.1.1.10x8561Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                          Sep 6, 2024 02:57:04.600871086 CEST192.168.2.51.1.1.10x6fb0Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                          Sep 6, 2024 02:57:04.601032019 CEST192.168.2.51.1.1.10x1f55Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                          Sep 6, 2024 02:57:05.916816950 CEST192.168.2.51.1.1.10xf77bStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:06.036698103 CEST192.168.2.51.1.1.10x54f8Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:06.045026064 CEST192.168.2.51.1.1.10x832cStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                          Sep 6, 2024 02:57:06.084372044 CEST192.168.2.51.1.1.10xb03aStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:09.342957973 CEST192.168.2.51.1.1.10x715aStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:09.354495049 CEST192.168.2.51.1.1.10x87Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:09.365258932 CEST192.168.2.51.1.1.10xc663Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                          Sep 6, 2024 02:57:11.622586012 CEST192.168.2.51.1.1.10xef7Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:11.630834103 CEST192.168.2.51.1.1.10x96e7Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:11.639704943 CEST192.168.2.51.1.1.10x368Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                          Sep 6, 2024 02:57:11.879031897 CEST192.168.2.51.1.1.10x62ecStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:20.157696009 CEST192.168.2.51.1.1.10x3c3aStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                          Sep 6, 2024 02:57:20.670667887 CEST192.168.2.51.1.1.10x2641Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:20.677809000 CEST192.168.2.51.1.1.10xedd6Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                          Sep 6, 2024 02:57:20.955765009 CEST192.168.2.51.1.1.10xde0fStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:20.968043089 CEST192.168.2.51.1.1.10x16acStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:20.977392912 CEST192.168.2.51.1.1.10xcbe9Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                          Sep 6, 2024 02:57:24.339989901 CEST192.168.2.51.1.1.10x5347Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:24.366796970 CEST192.168.2.51.1.1.10x619eStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                          Sep 6, 2024 02:57:26.202356100 CEST192.168.2.51.1.1.10xfa1aStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.202620029 CEST192.168.2.51.1.1.10x99b0Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.202838898 CEST192.168.2.51.1.1.10x66f7Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.211473942 CEST192.168.2.51.1.1.10x59ebStandard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.211890936 CEST192.168.2.51.1.1.10xce8bStandard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.212188959 CEST192.168.2.51.1.1.10xde83Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.223782063 CEST192.168.2.51.1.1.10x3016Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                          Sep 6, 2024 02:57:26.243051052 CEST192.168.2.51.1.1.10x52d0Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.249423981 CEST192.168.2.51.1.1.10x5771Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                          Sep 6, 2024 02:57:26.261095047 CEST192.168.2.51.1.1.10x2625Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                          Sep 6, 2024 02:57:26.261517048 CEST192.168.2.51.1.1.10x3978Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.268054008 CEST192.168.2.51.1.1.10x3838Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.277862072 CEST192.168.2.51.1.1.10x8df1Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                          Sep 6, 2024 02:57:26.287445068 CEST192.168.2.51.1.1.10xd8a9Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.300107002 CEST192.168.2.51.1.1.10xad0aStandard query (0)twitter.com28IN (0x0001)false
                                          Sep 6, 2024 02:57:31.064836979 CEST192.168.2.51.1.1.10xa99dStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                          Sep 6, 2024 02:57:31.078988075 CEST192.168.2.51.1.1.10x30bbStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:31.097035885 CEST192.168.2.51.1.1.10x8bbeStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:31.106420994 CEST192.168.2.51.1.1.10xacc3Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                          Sep 6, 2024 02:57:31.117970943 CEST192.168.2.51.1.1.10x8caStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:31.161858082 CEST192.168.2.51.1.1.10xcb5cStandard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:31.179527044 CEST192.168.2.51.1.1.10x3022Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                          Sep 6, 2024 02:57:34.827413082 CEST192.168.2.51.1.1.10x5e1Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                          Sep 6, 2024 02:57:56.447268963 CEST192.168.2.51.1.1.10xbe35Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:56.455188036 CEST192.168.2.51.1.1.10xc2caStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                          Sep 6, 2024 02:58:02.764389038 CEST192.168.2.51.1.1.10x6d6bStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                          Sep 6, 2024 02:58:03.293056965 CEST192.168.2.51.1.1.10x227fStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:58:37.554198980 CEST192.168.2.51.1.1.10x632eStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:58:37.561784983 CEST192.168.2.51.1.1.10x508dStandard query (0)push.services.mozilla.com28IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Sep 6, 2024 02:56:59.117866993 CEST1.1.1.1192.168.2.50x8797No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:56:59.117866993 CEST1.1.1.1192.168.2.50x8797No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:56:59.118629932 CEST1.1.1.1192.168.2.50x8f59No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:00.164192915 CEST1.1.1.1192.168.2.50xa3f4No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:00.164593935 CEST1.1.1.1192.168.2.50x4e9aNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:01.074193954 CEST1.1.1.1192.168.2.50x2b68No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:01.074193954 CEST1.1.1.1192.168.2.50x2b68No error (0)googlehosted.l.googleusercontent.com142.250.181.225A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:01.076090097 CEST1.1.1.1192.168.2.50xa3c8No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:01.343193054 CEST1.1.1.1192.168.2.50xfbf1No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:01.353715897 CEST1.1.1.1192.168.2.50x4b4bNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:02.466631889 CEST1.1.1.1192.168.2.50x6566No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:02.466631889 CEST1.1.1.1192.168.2.50x6566No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:02.508052111 CEST1.1.1.1192.168.2.50x926No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.083995104 CEST1.1.1.1192.168.2.50xab35No error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.nets-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.083995104 CEST1.1.1.1192.168.2.50xab35No error (0)s-part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.158232927 CEST1.1.1.1192.168.2.50x5ddfNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.158232927 CEST1.1.1.1192.168.2.50x5ddfNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.168051958 CEST1.1.1.1192.168.2.50x119bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.179400921 CEST1.1.1.1192.168.2.50xe0dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                          Sep 6, 2024 02:57:03.484327078 CEST1.1.1.1192.168.2.50x3710No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.484327078 CEST1.1.1.1192.168.2.50x3710No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.512942076 CEST1.1.1.1192.168.2.50x5c59No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.962426901 CEST1.1.1.1192.168.2.50xd7c0No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                          Sep 6, 2024 02:57:03.962613106 CEST1.1.1.1192.168.2.50x7734No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.962613106 CEST1.1.1.1192.168.2.50x7734No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.962950945 CEST1.1.1.1192.168.2.50x3fb7No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.962950945 CEST1.1.1.1192.168.2.50x3fb7No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.962960005 CEST1.1.1.1192.168.2.50x8be1No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                          Sep 6, 2024 02:57:03.993124962 CEST1.1.1.1192.168.2.50x32e9No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.993124962 CEST1.1.1.1192.168.2.50x32e9No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:03.993563890 CEST1.1.1.1192.168.2.50xe192No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                          Sep 6, 2024 02:57:04.441046000 CEST1.1.1.1192.168.2.50x6344No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.442615986 CEST1.1.1.1192.168.2.50xa6beNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.452075958 CEST1.1.1.1192.168.2.50x48a8No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.452075958 CEST1.1.1.1192.168.2.50x48a8No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.454653978 CEST1.1.1.1192.168.2.50xeaefNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.454653978 CEST1.1.1.1192.168.2.50xeaefNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.465111017 CEST1.1.1.1192.168.2.50x2d50No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.465111017 CEST1.1.1.1192.168.2.50x2d50No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.522818089 CEST1.1.1.1192.168.2.50xcdddNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.522959948 CEST1.1.1.1192.168.2.50x5052No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.568543911 CEST1.1.1.1192.168.2.50xad3bNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.601023912 CEST1.1.1.1192.168.2.50x8ba0No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:04.601023912 CEST1.1.1.1192.168.2.50x8ba0No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:05.511493921 CEST1.1.1.1192.168.2.50xb22dNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:05.511493921 CEST1.1.1.1192.168.2.50xb22dNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:05.923566103 CEST1.1.1.1192.168.2.50xf77bNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:05.923566103 CEST1.1.1.1192.168.2.50xf77bNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:05.923566103 CEST1.1.1.1192.168.2.50xf77bNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:06.043764114 CEST1.1.1.1192.168.2.50x54f8No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:06.051724911 CEST1.1.1.1192.168.2.50x832cNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                          Sep 6, 2024 02:57:06.091245890 CEST1.1.1.1192.168.2.50xb03aNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:06.526350021 CEST1.1.1.1192.168.2.50xb22dNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:06.526350021 CEST1.1.1.1192.168.2.50xb22dNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:07.564939976 CEST1.1.1.1192.168.2.50xb22dNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:07.564939976 CEST1.1.1.1192.168.2.50xb22dNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:09.352807999 CEST1.1.1.1192.168.2.50x715aNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:09.361001968 CEST1.1.1.1192.168.2.50x87No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:09.571024895 CEST1.1.1.1192.168.2.50xb22dNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:09.571024895 CEST1.1.1.1192.168.2.50xb22dNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:11.630172014 CEST1.1.1.1192.168.2.50xef7No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:11.630172014 CEST1.1.1.1192.168.2.50xef7No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:11.630172014 CEST1.1.1.1192.168.2.50xef7No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:11.637973070 CEST1.1.1.1192.168.2.50x96e7No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:11.886424065 CEST1.1.1.1192.168.2.50x62ecNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:11.886424065 CEST1.1.1.1192.168.2.50x62ecNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:13.588771105 CEST1.1.1.1192.168.2.50xb22dNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:13.588771105 CEST1.1.1.1192.168.2.50xb22dNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:20.163120031 CEST1.1.1.1192.168.2.50x243cNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:20.163120031 CEST1.1.1.1192.168.2.50x243cNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:20.669608116 CEST1.1.1.1192.168.2.50xca4eNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:20.677175045 CEST1.1.1.1192.168.2.50x2641No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:20.966619968 CEST1.1.1.1192.168.2.50xde0fNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:20.966619968 CEST1.1.1.1192.168.2.50xde0fNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:20.974895954 CEST1.1.1.1192.168.2.50x16acNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:21.160691977 CEST1.1.1.1192.168.2.50x3249No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:24.346550941 CEST1.1.1.1192.168.2.50x5347No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210608959 CEST1.1.1.1192.168.2.50x99b0No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210608959 CEST1.1.1.1192.168.2.50x99b0No error (0)star-mini.c10r.facebook.com157.240.252.35A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210624933 CEST1.1.1.1192.168.2.50xfa1aNo error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210783005 CEST1.1.1.1192.168.2.50x66f7No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.210783005 CEST1.1.1.1192.168.2.50x66f7No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218388081 CEST1.1.1.1192.168.2.50xce8bNo error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218388081 CEST1.1.1.1192.168.2.50xce8bNo error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218388081 CEST1.1.1.1192.168.2.50xce8bNo error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218388081 CEST1.1.1.1192.168.2.50xce8bNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218388081 CEST1.1.1.1192.168.2.50xce8bNo error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218388081 CEST1.1.1.1192.168.2.50xce8bNo error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218388081 CEST1.1.1.1192.168.2.50xce8bNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218388081 CEST1.1.1.1192.168.2.50xce8bNo error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218388081 CEST1.1.1.1192.168.2.50xce8bNo error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218388081 CEST1.1.1.1192.168.2.50xce8bNo error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218388081 CEST1.1.1.1192.168.2.50xce8bNo error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218388081 CEST1.1.1.1192.168.2.50xce8bNo error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218388081 CEST1.1.1.1192.168.2.50xce8bNo error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218388081 CEST1.1.1.1192.168.2.50xce8bNo error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218388081 CEST1.1.1.1192.168.2.50xce8bNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218388081 CEST1.1.1.1192.168.2.50xce8bNo error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.218595982 CEST1.1.1.1192.168.2.50x59ebNo error (0)star-mini.c10r.facebook.com157.240.253.35A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.219510078 CEST1.1.1.1192.168.2.50xde83No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.231003046 CEST1.1.1.1192.168.2.50x3016No error (0)dyna.wikimedia.org28IN (0x0001)false
                                          Sep 6, 2024 02:57:26.253871918 CEST1.1.1.1192.168.2.50x52d0No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.253871918 CEST1.1.1.1192.168.2.50x52d0No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.253871918 CEST1.1.1.1192.168.2.50x52d0No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.253871918 CEST1.1.1.1192.168.2.50x52d0No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.253871918 CEST1.1.1.1192.168.2.50x52d0No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.257174015 CEST1.1.1.1192.168.2.50x5771No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                          Sep 6, 2024 02:57:26.257174015 CEST1.1.1.1192.168.2.50x5771No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                          Sep 6, 2024 02:57:26.257174015 CEST1.1.1.1192.168.2.50x5771No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                          Sep 6, 2024 02:57:26.257174015 CEST1.1.1.1192.168.2.50x5771No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                          Sep 6, 2024 02:57:26.267967939 CEST1.1.1.1192.168.2.50x2625No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                          Sep 6, 2024 02:57:26.268258095 CEST1.1.1.1192.168.2.50x3978No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.268258095 CEST1.1.1.1192.168.2.50x3978No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.268258095 CEST1.1.1.1192.168.2.50x3978No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.268258095 CEST1.1.1.1192.168.2.50x3978No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.274574041 CEST1.1.1.1192.168.2.50x3838No error (0)twitter.com104.244.42.1A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:26.294121027 CEST1.1.1.1192.168.2.50xd8a9No error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:31.095907927 CEST1.1.1.1192.168.2.50x30bbNo error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:31.095907927 CEST1.1.1.1192.168.2.50x30bbNo error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:31.095907927 CEST1.1.1.1192.168.2.50x30bbNo error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:31.095907927 CEST1.1.1.1192.168.2.50x30bbNo error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:31.105907917 CEST1.1.1.1192.168.2.50x8bbeNo error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:31.105907917 CEST1.1.1.1192.168.2.50x8bbeNo error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:31.105907917 CEST1.1.1.1192.168.2.50x8bbeNo error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:31.105907917 CEST1.1.1.1192.168.2.50x8bbeNo error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:31.126167059 CEST1.1.1.1192.168.2.50x8caNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:31.126167059 CEST1.1.1.1192.168.2.50x8caNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:31.168782949 CEST1.1.1.1192.168.2.50xcb5cNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:57:32.362112999 CEST1.1.1.1192.168.2.50xba33No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:32.362112999 CEST1.1.1.1192.168.2.50xba33No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:57:56.453896999 CEST1.1.1.1192.168.2.50xbe35No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:58:02.762141943 CEST1.1.1.1192.168.2.50x403aNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:58:03.299896002 CEST1.1.1.1192.168.2.50x227fNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 6, 2024 02:58:03.299896002 CEST1.1.1.1192.168.2.50x227fNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                          Sep 6, 2024 02:58:37.560987949 CEST1.1.1.1192.168.2.50x632eNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false

                                          HTTP Request Dependency Graph

                                          • api.edgeoffer.microsoft.com
                                          • clients2.googleusercontent.com
                                          • edgeassetservice.azureedge.net
                                          • chrome.cloudflare-dns.com
                                          • fs.microsoft.com
                                          • https:
                                            • accounts.youtube.com
                                            • www.google.com
                                          • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                          • slscr.update.microsoft.com
                                          • detectportal.firefox.com

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.54973534.107.221.82804668C:\Program Files\Mozilla Firefox\firefox.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 6, 2024 02:57:03.206192970 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:57:03.649467945 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56660
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.54974934.107.221.82804668C:\Program Files\Mozilla Firefox\firefox.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 6, 2024 02:57:04.708969116 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:57:05.165410995 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4310
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.54975934.107.221.82804668C:\Program Files\Mozilla Firefox\firefox.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 6, 2024 02:57:06.035320044 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:57:06.383682013 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56663
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:57:09.263295889 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:57:09.360268116 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56666
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:57:17.814294100 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:57:17.909219980 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56674
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:57:20.747703075 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:57:20.842303991 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56677
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:57:21.150335073 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:57:21.244498968 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56678
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:57:21.557980061 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:57:21.652841091 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56678
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:57:24.323457003 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:57:24.418039083 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56681
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:57:24.588130951 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:57:24.682796955 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56681
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:57:24.803656101 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:57:24.900027037 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56681
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:57:31.822827101 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:57:31.917167902 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56688
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:57:32.315413952 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:57:32.409750938 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56689
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:57:35.292294025 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:57:35.387121916 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56692
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:57:45.394289970 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 6, 2024 02:57:48.354912043 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:57:48.449558973 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56705
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:57:57.554297924 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:57:57.648902893 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56714
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:58:03.291765928 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:58:03.387162924 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56720
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:58:03.770025015 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:58:03.864754915 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56720
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:58:13.876492023 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 6, 2024 02:58:23.881680012 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 6, 2024 02:58:33.892471075 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 6, 2024 02:58:38.033032894 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 6, 2024 02:58:38.127645016 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 09:12:43 GMT
                                          Age: 56755
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 6, 2024 02:58:48.144083023 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 6, 2024 02:58:58.175461054 CEST6OUTData Raw: 00
                                          Data Ascii:


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.54978234.107.221.82804668C:\Program Files\Mozilla Firefox\firefox.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 6, 2024 02:57:09.248547077 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:57:09.692666054 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4314
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:57:10.083163977 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4314
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:57:11.878885031 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:57:11.975328922 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4316
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:57:19.675437927 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:57:19.773504019 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4324
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:57:20.963865995 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:57:21.066138029 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4326
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:57:21.554734945 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:57:21.648524046 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4326
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:57:24.121709108 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:57:24.216665983 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4329
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:57:24.509140015 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:57:24.603796959 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4329
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:57:24.686300993 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:57:24.780224085 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4329
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:57:24.902447939 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:57:24.997046947 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4329
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:57:31.920180082 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:57:32.014667988 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4336
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:57:32.411926985 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:57:32.506254911 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4337
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:57:35.391684055 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:57:35.485744953 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4340
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:57:45.494564056 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 6, 2024 02:57:48.452459097 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:57:48.547013998 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4353
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:57:57.652324915 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:57:57.746721983 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4362
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:58:03.419828892 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:58:03.514861107 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4368
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:58:03.867136955 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:58:03.961575031 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4368
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:58:13.976783037 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 6, 2024 02:58:23.981916904 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 6, 2024 02:58:33.992980957 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 6, 2024 02:58:38.130626917 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 6, 2024 02:58:38.225430965 CEST215INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Thu, 05 Sep 2024 23:45:15 GMT
                                          Content-Type: text/plain
                                          Age: 4403
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 6, 2024 02:58:48.244440079 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 6, 2024 02:58:58.256051064 CEST6OUTData Raw: 00
                                          Data Ascii:


                                          HTTPS Proxied Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.54971094.245.104.564437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:56:59 UTC428OUTGET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1
                                          Host: api.edgeoffer.microsoft.com
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:00 UTC725INHTTP/1.1 200 OK
                                          Content-Length: 0
                                          Connection: close
                                          Content-Type: application/x-protobuf; charset=utf-8
                                          Date: Fri, 06 Sep 2024 00:57:00 GMT
                                          Server: Microsoft-IIS/10.0
                                          Set-Cookie: ARRAffinity=b2cf461e48ecc93b19cf255be6172c2e255f0b5133c27c015f237c72f4db18e4;Path=/;HttpOnly;Domain=api.edgeoffer.microsoft.com
                                          Set-Cookie: ARRAffinity=9abdbd5b78a381dd725259cea1c6bbae9a0ace202d10a3de203c265ae51fd2a1;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com
                                          Set-Cookie: ARRAffinitySameSite=9abdbd5b78a381dd725259cea1c6bbae9a0ace202d10a3de203c265ae51fd2a1;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com
                                          Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9
                                          X-Powered-By: ASP.NET


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.549721142.250.181.2254437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:01 UTC594OUTGET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                          Host: clients2.googleusercontent.com
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:02 UTC566INHTTP/1.1 200 OK
                                          Accept-Ranges: bytes
                                          Content-Length: 135751
                                          X-GUploader-UploadID: AD-8ljt_O5XMJoPXlP6Q8KGWegLxpoAv8Lc1GNJdQ3ftIxlOhGAnKSjCUCnfhK-XxvEt00jIhvM
                                          X-Goog-Hash: crc32c=IDdmTg==
                                          Server: UploadServer
                                          Date: Thu, 05 Sep 2024 19:26:09 GMT
                                          Expires: Fri, 05 Sep 2025 19:26:09 GMT
                                          Cache-Control: public, max-age=31536000
                                          Age: 19852
                                          Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                          ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                          Content-Type: application/x-chrome-extension
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          Connection: close
                                          2024-09-06 00:57:02 UTC824INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                          Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                          2024-09-06 00:57:02 UTC1390INData Raw: cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87
                                          Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>J:9
                                          2024-09-06 00:57:02 UTC1390INData Raw: fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35
                                          Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewWe5
                                          2024-09-06 00:57:02 UTC1390INData Raw: a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c
                                          Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](|
                                          2024-09-06 00:57:02 UTC1390INData Raw: f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe
                                          Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
                                          2024-09-06 00:57:02 UTC1390INData Raw: ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99
                                          Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,p
                                          2024-09-06 00:57:02 UTC1390INData Raw: 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50
                                          Data Ascii: 4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$MmDhP
                                          2024-09-06 00:57:02 UTC1390INData Raw: 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0
                                          Data Ascii: nh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u,2
                                          2024-09-06 00:57:02 UTC1390INData Raw: 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23
                                          Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
                                          2024-09-06 00:57:02 UTC1390INData Raw: 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f
                                          Data Ascii: ^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.549729184.28.90.27443
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:03 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          Accept-Encoding: identity
                                          User-Agent: Microsoft BITS/7.8
                                          Host: fs.microsoft.com
                                          2024-09-06 00:57:03 UTC466INHTTP/1.1 200 OK
                                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                          Content-Type: application/octet-stream
                                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                          Server: ECAcc (lpl/EF67)
                                          X-CID: 11
                                          X-Ms-ApiVersion: Distribute 1.2
                                          X-Ms-Region: prod-weu-z1
                                          Cache-Control: public, max-age=56917
                                          Date: Fri, 06 Sep 2024 00:57:03 GMT
                                          Connection: close
                                          X-CID: 2


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.54973213.107.246.604437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:03 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Edge-Asset-Group: Shoreline
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:03 UTC577INHTTP/1.1 200 OK
                                          Date: Fri, 06 Sep 2024 00:57:03 GMT
                                          Content-Type: application/octet-stream
                                          Content-Length: 306698
                                          Connection: close
                                          Content-Encoding: gzip
                                          Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                          ETag: 0x8DBC9B5C40EBFF4
                                          x-ms-request-id: a05cbbc2-a01e-0025-3785-fef0b4000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240906T005703Z-16579567576j7nvvu5n0ytgs1c0000000da000000000emec
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 0
                                          X-Cache-Info: L1_T2
                                          X-Cache: TCP_HIT
                                          Accept-Ranges: bytes
                                          2024-09-06 00:57:03 UTC15807INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                          Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                          2024-09-06 00:57:03 UTC16384INData Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c
                                          Data Ascii: u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp
                                          2024-09-06 00:57:03 UTC16384INData Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d
                                          Data Ascii: ,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-
                                          2024-09-06 00:57:04 UTC16384INData Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80
                                          Data Ascii: *B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqP
                                          2024-09-06 00:57:04 UTC16384INData Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e
                                          Data Ascii: kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.V
                                          2024-09-06 00:57:04 UTC16384INData Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7
                                          Data Ascii: {M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
                                          2024-09-06 00:57:04 UTC16384INData Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1
                                          Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
                                          2024-09-06 00:57:04 UTC16384INData Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03
                                          Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                                          2024-09-06 00:57:04 UTC16384INData Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40
                                          Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@
                                          2024-09-06 00:57:04 UTC16384INData Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6
                                          Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          4192.168.2.54973613.107.246.604437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:04 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Edge-Asset-Group: EntityExtractionDomainsConfig
                                          Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                          Sec-Mesh-Client-Edge-Channel: stable
                                          Sec-Mesh-Client-OS: Windows
                                          Sec-Mesh-Client-OS-Version: 10.0.19045
                                          Sec-Mesh-Client-Arch: x86_64
                                          Sec-Mesh-Client-WebView: 0
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:04 UTC583INHTTP/1.1 200 OK
                                          Date: Fri, 06 Sep 2024 00:57:04 GMT
                                          Content-Type: application/octet-stream
                                          Content-Length: 70207
                                          Connection: close
                                          Content-Encoding: gzip
                                          Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                          ETag: 0x8DCB31E67C22927
                                          x-ms-request-id: ed2d6e16-301e-006f-0748-ffc0d3000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240906T005704Z-16579567576cn8jdyhfng4vp38000000010g000000005v6s
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 69316365
                                          X-Cache: TCP_HIT
                                          X-Cache-Info: L1_T2
                                          Accept-Ranges: bytes
                                          2024-09-06 00:57:04 UTC15801INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                          Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                          2024-09-06 00:57:04 UTC16384INData Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31
                                          Data Ascii: JEq*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
                                          2024-09-06 00:57:04 UTC16384INData Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63
                                          Data Ascii: /M5?Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|c
                                          2024-09-06 00:57:04 UTC16384INData Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81
                                          Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
                                          2024-09-06 00:57:04 UTC5254INData Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83
                                          Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          5192.168.2.549742162.159.61.34437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:04 UTC245OUTPOST /dns-query HTTP/1.1
                                          Host: chrome.cloudflare-dns.com
                                          Connection: keep-alive
                                          Content-Length: 128
                                          Accept: application/dns-message
                                          Accept-Language: *
                                          User-Agent: Chrome
                                          Accept-Encoding: identity
                                          Content-Type: application/dns-message
                                          2024-09-06 00:57:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii: wwwgstaticcom)TP
                                          2024-09-06 00:57:04 UTC247INHTTP/1.1 200 OK
                                          Server: cloudflare
                                          Date: Fri, 06 Sep 2024 00:57:04 GMT
                                          Content-Type: application/dns-message
                                          Connection: close
                                          Access-Control-Allow-Origin: *
                                          Content-Length: 468
                                          CF-RAY: 8bea80bb3b66432b-EWR
                                          alt-svc: h3=":443"; ma=86400
                                          2024-09-06 00:57:04 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1f 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii: wwwgstaticcomA)


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          6192.168.2.549741172.64.41.34437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:04 UTC245OUTPOST /dns-query HTTP/1.1
                                          Host: chrome.cloudflare-dns.com
                                          Connection: keep-alive
                                          Content-Length: 128
                                          Accept: application/dns-message
                                          Accept-Language: *
                                          User-Agent: Chrome
                                          Accept-Encoding: identity
                                          Content-Type: application/dns-message
                                          2024-09-06 00:57:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii: wwwgstaticcom)TP
                                          2024-09-06 00:57:04 UTC247INHTTP/1.1 200 OK
                                          Server: cloudflare
                                          Date: Fri, 06 Sep 2024 00:57:04 GMT
                                          Content-Type: application/dns-message
                                          Connection: close
                                          Access-Control-Allow-Origin: *
                                          Content-Length: 468
                                          CF-RAY: 8bea80bb3b2a726e-EWR
                                          alt-svc: h3=":443"; ma=86400
                                          2024-09-06 00:57:04 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 27 00 04 8e fa 51 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii: wwwgstaticcom'Q)


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          7192.168.2.549743162.159.61.34437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:04 UTC245OUTPOST /dns-query HTTP/1.1
                                          Host: chrome.cloudflare-dns.com
                                          Connection: keep-alive
                                          Content-Length: 128
                                          Accept: application/dns-message
                                          Accept-Language: *
                                          User-Agent: Chrome
                                          Accept-Encoding: identity
                                          Content-Type: application/dns-message
                                          2024-09-06 00:57:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii: wwwgstaticcom)TP
                                          2024-09-06 00:57:04 UTC247INHTTP/1.1 200 OK
                                          Server: cloudflare
                                          Date: Fri, 06 Sep 2024 00:57:04 GMT
                                          Content-Type: application/dns-message
                                          Connection: close
                                          Access-Control-Allow-Origin: *
                                          Content-Length: 468
                                          CF-RAY: 8bea80bb5f3a42dd-EWR
                                          alt-svc: h3=":443"; ma=86400
                                          2024-09-06 00:57:04 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 e0 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii: wwwgstaticcom))


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          8192.168.2.549739184.28.90.27443
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:04 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          Accept-Encoding: identity
                                          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                          Range: bytes=0-2147483646
                                          User-Agent: Microsoft BITS/7.8
                                          Host: fs.microsoft.com
                                          2024-09-06 00:57:04 UTC514INHTTP/1.1 200 OK
                                          ApiVersion: Distribute 1.1
                                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                          Content-Type: application/octet-stream
                                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                          Server: ECAcc (lpl/EF06)
                                          X-CID: 11
                                          X-Ms-ApiVersion: Distribute 1.2
                                          X-Ms-Region: prod-weu-z1
                                          Cache-Control: public, max-age=56970
                                          Date: Fri, 06 Sep 2024 00:57:04 GMT
                                          Content-Length: 55
                                          Connection: close
                                          X-CID: 2
                                          2024-09-06 00:57:04 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          9192.168.2.54974513.107.246.604437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:05 UTC438OUTGET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:05 UTC543INHTTP/1.1 200 OK
                                          Date: Fri, 06 Sep 2024 00:57:05 GMT
                                          Content-Type: image/png
                                          Content-Length: 1579
                                          Connection: close
                                          Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT
                                          ETag: 0x8DBDCB5DE99522A
                                          x-ms-request-id: b82236bc-001e-000a-3bd3-ff718e000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240906T005705Z-16579567576h9nndaeer0cv35w0000000d1g00000000bc4d
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 69316365
                                          X-Cache: TCP_HIT
                                          X-Cache-Info: L1_T2
                                          Accept-Ranges: bytes
                                          2024-09-06 00:57:05 UTC1579INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29
                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          10192.168.2.54975413.107.246.404437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:05 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:05 UTC515INHTTP/1.1 200 OK
                                          Date: Fri, 06 Sep 2024 00:57:05 GMT
                                          Content-Type: image/png
                                          Content-Length: 1966
                                          Connection: close
                                          Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                          ETag: 0x8DBDCB5EC122A94
                                          x-ms-request-id: 25350ece-301e-002b-08d4-fa1cbf000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240906T005705Z-16579567576qxwrndb60my3nes0000000d5g000000007dfn
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 0
                                          X-Cache: TCP_HIT
                                          Accept-Ranges: bytes
                                          2024-09-06 00:57:05 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          11192.168.2.54975313.107.246.404437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:05 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:05 UTC536INHTTP/1.1 200 OK
                                          Date: Fri, 06 Sep 2024 00:57:05 GMT
                                          Content-Type: image/png
                                          Content-Length: 1751
                                          Connection: close
                                          Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                          ETag: 0x8DBCEA8D5AACC85
                                          x-ms-request-id: 1e6d2d82-a01e-0061-7c30-fe2cd8000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240906T005705Z-16579567576l8zffr7mt4xy2un0000000cv000000000bb9e
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 0
                                          X-Cache-Info: L1_T2
                                          X-Cache: TCP_HIT
                                          Accept-Ranges: bytes
                                          2024-09-06 00:57:05 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          12192.168.2.54975513.107.246.404437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:05 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:05 UTC536INHTTP/1.1 200 OK
                                          Date: Fri, 06 Sep 2024 00:57:05 GMT
                                          Content-Type: image/png
                                          Content-Length: 1427
                                          Connection: close
                                          Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                          ETag: 0x8DBDCB5EF021F8E
                                          x-ms-request-id: 493a985f-801e-0076-6330-feecbb000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240906T005705Z-16579567576w5bqfyu10zdac7g0000000cwg00000000gq9c
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 0
                                          X-Cache-Info: L1_T2
                                          X-Cache: TCP_HIT
                                          Accept-Ranges: bytes
                                          2024-09-06 00:57:05 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          13192.168.2.54975813.107.246.404437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:05 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:05 UTC543INHTTP/1.1 200 OK
                                          Date: Fri, 06 Sep 2024 00:57:05 GMT
                                          Content-Type: image/png
                                          Content-Length: 2008
                                          Connection: close
                                          Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                          ETag: 0x8DBC9B5C0C17219
                                          x-ms-request-id: 99f39b71-d01e-004c-0354-ffaf18000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240906T005705Z-16579567576h266g9d6dee9ff80000000d9g00000000famg
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 69316365
                                          X-Cache: TCP_HIT
                                          X-Cache-Info: L1_T2
                                          Accept-Ranges: bytes
                                          2024-09-06 00:57:05 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          14192.168.2.54975613.107.246.404437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:05 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:05 UTC536INHTTP/1.1 200 OK
                                          Date: Fri, 06 Sep 2024 00:57:05 GMT
                                          Content-Type: image/png
                                          Content-Length: 2229
                                          Connection: close
                                          Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                          ETag: 0x8DBD59359A9E77B
                                          x-ms-request-id: 453f1ddb-801e-005f-6ffe-fa9af9000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240906T005705Z-16579567576c4hpgz3uh2pbn5g0000000d1g00000000p5bh
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 0
                                          X-Cache-Info: L1_T2
                                          X-Cache: TCP_HIT
                                          Accept-Ranges: bytes
                                          2024-09-06 00:57:05 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          15192.168.2.549765142.250.72.1104437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:06 UTC1079OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=143123390&timestamp=1725584224906 HTTP/1.1
                                          Host: accounts.youtube.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                          sec-ch-ua-mobile: ?0
                                          sec-ch-ua-full-version: "117.0.5938.132"
                                          sec-ch-ua-arch: "x86"
                                          sec-ch-ua-platform: "Windows"
                                          sec-ch-ua-platform-version: "10.0.0"
                                          sec-ch-ua-model: ""
                                          sec-ch-ua-bitness: "64"
                                          sec-ch-ua-wow64: ?0
                                          sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                          Upgrade-Insecure-Requests: 1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: navigate
                                          Sec-Fetch-Dest: iframe
                                          Referer: https://accounts.google.com/
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:07 UTC1971INHTTP/1.1 200 OK
                                          Content-Type: text/html; charset=utf-8
                                          X-Frame-Options: ALLOW-FROM https://accounts.google.com
                                          Content-Security-Policy: frame-ancestors https://accounts.google.com
                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                                          Content-Security-Policy: script-src 'report-sample' 'nonce-e_066JbwNrcBcyFNIXft-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                          Pragma: no-cache
                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                          Date: Fri, 06 Sep 2024 00:57:06 GMT
                                          Cross-Origin-Opener-Policy: same-origin
                                          Cross-Origin-Resource-Policy: cross-origin
                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmLw1JBikPj6kkkNiJ3SZ7AGAHHSv_OsBUC8JOIi64HEi6yXuy-xXgdi1Z5LrMZALMTD8WjZy21sAg390w8yK-kl5RfGZ6ak5pVkllSm5OcmZuYl5-dnZ6YWF6cWlaUWxRsZGJkYWBiZ6hlYxBcYAAAQoy4u"
                                          Server: ESF
                                          X-XSS-Protection: 0
                                          X-Content-Type-Options: nosniff
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          Accept-Ranges: none
                                          Vary: Accept-Encoding
                                          Connection: close
                                          Transfer-Encoding: chunked
                                          2024-09-06 00:57:07 UTC1971INData Raw: 37 36 33 39 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 65 5f 30 36 36 4a 62 77 4e 72 63 42 63 79 46 4e 49 58 66 74 2d 67 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                                          Data Ascii: 7639<html><head><script nonce="e_066JbwNrcBcyFNIXft-g">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                                          2024-09-06 00:57:07 UTC1971INData Raw: 6e 20 64 20 69 6e 20 62 7d 29 5d 7c 7c 22 22 7d 7d 2c 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 0a 66 61 28 29 3b 69 66 28 61 3d 3d 3d 22 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 22 29 7b 69 66 28 6a 61 28 29 29 69 66 28 28 61 3d 2f 72 76 3a 20 2a 28 5b 5c 64 5c 2e 5d 2a 29 2f 2e 65 78 65 63 28 62 29 29 26 26 61 5b 31 5d 29 62 3d 61 5b 31 5d 3b 65 6c 73 65 7b 61 3d 22 22 3b 76 61 72 20 63 3d 2f 4d 53 49 45 20 2b 28 5b 5c 64 5c 2e 5d 2b 29 2f 2e 65 78 65 63 28 62 29 3b 69 66 28 63 26 26 63 5b 31 5d 29 69 66 28 62 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e
                                          Data Ascii: n d in b})]||""}},pa=function(a){var b=fa();if(a==="Internet Explorer"){if(ja())if((a=/rv: *([\d\.]*)/.exec(b))&&a[1])b=a[1];else{a="";var c=/MSIE +([\d\.]+)/.exec(b);if(c&&c[1])if(b=/Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.
                                          2024-09-06 00:57:07 UTC1971INData Raw: 6f 6e 28 61 2c 62 2c 63 29 7b 61 3d 3d 6e 75 6c 6c 26 26 28 61 3d 79 61 29 3b 79 61 3d 76 6f 69 64 20 30 3b 69 66 28 61 3d 3d 6e 75 6c 6c 29 7b 76 61 72 20 64 3d 39 36 3b 63 3f 28 61 3d 5b 63 5d 2c 64 7c 3d 35 31 32 29 3a 61 3d 5b 5d 3b 62 26 26 28 64 3d 64 26 2d 31 36 37 36 30 38 33 33 7c 28 62 26 31 30 32 33 29 3c 3c 31 34 29 7d 65 6c 73 65 7b 69 66 28 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6e 22 29 3b 0a 64 3d 7a 28 61 29 3b 69 66 28 64 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6f 22 29 3b 69 66 28 64 26 36 34 29 72 65 74 75 72 6e 20 61 3b 64 7c 3d 36 34 3b 69 66 28 63 26 26 28 64 7c 3d 35 31 32 2c 63 21 3d 3d 61 5b 30 5d 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 22 29 3b 61 3a
                                          Data Ascii: on(a,b,c){a==null&&(a=ya);ya=void 0;if(a==null){var d=96;c?(a=[c],d|=512):a=[];b&&(d=d&-16760833|(b&1023)<<14)}else{if(!Array.isArray(a))throw Error("n");d=z(a);if(d&2048)throw Error("o");if(d&64)return a;d|=64;if(c&&(d|=512,c!==a[0]))throw Error("p");a:
                                          2024-09-06 00:57:07 UTC1971INData Raw: 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 43 3f 61 2e 4a 3a 4b 61 28 61 2e 4a 2c 4e 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 76 61 72 20 62 3d 21 43 2c 63 3d 61 2e 6c 65 6e 67 74 68 3b 69 66 28 63 29 7b 76 61 72 20 64 3d 61 5b 63 2d 31 5d 2c 65 3d 76 61 28 64 29 3b 65 3f 63 2d 2d 3a 64 3d 76 6f 69 64 20 30 3b 76 61 72 20 66 3d 61 3b 69 66 28 65 29 7b 62 3a 7b 76 61 72 20 68 3d 64 3b 76 61 72 20 67 3d 7b 7d 3b 65 3d 21 31 3b 69 66 28 68 29 66 6f 72 28 76 61 72 20 6b 20 69 6e 20 68 29 69 66 28 69 73 4e 61 4e 28 2b 6b 29 29 67 5b 6b 5d 3d 68 5b 6b 5d 3b 65 6c 73 65 7b 76 61 72 20 6c 3d 0a 68 5b 6b 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6c 29 26 26 28 41 28 6c 29 7c 7c 75 61 28 6c 29 26 26 6c 2e 73 69 7a 65 3d 3d 3d 30 29 26 26 28 6c 3d
                                          Data Ascii: nction(a){a=C?a.J:Ka(a.J,Na,void 0,void 0,!1);var b=!C,c=a.length;if(c){var d=a[c-1],e=va(d);e?c--:d=void 0;var f=a;if(e){b:{var h=d;var g={};e=!1;if(h)for(var k in h)if(isNaN(+k))g[k]=h[k];else{var l=h[k];Array.isArray(l)&&(A(l)||ua(l)&&l.size===0)&&(l=
                                          2024-09-06 00:57:07 UTC1971INData Raw: 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 44 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 54 61 28 51 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 0a 76 61 72 20 54 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 2c 46 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d
                                          Data Ascii: eof d==="function"&&typeof d.prototype[a]!="function"&&D(d.prototype,a,{configurable:!0,writable:!0,value:function(){return Ta(Qa(this))}})}return a});var Ta=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a},F=function(a){var b=
                                          2024-09-06 00:57:07 UTC1971INData Raw: 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 47 28 6b 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6a 60 22 2b 6b 29 3b 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3d 6c 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 47 28 6b 2c 66 29 3f 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3a 76 6f 69 64 20 30 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 47 28 6b 2c 66 29 26 26 47 28 6b 5b 66 5d 2c 74 68 69 73 2e 67 29 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 0a 47 28 6b 2c 66 29
                                          Data Ascii: ("i");d(k);if(!G(k,f))throw Error("j`"+k);k[f][this.g]=l;return this};g.prototype.get=function(k){return c(k)&&G(k,f)?k[f][this.g]:void 0};g.prototype.has=function(k){return c(k)&&G(k,f)&&G(k[f],this.g)};g.prototype.delete=function(k){return c(k)&&G(k,f)
                                          2024-09-06 00:57:07 UTC1971INData Raw: 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 3f 6c 3d 62 2e 67 65 74 28 6b 29 3a 28 6c 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6b 2c 6c 29 29 3a 6c 3d 22 70 5f 22 2b 6b 3b 76 61 72 20 6d 3d 67 5b 30 5d 5b 6c 5d 3b 69 66 28 6d 26 26 47 28 67 5b 30 5d 2c 6c 29 29 66 6f 72 28 67 3d 30 3b 67 3c 6d 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 7b 76 61 72 20 71 3d 6d 5b 67 5d 3b 69 66 28 6b 21 3d 3d 6b 26 26 71 2e 6b 65 79 21 3d 3d 71 2e 6b 65 79 7c 7c 6b 3d 3d 3d 71 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 67 2c 6c 3a 71 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 2d 31 2c 6c 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20
                                          Data Ascii: ="function"?b.has(k)?l=b.get(k):(l=""+ ++h,b.set(k,l)):l="p_"+k;var m=g[0][l];if(m&&G(g[0],l))for(g=0;g<m.length;g++){var q=m[g];if(k!==k&&q.key!==q.key||k===q.key)return{id:l,list:m,index:g,l:q}}return{id:l,list:m,index:-1,l:void 0}},e=function(g,k){var
                                          2024-09-06 00:57:07 UTC1971INData Raw: 69 66 28 21 61 29 74 68 72 6f 77 20 45 72 72 6f 72 28 29 3b 69 66 28 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 32 29 7b 76 61 72 20 64 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 32 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 3b 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 75 6e 73 68 69 66 74 2e 61 70 70 6c 79 28 65 2c 64 29 3b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 62 2c 65 29 7d 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 62 2c 0a 61 72 67 75 6d 65 6e 74 73 29 7d 7d
                                          Data Ascii: if(!a)throw Error();if(arguments.length>2){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}}
                                          2024-09-06 00:57:07 UTC1971INData Raw: 3a 22 55 6e 6b 6e 6f 77 6e 20 65 72 72 6f 72 22 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 2c 66 69 6c 65 4e 61 6d 65 3a 62 2c 73 74 61 63 6b 3a 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 7d 3b 76 61 72 20 63 3d 21 31 3b 74 72 79 7b 76 61 72 20 64 3d 61 2e 6c 69 6e 65 4e 75 6d 62 65 72 7c 7c 61 2e 6c 69 6e 65 7c 7c 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 7d 63 61 74 63 68 28 66 29 7b 64 3d 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 2c 63 3d 21 30 7d 74 72 79 7b 76 61 72 20 65 3d 61 2e 66 69 6c 65 4e 61 6d 65 7c 7c 0a 61 2e 66 69 6c 65 6e 61 6d 65 7c 7c 61 2e 73 6f 75 72 63 65 55 52 4c 7c 7c 72 2e 24 67 6f 6f 67 44 65 62 75 67 46 6e 61 6d 65 7c 7c 62 7d 63 61 74 63 68 28 66 29 7b 65 3d 22 4e 6f 74 20 61 76 61
                                          Data Ascii: :"Unknown error",lineNumber:"Not available",fileName:b,stack:"Not available"};var c=!1;try{var d=a.lineNumber||a.line||"Not available"}catch(f){d="Not available",c=!0}try{var e=a.fileName||a.filename||a.sourceURL||r.$googDebugFname||b}catch(f){e="Not ava
                                          2024-09-06 00:57:07 UTC1971INData Raw: 72 6e 20 4a 5b 61 5d 3b 61 3d 53 74 72 69 6e 67 28 61 29 3b 69 66 28 21 4a 5b 61 5d 29 7b 76 61 72 20 62 3d 2f 66 75 6e 63 74 69 6f 6e 5c 73 2b 28 5b 5e 5c 28 5d 2b 29 2f 6d 2e 65 78 65 63 28 61 29 3b 4a 5b 61 5d 3d 62 3f 62 5b 31 5d 3a 22 5b 41 6e 6f 6e 79 6d 6f 75 73 5d 22 7d 72 65 74 75 72 6e 20 4a 5b 61 5d 7d 2c 4a 3d 7b 7d 3b 76 61 72 20 74 62 3d 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5b 5e 3a 2f 3f 23 2e 5d 2b 29 3a 29 3f 28 3f 3a 2f 2f 28 3f 3a 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 29 40 29 3f 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 3f 29 28 3f 3a 3a 28 5b 30 2d 39 5d 2b 29 29 3f 28 3f 3d 5b 5c 5c 5c 5c 2f 3f 23 5d 7c 24 29 29 3f 28 5b 5e 3f 23 5d 2b 29 3f 28 3f 3a 5c 5c 3f 28 5b 5e 23 5d 2a 29 29 3f 28 3f 3a 23 28 5b 5c 5c 73 5c 5c 53 5d 2a 29 29 3f 24
                                          Data Ascii: rn J[a];a=String(a);if(!J[a]){var b=/function\s+([^\(]+)/m.exec(a);J[a]=b?b[1]:"[Anonymous]"}return J[a]},J={};var tb=RegExp("^(?:([^:/?#.]+):)?(?://(?:([^\\\\/?#]*)@)?([^\\\\/?#]*?)(?::([0-9]+))?(?=[\\\\/?#]|$))?([^?#]+)?(?:\\?([^#]*))?(?:#([\\s\\S]*))?$


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          16192.168.2.54976713.107.246.404437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:07 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:07 UTC522INHTTP/1.1 200 OK
                                          Date: Fri, 06 Sep 2024 00:57:07 GMT
                                          Content-Type: image/png
                                          Content-Length: 1154
                                          Connection: close
                                          Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                          ETag: 0x8DBD5935D5B3965
                                          x-ms-request-id: d980f417-701e-004a-5a07-ff5860000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240906T005707Z-16579567576h266g9d6dee9ff80000000ddg000000002k63
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 69316365
                                          X-Cache: TCP_HIT
                                          Accept-Ranges: bytes
                                          2024-09-06 00:57:07 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          17192.168.2.54976613.107.246.404437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:07 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:07 UTC543INHTTP/1.1 200 OK
                                          Date: Fri, 06 Sep 2024 00:57:07 GMT
                                          Content-Type: image/png
                                          Content-Length: 1468
                                          Connection: close
                                          Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                          ETag: 0x8DBDCB5E23DFC43
                                          x-ms-request-id: f8a0931b-601e-0038-3afc-fe295e000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240906T005707Z-16579567576h266g9d6dee9ff80000000dd0000000004rvs
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 69316365
                                          X-Cache: TCP_HIT
                                          X-Cache-Info: L1_T2
                                          Accept-Ranges: bytes
                                          2024-09-06 00:57:07 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          18192.168.2.549770142.251.40.1104437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:07 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                          Host: play.google.com
                                          Connection: keep-alive
                                          Accept: */*
                                          Access-Control-Request-Method: POST
                                          Access-Control-Request-Headers: x-goog-authuser
                                          Origin: https://accounts.google.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Site: same-site
                                          Sec-Fetch-Dest: empty
                                          Referer: https://accounts.google.com/
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:07 UTC520INHTTP/1.1 200 OK
                                          Access-Control-Allow-Origin: https://accounts.google.com
                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                          Access-Control-Max-Age: 86400
                                          Access-Control-Allow-Credentials: true
                                          Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                          Content-Type: text/plain; charset=UTF-8
                                          Date: Fri, 06 Sep 2024 00:57:07 GMT
                                          Server: Playlog
                                          Content-Length: 0
                                          X-XSS-Protection: 0
                                          X-Frame-Options: SAMEORIGIN
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          Connection: close


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          19192.168.2.549772142.251.40.1104437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:07 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                          Host: play.google.com
                                          Connection: keep-alive
                                          Accept: */*
                                          Access-Control-Request-Method: POST
                                          Access-Control-Request-Headers: x-goog-authuser
                                          Origin: https://accounts.google.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Site: same-site
                                          Sec-Fetch-Dest: empty
                                          Referer: https://accounts.google.com/
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:07 UTC520INHTTP/1.1 200 OK
                                          Access-Control-Allow-Origin: https://accounts.google.com
                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                          Access-Control-Max-Age: 86400
                                          Access-Control-Allow-Credentials: true
                                          Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                          Content-Type: text/plain; charset=UTF-8
                                          Date: Fri, 06 Sep 2024 00:57:07 GMT
                                          Server: Playlog
                                          Content-Length: 0
                                          X-XSS-Protection: 0
                                          X-Frame-Options: SAMEORIGIN
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          Connection: close


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          20192.168.2.549771152.195.19.974437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:07 UTC614OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726189021&P2=404&P3=2&P4=cuu4LuQW67mmtsoGoifoRCHKfCF3iJEUzcVHUPZFbxXYc68P3R5nDW6jOSb9Ar78dUIGfJ%2fE6HGRILVWw4ZfsQ%3d%3d HTTP/1.1
                                          Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                          Connection: keep-alive
                                          MS-CV: ghk2GscBZESRb7lDDP1AIJ
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:07 UTC632INHTTP/1.1 200 OK
                                          Accept-Ranges: bytes
                                          Age: 5510758
                                          Cache-Control: public, max-age=17280000
                                          Content-Type: application/x-chrome-extension
                                          Date: Fri, 06 Sep 2024 00:57:07 GMT
                                          Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                          Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                          MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                          MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                          MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                          Server: ECAcc (nyd/D11E)
                                          X-AspNet-Version: 4.0.30319
                                          X-AspNetMvc-Version: 5.3
                                          X-Cache: HIT
                                          X-CCC: US
                                          X-CID: 11
                                          X-Powered-By: ASP.NET
                                          X-Powered-By: ARR/3.0
                                          X-Powered-By: ASP.NET
                                          Content-Length: 11185
                                          Connection: close
                                          2024-09-06 00:57:07 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                          Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          21192.168.2.549776142.251.40.2284437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:08 UTC881OUTGET /favicon.ico HTTP/1.1
                                          Host: www.google.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-arch: "x86"
                                          sec-ch-ua-full-version: "117.0.5938.132"
                                          sec-ch-ua-platform-version: "10.0.0"
                                          sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                          sec-ch-ua-bitness: "64"
                                          sec-ch-ua-model: ""
                                          sec-ch-ua-wow64: ?0
                                          sec-ch-ua-platform: "Windows"
                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: same-site
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Referer: https://accounts.google.com/
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:08 UTC704INHTTP/1.1 200 OK
                                          Accept-Ranges: bytes
                                          Cross-Origin-Resource-Policy: cross-origin
                                          Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                          Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                          Content-Length: 5430
                                          X-Content-Type-Options: nosniff
                                          Server: sffe
                                          X-XSS-Protection: 0
                                          Date: Fri, 06 Sep 2024 00:47:42 GMT
                                          Expires: Sat, 14 Sep 2024 00:47:42 GMT
                                          Cache-Control: public, max-age=691200
                                          Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                          Content-Type: image/x-icon
                                          Vary: Accept-Encoding
                                          Age: 566
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          Connection: close
                                          2024-09-06 00:57:08 UTC686INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                          Data Ascii: h& ( 0.v]X:X:rY
                                          2024-09-06 00:57:08 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb
                                          Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                          2024-09-06 00:57:08 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc
                                          Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                          2024-09-06 00:57:08 UTC1390INData Raw: f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                          Data Ascii: BBBBBBF!4I
                                          2024-09-06 00:57:08 UTC574INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                          Data Ascii: $'


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          22192.168.2.54978013.107.246.404437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:09 UTC478OUTGET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Edge-Asset-Group: ProductCategories
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:57:10 UTC559INHTTP/1.1 200 OK
                                          Date: Fri, 06 Sep 2024 00:57:09 GMT
                                          Content-Type: application/octet-stream
                                          Content-Length: 82989
                                          Connection: close
                                          Last-Modified: Thu, 25 May 2023 20:28:02 GMT
                                          ETag: 0x8DB5D5E89CE25EB
                                          x-ms-request-id: f9285315-801e-0010-24d3-ff5ee1000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240906T005709Z-16579567576s4v5z9ks8mdk6fw0000000d0000000000nbe4
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 69316365
                                          X-Cache: TCP_HIT
                                          X-Cache-Info: L1_T2
                                          Accept-Ranges: bytes
                                          2024-09-06 00:57:10 UTC15825INData Raw: 0a 22 08 f2 33 12 1d 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0d 42 65 6c 74 73 20 26 20 48 6f 73 65 73 0a 23 08 d7 2b 12 1e 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 09 41 69 72 20 50 75 6d 70 73 0a 21 08 b8 22 12 1c 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0c 42 6f 64 79 20 53 74 79 6c 69 6e 67 0a 34 08 c3 35 12 2f 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 13 53 70 69 63 65 73 20 26 20 53 65 61 73 6f 6e 69 6e 67 73 0a 27 08 a4 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 47 65 61 72 0a 21 08 f5 36 12 1c 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 0b 48 79 64 72 6f 70 6f 6e 69 63 73 0a 39 08 61 12 35 0a 11 42 6f 6f 6b 73 20 26 20 4d
                                          Data Ascii: "3Car & GarageBelts & Hoses#+Sports & OutdoorsAir Pumps!"Car & GarageBody Styling45/Gourmet Food & ChocolateSpices & Seasonings',"Sports & OutdoorsSleeping Gear!6Lawn & GardenHydroponics9a5Books & M
                                          2024-09-06 00:57:10 UTC16384INData Raw: 69 64 65 6f 20 47 61 6d 65 73 12 1b 4e 69 6e 74 65 6e 64 6f 20 53 79 73 74 65 6d 20 41 63 63 65 73 73 6f 72 69 65 73 0a 20 08 a2 26 12 1b 0a 10 54 6f 6f 6c 73 20 26 20 48 61 72 64 77 61 72 65 12 07 54 6f 69 6c 65 74 73 0a 2c 08 f3 28 12 27 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73 12 0f 45 6c 65 63 74 72 69 63 20 4d 69 78 65 72 73 0a 21 08 c0 32 12 1c 0a 04 54 6f 79 73 12 14 53 61 6e 64 62 6f 78 20 26 20 42 65 61 63 68 20 54 6f 79 73 0a 35 08 a5 25 12 30 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 14 53 65 61 66 6f 6f 64 20 43 6f 6d 62 69 6e 61 74 69 6f 6e 73 0a 24 08 d7 27 12 1f 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 0b 43 61 6b 65 20 53 74 61 6e 64 73 0a 2e 08 a4 28 12 29 0a
                                          Data Ascii: ideo GamesNintendo System Accessories &Tools & HardwareToilets,('Kitchen & HousewaresElectric Mixers!2ToysSandbox & Beach Toys5%0Gourmet Food & ChocolateSeafood Combinations$'Home FurnishingsCake Stands.()
                                          2024-09-06 00:57:10 UTC16384INData Raw: 26 20 47 61 72 61 67 65 12 1c 44 72 69 76 65 77 61 79 20 26 20 47 61 72 61 67 65 20 46 6c 6f 6f 72 20 43 61 72 65 0a 25 08 f0 2a 12 20 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 0d 50 61 70 65 72 20 50 75 6e 63 68 65 73 0a 2d 08 c1 2c 12 28 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 13 42 69 63 79 63 6c 65 20 41 63 63 65 73 73 6f 72 69 65 73 0a 22 08 a2 27 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 4e 6f 76 65 6c 74 69 65 73 0a 16 08 f3 29 12 11 0a 05 4d 75 73 69 63 12 08 45 78 65 72 63 69 73 65 0a 22 08 8e 31 12 1d 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 08 53 77 69 6d 6d 69 6e 67 0a 26 08 d4 21 12 21 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 0b 4d 61 6b 65 75 70
                                          Data Ascii: & GarageDriveway & Garage Floor Care%* Office ProductsPaper Punches-,(Sports & OutdoorsBicycle Accessories"'Home FurnishingsNovelties)MusicExercise"1Sports & OutdoorsSwimming&!!Beauty & FragranceMakeup
                                          2024-09-06 00:57:10 UTC16384INData Raw: 6f 63 6b 20 50 61 72 74 73 0a 1b 08 be 29 12 16 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 05 42 75 6c 62 73 0a 21 08 a3 21 12 1c 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 06 4d 61 6b 65 75 70 0a 2d 08 49 12 29 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 14 42 75 73 69 6e 65 73 73 20 26 20 45 63 6f 6e 6f 6d 69 63 73 0a 23 08 d5 23 12 1e 0a 09 43 6f 6d 70 75 74 69 6e 67 12 11 45 78 70 61 6e 73 69 6f 6e 20 4d 6f 64 75 6c 65 73 0a 2f 08 a2 24 12 2a 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 1b 43 44 20 50 6c 61 79 65 72 73 20 26 20 53 74 65 72 65 6f 20 53 79 73 74 65 6d 73 0a 1f 08 d4 26 12 1a 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 06 51 75 69 6c 74 73 0a 22 08 86 23 12 1d 0a 10 43 6c 6f 74 68 69 6e
                                          Data Ascii: ock Parts)Lawn & GardenBulbs!!Beauty & FragranceMakeup-I)Books & MagazinesBusiness & Economics##ComputingExpansion Modules/$*ElectronicsCD Players & Stereo Systems&Home FurnishingsQuilts"#Clothin


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          23192.168.2.54978420.12.23.50443
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:13 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=31bSVLr+77uPPY2&MD=fC1eX54p HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                          Host: slscr.update.microsoft.com
                                          2024-09-06 00:57:14 UTC560INHTTP/1.1 200 OK
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Content-Type: application/octet-stream
                                          Expires: -1
                                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                          ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                          MS-CorrelationId: 651a2507-3d2b-413a-815a-10e897451700
                                          MS-RequestId: 9983f4fd-7e99-4145-9ff3-4a6b363cfae4
                                          MS-CV: GLGs3iHkCUS0u2vj.0
                                          X-Microsoft-SLSClientCache: 2880
                                          Content-Disposition: attachment; filename=environment.cab
                                          X-Content-Type-Options: nosniff
                                          Date: Fri, 06 Sep 2024 00:57:13 GMT
                                          Connection: close
                                          Content-Length: 24490
                                          2024-09-06 00:57:14 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                          Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                          2024-09-06 00:57:14 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                          Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          24192.168.2.54981213.85.23.86443
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:57:52 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=31bSVLr+77uPPY2&MD=fC1eX54p HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                          Host: slscr.update.microsoft.com
                                          2024-09-06 00:57:52 UTC560INHTTP/1.1 200 OK
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Content-Type: application/octet-stream
                                          Expires: -1
                                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                          ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                          MS-CorrelationId: 151bd612-6d56-4467-86de-aa406772cba5
                                          MS-RequestId: 33bf51c5-625f-44a3-8a97-494b4359d9d8
                                          MS-CV: xsrcsjV0O0e0Uip6.0
                                          X-Microsoft-SLSClientCache: 1440
                                          Content-Disposition: attachment; filename=environment.cab
                                          X-Content-Type-Options: nosniff
                                          Date: Fri, 06 Sep 2024 00:57:52 GMT
                                          Connection: close
                                          Content-Length: 30005
                                          2024-09-06 00:57:52 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                          Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                          2024-09-06 00:57:52 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                          Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          25192.168.2.54981523.219.161.1324437788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-06 00:58:01 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                          Host: bzib.nelreports.net
                                          Connection: keep-alive
                                          Origin: https://business.bing.com
                                          Access-Control-Request-Method: POST
                                          Access-Control-Request-Headers: content-type
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-06 00:58:01 UTC332INHTTP/1.1 429 Too Many Requests
                                          Content-Length: 0
                                          Date: Fri, 06 Sep 2024 00:58:01 GMT
                                          Connection: close
                                          PMUSER_FORMAT_QS:
                                          X-CDN-TraceId: 0.84112317.1725584281.1951306b
                                          Access-Control-Allow-Credentials: false
                                          Access-Control-Allow-Methods: *
                                          Access-Control-Allow-Methods: GET, OPTIONS, POST
                                          Access-Control-Allow-Origin: *


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:20:56:54
                                          Start date:05/09/2024
                                          Path:C:\Users\user\Desktop\file.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                          Imagebase:0x410000
                                          File size:917'504 bytes
                                          MD5 hash:4A647AA681909BC4BE4A392F39383151
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:2
                                          Start time:20:56:54
                                          Start date:05/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                          Imagebase:0x7ff6c1cf0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:3
                                          Start time:20:56:54
                                          Start date:05/09/2024
                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                          Imagebase:0x7ff79f9e0000
                                          File size:676'768 bytes
                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:4
                                          Start time:20:56:55
                                          Start date:05/09/2024
                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                          Imagebase:0x7ff79f9e0000
                                          File size:676'768 bytes
                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:5
                                          Start time:20:56:55
                                          Start date:05/09/2024
                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                          Imagebase:0x7ff79f9e0000
                                          File size:676'768 bytes
                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false

                                          General

                                          Target ID:7
                                          Start time:20:56:55
                                          Start date:05/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2060,i,17076175599075720991,7422890350535522700,262144 /prefetch:3
                                          Imagebase:0x7ff6c1cf0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:8
                                          Start time:20:56:56
                                          Start date:05/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                          Imagebase:0x7ff6c1cf0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:false

                                          General

                                          Target ID:9
                                          Start time:20:56:57
                                          Start date:05/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3228 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:3
                                          Imagebase:0x7ff6c1cf0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:false

                                          General

                                          Target ID:10
                                          Start time:20:56:58
                                          Start date:05/09/2024
                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2244 -parentBuildID 20230927232528 -prefsHandle 2180 -prefMapHandle 2116 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e2f2822-d049-49fd-9d89-c0f5ef0b73ee} 4668 "\\.\pipe\gecko-crash-server-pipe.4668" 1b08e76db10 socket
                                          Imagebase:0x7ff79f9e0000
                                          File size:676'768 bytes
                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false

                                          General

                                          Target ID:13
                                          Start time:20:57:00
                                          Start date:05/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6436 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8
                                          Imagebase:0x7ff6c1cf0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:14
                                          Start time:20:57:00
                                          Start date:05/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6604 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8
                                          Imagebase:0x7ff6c1cf0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:15
                                          Start time:20:57:02
                                          Start date:05/09/2024
                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4432 -parentBuildID 20230927232528 -prefsHandle 4056 -prefMapHandle 4120 -prefsLen 26395 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56a5236f-e9ee-498d-ab3d-fb1a1a1555fb} 4668 "\\.\pipe\gecko-crash-server-pipe.4668" 1b0a255a510 rdd
                                          Imagebase:0x7ff79f9e0000
                                          File size:676'768 bytes
                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false

                                          General

                                          Target ID:16
                                          Start time:20:57:05
                                          Start date:05/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7776 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8
                                          Imagebase:0x7ff6c1cf0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:false

                                          General

                                          Target ID:17
                                          Start time:20:57:06
                                          Start date:05/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7760 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8
                                          Imagebase:0x7ff6c1cf0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:18
                                          Start time:20:57:07
                                          Start date:05/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7644 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8
                                          Imagebase:0x7ff6c1cf0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:20
                                          Start time:20:57:19
                                          Start date:05/09/2024
                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3764 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3760 -prefMapHandle 5300 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71daa235-9cd0-4136-9f2e-7997fc5664fd} 4668 "\\.\pipe\gecko-crash-server-pipe.4668" 1b0ac0e0110 utility
                                          Imagebase:0x7ff79f9e0000
                                          File size:676'768 bytes
                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:false

                                          General

                                          Target ID:22
                                          Start time:20:57:57
                                          Start date:05/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7908 --field-trial-handle=3108,i,3719265507812628728,11744062080535302064,262144 /prefetch:8
                                          Imagebase:0x7ff6c1cf0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:false

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:2%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:7.1%
                                            Total number of Nodes:1429
                                            Total number of Limit Nodes:37
                                            execution_graph 95103 452ba5 95104 412b25 95103->95104 95105 452baf 95103->95105 95131 412b83 7 API calls 95104->95131 95149 413a5a 95105->95149 95108 452bb8 95156 419cb3 95108->95156 95112 412b2f 95121 412b44 95112->95121 95135 413837 95112->95135 95113 452bc6 95114 452bf5 95113->95114 95115 452bce 95113->95115 95118 4133c6 22 API calls 95114->95118 95162 4133c6 95115->95162 95120 452bf1 GetForegroundWindow ShellExecuteW 95118->95120 95127 452c26 95120->95127 95122 412b5f 95121->95122 95145 4130f2 95121->95145 95129 412b66 SetCurrentDirectoryW 95122->95129 95126 452be7 95128 4133c6 22 API calls 95126->95128 95127->95122 95128->95120 95130 412b7a 95129->95130 95172 412cd4 7 API calls 95131->95172 95133 412b2a 95134 412c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95133->95134 95134->95112 95136 413862 ___scrt_fastfail 95135->95136 95173 414212 95136->95173 95139 4138e8 95141 453386 Shell_NotifyIconW 95139->95141 95142 413906 Shell_NotifyIconW 95139->95142 95177 413923 95142->95177 95144 41391c 95144->95121 95146 413154 95145->95146 95147 413104 ___scrt_fastfail 95145->95147 95146->95122 95148 413123 Shell_NotifyIconW 95147->95148 95148->95146 95266 451f50 95149->95266 95152 419cb3 22 API calls 95153 413a8d 95152->95153 95268 413aa2 95153->95268 95155 413a97 95155->95108 95157 419cc2 _wcslen 95156->95157 95158 42fe0b 22 API calls 95157->95158 95159 419cea __fread_nolock 95158->95159 95160 42fddb 22 API calls 95159->95160 95161 419d00 95160->95161 95161->95113 95163 4133dd 95162->95163 95164 4530bb 95162->95164 95288 4133ee 95163->95288 95166 42fddb 22 API calls 95164->95166 95168 4530c5 _wcslen 95166->95168 95167 4133e8 95171 416350 22 API calls 95167->95171 95169 42fe0b 22 API calls 95168->95169 95170 4530fe __fread_nolock 95169->95170 95171->95126 95172->95133 95174 4535a4 95173->95174 95175 4138b7 95173->95175 95174->95175 95176 4535ad DestroyIcon 95174->95176 95175->95139 95199 47c874 42 API calls _strftime 95175->95199 95176->95175 95178 413a13 95177->95178 95179 41393f 95177->95179 95178->95144 95200 416270 95179->95200 95182 453393 LoadStringW 95185 4533ad 95182->95185 95183 41395a 95205 416b57 95183->95205 95193 413994 ___scrt_fastfail 95185->95193 95218 41a8c7 22 API calls __fread_nolock 95185->95218 95186 41396f 95187 4533c9 95186->95187 95188 41397c 95186->95188 95219 416350 22 API calls 95187->95219 95188->95185 95190 413986 95188->95190 95217 416350 22 API calls 95190->95217 95196 4139f9 Shell_NotifyIconW 95193->95196 95194 4533d7 95194->95193 95195 4133c6 22 API calls 95194->95195 95197 4533f9 95195->95197 95196->95178 95198 4133c6 22 API calls 95197->95198 95198->95193 95199->95139 95220 42fe0b 95200->95220 95202 416295 95230 42fddb 95202->95230 95204 41394d 95204->95182 95204->95183 95206 454ba1 95205->95206 95208 416b67 _wcslen 95205->95208 95256 4193b2 95206->95256 95210 416ba2 95208->95210 95211 416b7d 95208->95211 95209 454baa 95209->95209 95213 42fddb 22 API calls 95210->95213 95255 416f34 22 API calls 95211->95255 95215 416bae 95213->95215 95214 416b85 __fread_nolock 95214->95186 95216 42fe0b 22 API calls 95215->95216 95216->95214 95217->95193 95218->95193 95219->95194 95222 42fddb 95220->95222 95223 42fdfa 95222->95223 95227 42fdfc 95222->95227 95240 434ead 7 API calls 2 library calls 95222->95240 95241 43ea0c 95222->95241 95223->95202 95225 43066d 95249 4332a4 RaiseException 95225->95249 95227->95225 95248 4332a4 RaiseException 95227->95248 95228 43068a 95228->95202 95232 42fde0 95230->95232 95231 43ea0c ___std_exception_copy 21 API calls 95231->95232 95232->95231 95233 42fdfa 95232->95233 95237 42fdfc 95232->95237 95252 434ead 7 API calls 2 library calls 95232->95252 95233->95204 95235 43066d 95254 4332a4 RaiseException 95235->95254 95237->95235 95253 4332a4 RaiseException 95237->95253 95238 43068a 95238->95204 95240->95222 95247 443820 FindHandler 95241->95247 95242 44385e 95251 43f2d9 20 API calls __dosmaperr 95242->95251 95244 443849 RtlAllocateHeap 95245 44385c 95244->95245 95244->95247 95245->95222 95247->95242 95247->95244 95250 434ead 7 API calls 2 library calls 95247->95250 95248->95225 95249->95228 95250->95247 95251->95245 95252->95232 95253->95235 95254->95238 95255->95214 95257 4193c9 __fread_nolock 95256->95257 95258 4193c0 95256->95258 95257->95209 95257->95257 95258->95257 95260 41aec9 95258->95260 95261 41aed9 __fread_nolock 95260->95261 95262 41aedc 95260->95262 95261->95257 95263 42fddb 22 API calls 95262->95263 95264 41aee7 95263->95264 95265 42fe0b 22 API calls 95264->95265 95265->95261 95267 413a67 GetModuleFileNameW 95266->95267 95267->95152 95269 451f50 __wsopen_s 95268->95269 95270 413aaf GetFullPathNameW 95269->95270 95271 413ae9 95270->95271 95272 413ace 95270->95272 95282 41a6c3 95271->95282 95274 416b57 22 API calls 95272->95274 95275 413ada 95274->95275 95278 4137a0 95275->95278 95279 4137ae 95278->95279 95280 4193b2 22 API calls 95279->95280 95281 4137c2 95280->95281 95281->95155 95283 41a6d0 95282->95283 95284 41a6dd 95282->95284 95283->95275 95285 42fddb 22 API calls 95284->95285 95286 41a6e7 95285->95286 95287 42fe0b 22 API calls 95286->95287 95287->95283 95289 4133fe _wcslen 95288->95289 95290 413411 95289->95290 95291 45311d 95289->95291 95298 41a587 95290->95298 95292 42fddb 22 API calls 95291->95292 95294 453127 95292->95294 95296 42fe0b 22 API calls 95294->95296 95295 41341e __fread_nolock 95295->95167 95297 453157 __fread_nolock 95296->95297 95299 41a59d 95298->95299 95302 41a598 __fread_nolock 95298->95302 95300 42fe0b 22 API calls 95299->95300 95301 45f80f 95299->95301 95300->95302 95302->95295 95303 412de3 95304 412df0 __wsopen_s 95303->95304 95305 412e09 95304->95305 95306 452c2b ___scrt_fastfail 95304->95306 95307 413aa2 23 API calls 95305->95307 95309 452c47 GetOpenFileNameW 95306->95309 95308 412e12 95307->95308 95319 412da5 95308->95319 95311 452c96 95309->95311 95313 416b57 22 API calls 95311->95313 95315 452cab 95313->95315 95315->95315 95316 412e27 95337 4144a8 95316->95337 95320 451f50 __wsopen_s 95319->95320 95321 412db2 GetLongPathNameW 95320->95321 95322 416b57 22 API calls 95321->95322 95323 412dda 95322->95323 95324 413598 95323->95324 95366 41a961 95324->95366 95327 413aa2 23 API calls 95328 4135b5 95327->95328 95329 4135c0 95328->95329 95333 4532eb 95328->95333 95371 41515f 95329->95371 95335 45330d 95333->95335 95383 42ce60 41 API calls 95333->95383 95336 4135df 95336->95316 95384 414ecb 95337->95384 95340 453833 95406 482cf9 95340->95406 95341 414ecb 94 API calls 95344 4144e1 95341->95344 95343 453848 95345 45384c 95343->95345 95346 453869 95343->95346 95344->95340 95347 4144e9 95344->95347 95433 414f39 95345->95433 95349 42fe0b 22 API calls 95346->95349 95350 453854 95347->95350 95351 4144f5 95347->95351 95362 4538ae 95349->95362 95439 47da5a 82 API calls 95350->95439 95432 41940c 136 API calls 2 library calls 95351->95432 95354 453862 95354->95346 95355 412e31 95356 414f39 68 API calls 95359 453a5f 95356->95359 95359->95356 95445 47989b 82 API calls __wsopen_s 95359->95445 95362->95359 95363 419cb3 22 API calls 95362->95363 95440 47967e 22 API calls __fread_nolock 95362->95440 95441 4795ad 42 API calls _wcslen 95362->95441 95442 480b5a 22 API calls 95362->95442 95443 41a4a1 22 API calls __fread_nolock 95362->95443 95444 413ff7 22 API calls 95362->95444 95363->95362 95367 42fe0b 22 API calls 95366->95367 95368 41a976 95367->95368 95369 42fddb 22 API calls 95368->95369 95370 4135aa 95369->95370 95370->95327 95372 41516e 95371->95372 95376 41518f __fread_nolock 95371->95376 95374 42fe0b 22 API calls 95372->95374 95373 42fddb 22 API calls 95375 4135cc 95373->95375 95374->95376 95377 4135f3 95375->95377 95376->95373 95378 413605 95377->95378 95382 413624 __fread_nolock 95377->95382 95380 42fe0b 22 API calls 95378->95380 95379 42fddb 22 API calls 95381 41363b 95379->95381 95380->95382 95381->95336 95382->95379 95383->95333 95446 414e90 LoadLibraryA 95384->95446 95389 414ef6 LoadLibraryExW 95454 414e59 LoadLibraryA 95389->95454 95390 453ccf 95391 414f39 68 API calls 95390->95391 95393 453cd6 95391->95393 95395 414e59 3 API calls 95393->95395 95397 453cde 95395->95397 95476 4150f5 95397->95476 95398 414f20 95398->95397 95399 414f2c 95398->95399 95401 414f39 68 API calls 95399->95401 95403 4144cd 95401->95403 95403->95340 95403->95341 95405 453d05 95407 482d15 95406->95407 95408 41511f 64 API calls 95407->95408 95409 482d29 95408->95409 95626 482e66 95409->95626 95412 4150f5 40 API calls 95413 482d56 95412->95413 95414 4150f5 40 API calls 95413->95414 95415 482d66 95414->95415 95416 4150f5 40 API calls 95415->95416 95417 482d81 95416->95417 95418 4150f5 40 API calls 95417->95418 95419 482d9c 95418->95419 95420 41511f 64 API calls 95419->95420 95421 482db3 95420->95421 95422 43ea0c ___std_exception_copy 21 API calls 95421->95422 95423 482dba 95422->95423 95424 43ea0c ___std_exception_copy 21 API calls 95423->95424 95425 482dc4 95424->95425 95426 4150f5 40 API calls 95425->95426 95427 482dd8 95426->95427 95428 4828fe 27 API calls 95427->95428 95430 482dee 95428->95430 95429 482d3f 95429->95343 95430->95429 95632 4822ce 79 API calls 95430->95632 95432->95355 95434 414f43 95433->95434 95435 414f4a 95433->95435 95633 43e678 95434->95633 95437 414f59 95435->95437 95438 414f6a FreeLibrary 95435->95438 95437->95350 95438->95437 95439->95354 95440->95362 95441->95362 95442->95362 95443->95362 95444->95362 95445->95359 95447 414ec6 95446->95447 95448 414ea8 GetProcAddress 95446->95448 95451 43e5eb 95447->95451 95449 414eb8 95448->95449 95449->95447 95450 414ebf FreeLibrary 95449->95450 95450->95447 95484 43e52a 95451->95484 95453 414eea 95453->95389 95453->95390 95455 414e8d 95454->95455 95456 414e6e GetProcAddress 95454->95456 95459 414f80 95455->95459 95457 414e7e 95456->95457 95457->95455 95458 414e86 FreeLibrary 95457->95458 95458->95455 95460 42fe0b 22 API calls 95459->95460 95461 414f95 95460->95461 95552 415722 95461->95552 95463 414fa1 __fread_nolock 95464 4150a5 95463->95464 95465 453d1d 95463->95465 95475 414fdc 95463->95475 95555 4142a2 CreateStreamOnHGlobal 95464->95555 95566 48304d 74 API calls 95465->95566 95468 453d22 95470 41511f 64 API calls 95468->95470 95469 4150f5 40 API calls 95469->95475 95471 453d45 95470->95471 95472 4150f5 40 API calls 95471->95472 95474 41506e messages 95472->95474 95474->95398 95475->95468 95475->95469 95475->95474 95561 41511f 95475->95561 95477 453d70 95476->95477 95478 415107 95476->95478 95588 43e8c4 95478->95588 95481 4828fe 95609 48274e 95481->95609 95483 482919 95483->95405 95487 43e536 BuildCatchObjectHelperInternal 95484->95487 95485 43e544 95509 43f2d9 20 API calls __dosmaperr 95485->95509 95487->95485 95489 43e574 95487->95489 95488 43e549 95510 4427ec 26 API calls pre_c_initialization 95488->95510 95491 43e586 95489->95491 95492 43e579 95489->95492 95501 448061 95491->95501 95511 43f2d9 20 API calls __dosmaperr 95492->95511 95495 43e58f 95496 43e5a2 95495->95496 95497 43e595 95495->95497 95513 43e5d4 LeaveCriticalSection __fread_nolock 95496->95513 95512 43f2d9 20 API calls __dosmaperr 95497->95512 95499 43e554 __wsopen_s 95499->95453 95502 44806d BuildCatchObjectHelperInternal 95501->95502 95514 442f5e EnterCriticalSection 95502->95514 95504 44807b 95515 4480fb 95504->95515 95508 4480ac __wsopen_s 95508->95495 95509->95488 95510->95499 95511->95499 95512->95499 95513->95499 95514->95504 95516 44811e 95515->95516 95517 448177 95516->95517 95524 448088 95516->95524 95531 43918d EnterCriticalSection 95516->95531 95532 4391a1 LeaveCriticalSection 95516->95532 95533 444c7d 95517->95533 95522 448189 95522->95524 95546 443405 11 API calls 2 library calls 95522->95546 95528 4480b7 95524->95528 95525 4481a8 95547 43918d EnterCriticalSection 95525->95547 95551 442fa6 LeaveCriticalSection 95528->95551 95530 4480be 95530->95508 95531->95516 95532->95516 95538 444c8a FindHandler 95533->95538 95534 444cca 95549 43f2d9 20 API calls __dosmaperr 95534->95549 95535 444cb5 RtlAllocateHeap 95537 444cc8 95535->95537 95535->95538 95540 4429c8 95537->95540 95538->95534 95538->95535 95548 434ead 7 API calls 2 library calls 95538->95548 95541 4429fc __dosmaperr 95540->95541 95542 4429d3 RtlFreeHeap 95540->95542 95541->95522 95542->95541 95543 4429e8 95542->95543 95550 43f2d9 20 API calls __dosmaperr 95543->95550 95545 4429ee GetLastError 95545->95541 95546->95525 95547->95524 95548->95538 95549->95537 95550->95545 95551->95530 95553 42fddb 22 API calls 95552->95553 95554 415734 95553->95554 95554->95463 95556 4142bc FindResourceExW 95555->95556 95560 4142d9 95555->95560 95557 4535ba LoadResource 95556->95557 95556->95560 95558 4535cf SizeofResource 95557->95558 95557->95560 95559 4535e3 LockResource 95558->95559 95558->95560 95559->95560 95560->95475 95562 453d90 95561->95562 95563 41512e 95561->95563 95567 43ece3 95563->95567 95566->95468 95570 43eaaa 95567->95570 95569 41513c 95569->95475 95573 43eab6 BuildCatchObjectHelperInternal 95570->95573 95571 43eac2 95583 43f2d9 20 API calls __dosmaperr 95571->95583 95572 43eae8 95585 43918d EnterCriticalSection 95572->95585 95573->95571 95573->95572 95576 43eac7 95584 4427ec 26 API calls pre_c_initialization 95576->95584 95577 43eaf4 95586 43ec0a 62 API calls 2 library calls 95577->95586 95580 43eb08 95587 43eb27 LeaveCriticalSection __fread_nolock 95580->95587 95582 43ead2 __wsopen_s 95582->95569 95583->95576 95584->95582 95585->95577 95586->95580 95587->95582 95591 43e8e1 95588->95591 95590 415118 95590->95481 95592 43e8ed BuildCatchObjectHelperInternal 95591->95592 95593 43e92d 95592->95593 95594 43e925 __wsopen_s 95592->95594 95598 43e900 ___scrt_fastfail 95592->95598 95606 43918d EnterCriticalSection 95593->95606 95594->95590 95597 43e937 95607 43e6f8 38 API calls 4 library calls 95597->95607 95604 43f2d9 20 API calls __dosmaperr 95598->95604 95599 43e91a 95605 4427ec 26 API calls pre_c_initialization 95599->95605 95601 43e94e 95608 43e96c LeaveCriticalSection __fread_nolock 95601->95608 95604->95599 95605->95594 95606->95597 95607->95601 95608->95594 95612 43e4e8 95609->95612 95611 48275d 95611->95483 95615 43e469 95612->95615 95614 43e505 95614->95611 95616 43e478 95615->95616 95617 43e48c 95615->95617 95623 43f2d9 20 API calls __dosmaperr 95616->95623 95621 43e488 __alldvrm 95617->95621 95625 44333f 11 API calls 2 library calls 95617->95625 95620 43e47d 95624 4427ec 26 API calls pre_c_initialization 95620->95624 95621->95614 95623->95620 95624->95621 95625->95621 95630 482e7a 95626->95630 95627 482d3b 95627->95412 95627->95429 95628 4150f5 40 API calls 95628->95630 95629 4828fe 27 API calls 95629->95630 95630->95627 95630->95628 95630->95629 95631 41511f 64 API calls 95630->95631 95631->95630 95632->95429 95634 43e684 BuildCatchObjectHelperInternal 95633->95634 95635 43e695 95634->95635 95636 43e6aa 95634->95636 95646 43f2d9 20 API calls __dosmaperr 95635->95646 95643 43e6a5 __wsopen_s 95636->95643 95648 43918d EnterCriticalSection 95636->95648 95639 43e69a 95647 4427ec 26 API calls pre_c_initialization 95639->95647 95640 43e6c6 95649 43e602 95640->95649 95643->95435 95644 43e6d1 95665 43e6ee LeaveCriticalSection __fread_nolock 95644->95665 95646->95639 95647->95643 95648->95640 95650 43e624 95649->95650 95651 43e60f 95649->95651 95656 43e61f 95650->95656 95668 43dc0b 95650->95668 95666 43f2d9 20 API calls __dosmaperr 95651->95666 95653 43e614 95667 4427ec 26 API calls pre_c_initialization 95653->95667 95656->95644 95661 43e646 95685 44862f 95661->95685 95664 4429c8 _free 20 API calls 95664->95656 95665->95643 95666->95653 95667->95656 95669 43dc23 95668->95669 95671 43dc1f 95668->95671 95670 43d955 __fread_nolock 26 API calls 95669->95670 95669->95671 95672 43dc43 95670->95672 95674 444d7a 95671->95674 95700 4459be 62 API calls 4 library calls 95672->95700 95675 43e640 95674->95675 95676 444d90 95674->95676 95678 43d955 95675->95678 95676->95675 95677 4429c8 _free 20 API calls 95676->95677 95677->95675 95679 43d961 95678->95679 95680 43d976 95678->95680 95701 43f2d9 20 API calls __dosmaperr 95679->95701 95680->95661 95682 43d966 95702 4427ec 26 API calls pre_c_initialization 95682->95702 95684 43d971 95684->95661 95686 448653 95685->95686 95687 44863e 95685->95687 95689 44868e 95686->95689 95694 44867a 95686->95694 95703 43f2c6 20 API calls __dosmaperr 95687->95703 95708 43f2c6 20 API calls __dosmaperr 95689->95708 95690 448643 95704 43f2d9 20 API calls __dosmaperr 95690->95704 95692 448693 95709 43f2d9 20 API calls __dosmaperr 95692->95709 95705 448607 95694->95705 95697 44869b 95710 4427ec 26 API calls pre_c_initialization 95697->95710 95698 43e64c 95698->95656 95698->95664 95700->95671 95701->95682 95702->95684 95703->95690 95704->95698 95711 448585 95705->95711 95707 44862b 95707->95698 95708->95692 95709->95697 95710->95698 95712 448591 BuildCatchObjectHelperInternal 95711->95712 95722 445147 EnterCriticalSection 95712->95722 95714 44859f 95715 4485c6 95714->95715 95716 4485d1 95714->95716 95723 4486ae 95715->95723 95738 43f2d9 20 API calls __dosmaperr 95716->95738 95719 4485cc 95739 4485fb LeaveCriticalSection __wsopen_s 95719->95739 95721 4485ee __wsopen_s 95721->95707 95722->95714 95740 4453c4 95723->95740 95725 4486c4 95753 445333 21 API calls 2 library calls 95725->95753 95726 4486be 95726->95725 95728 4486f6 95726->95728 95730 4453c4 __wsopen_s 26 API calls 95726->95730 95728->95725 95731 4453c4 __wsopen_s 26 API calls 95728->95731 95729 44871c 95732 44873e 95729->95732 95754 43f2a3 20 API calls __dosmaperr 95729->95754 95733 4486ed 95730->95733 95734 448702 FindCloseChangeNotification 95731->95734 95732->95719 95737 4453c4 __wsopen_s 26 API calls 95733->95737 95734->95725 95735 44870e GetLastError 95734->95735 95735->95725 95737->95728 95738->95719 95739->95721 95741 4453e6 95740->95741 95742 4453d1 95740->95742 95746 44540b 95741->95746 95757 43f2c6 20 API calls __dosmaperr 95741->95757 95755 43f2c6 20 API calls __dosmaperr 95742->95755 95745 4453d6 95756 43f2d9 20 API calls __dosmaperr 95745->95756 95746->95726 95747 445416 95758 43f2d9 20 API calls __dosmaperr 95747->95758 95749 4453de 95749->95726 95751 44541e 95759 4427ec 26 API calls pre_c_initialization 95751->95759 95753->95729 95754->95732 95755->95745 95756->95749 95757->95747 95758->95751 95759->95749 95760 411044 95765 4110f3 95760->95765 95762 41104a 95801 4300a3 29 API calls __onexit 95762->95801 95764 411054 95802 411398 95765->95802 95769 41116a 95770 41a961 22 API calls 95769->95770 95771 411174 95770->95771 95772 41a961 22 API calls 95771->95772 95773 41117e 95772->95773 95774 41a961 22 API calls 95773->95774 95775 411188 95774->95775 95776 41a961 22 API calls 95775->95776 95777 4111c6 95776->95777 95778 41a961 22 API calls 95777->95778 95779 411292 95778->95779 95812 41171c 95779->95812 95783 4112c4 95784 41a961 22 API calls 95783->95784 95785 4112ce 95784->95785 95833 421940 95785->95833 95787 4112f9 95843 411aab 95787->95843 95789 411315 95790 411325 GetStdHandle 95789->95790 95791 452485 95790->95791 95792 41137a 95790->95792 95791->95792 95793 45248e 95791->95793 95796 411387 OleInitialize 95792->95796 95794 42fddb 22 API calls 95793->95794 95795 452495 95794->95795 95850 48011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95795->95850 95796->95762 95798 45249e 95851 480944 CreateThread 95798->95851 95800 4524aa CloseHandle 95800->95792 95801->95764 95852 4113f1 95802->95852 95805 4113f1 22 API calls 95806 4113d0 95805->95806 95807 41a961 22 API calls 95806->95807 95808 4113dc 95807->95808 95809 416b57 22 API calls 95808->95809 95810 411129 95809->95810 95811 411bc3 6 API calls 95810->95811 95811->95769 95813 41a961 22 API calls 95812->95813 95814 41172c 95813->95814 95815 41a961 22 API calls 95814->95815 95816 411734 95815->95816 95817 41a961 22 API calls 95816->95817 95818 41174f 95817->95818 95819 42fddb 22 API calls 95818->95819 95820 41129c 95819->95820 95821 411b4a 95820->95821 95822 411b58 95821->95822 95823 41a961 22 API calls 95822->95823 95824 411b63 95823->95824 95825 41a961 22 API calls 95824->95825 95826 411b6e 95825->95826 95827 41a961 22 API calls 95826->95827 95828 411b79 95827->95828 95829 41a961 22 API calls 95828->95829 95830 411b84 95829->95830 95831 42fddb 22 API calls 95830->95831 95832 411b96 RegisterWindowMessageW 95831->95832 95832->95783 95834 421981 95833->95834 95840 42195d 95833->95840 95859 430242 5 API calls __Init_thread_wait 95834->95859 95836 42198b 95836->95840 95860 4301f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95836->95860 95838 428727 95842 42196e 95838->95842 95862 4301f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95838->95862 95840->95842 95861 430242 5 API calls __Init_thread_wait 95840->95861 95842->95787 95844 45272d 95843->95844 95845 411abb 95843->95845 95863 483209 23 API calls 95844->95863 95846 42fddb 22 API calls 95845->95846 95848 411ac3 95846->95848 95848->95789 95849 452738 95850->95798 95851->95800 95864 48092a 28 API calls 95851->95864 95853 41a961 22 API calls 95852->95853 95854 4113fc 95853->95854 95855 41a961 22 API calls 95854->95855 95856 411404 95855->95856 95857 41a961 22 API calls 95856->95857 95858 4113c6 95857->95858 95858->95805 95859->95836 95860->95840 95861->95838 95862->95842 95863->95849 95865 448402 95870 4481be 95865->95870 95868 44842a 95876 4481ef try_get_first_available_module 95870->95876 95871 448338 95875 448343 95871->95875 95888 43f2d9 20 API calls __dosmaperr 95871->95888 95873 4483ee 95889 4427ec 26 API calls pre_c_initialization 95873->95889 95875->95868 95882 450984 95875->95882 95876->95871 95885 438e0b 40 API calls 2 library calls 95876->95885 95878 44838c 95878->95871 95886 438e0b 40 API calls 2 library calls 95878->95886 95880 4483ab 95880->95871 95887 438e0b 40 API calls 2 library calls 95880->95887 95890 450081 95882->95890 95884 45099f 95884->95868 95885->95878 95886->95880 95887->95871 95888->95873 95889->95875 95893 45008d BuildCatchObjectHelperInternal 95890->95893 95891 45009b 95948 43f2d9 20 API calls __dosmaperr 95891->95948 95893->95891 95894 4500d4 95893->95894 95901 45065b 95894->95901 95895 4500a0 95949 4427ec 26 API calls pre_c_initialization 95895->95949 95900 4500aa __wsopen_s 95900->95884 95951 45042f 95901->95951 95904 4506a6 95969 445221 95904->95969 95905 45068d 95983 43f2c6 20 API calls __dosmaperr 95905->95983 95908 4506ab 95910 4506b4 95908->95910 95911 4506cb 95908->95911 95909 450692 95984 43f2d9 20 API calls __dosmaperr 95909->95984 95985 43f2c6 20 API calls __dosmaperr 95910->95985 95982 45039a CreateFileW 95911->95982 95915 4506b9 95986 43f2d9 20 API calls __dosmaperr 95915->95986 95917 450781 GetFileType 95918 4507d3 95917->95918 95919 45078c GetLastError 95917->95919 95991 44516a 21 API calls 2 library calls 95918->95991 95989 43f2a3 20 API calls __dosmaperr 95919->95989 95920 450756 GetLastError 95988 43f2a3 20 API calls __dosmaperr 95920->95988 95922 450704 95922->95917 95922->95920 95987 45039a CreateFileW 95922->95987 95924 45079a CloseHandle 95924->95909 95926 4507c3 95924->95926 95990 43f2d9 20 API calls __dosmaperr 95926->95990 95928 450749 95928->95917 95928->95920 95930 4507f4 95932 450840 95930->95932 95992 4505ab 72 API calls 3 library calls 95930->95992 95931 4507c8 95931->95909 95936 45086d 95932->95936 95993 45014d 72 API calls 4 library calls 95932->95993 95935 450866 95935->95936 95938 45087e 95935->95938 95937 4486ae __wsopen_s 29 API calls 95936->95937 95939 4500f8 95937->95939 95938->95939 95940 4508fc CloseHandle 95938->95940 95950 450121 LeaveCriticalSection __wsopen_s 95939->95950 95994 45039a CreateFileW 95940->95994 95942 450927 95943 450931 GetLastError 95942->95943 95944 45095d 95942->95944 95995 43f2a3 20 API calls __dosmaperr 95943->95995 95944->95939 95946 45093d 95996 445333 21 API calls 2 library calls 95946->95996 95948->95895 95949->95900 95950->95900 95952 45046a 95951->95952 95953 450450 95951->95953 95997 4503bf 95952->95997 95953->95952 96004 43f2d9 20 API calls __dosmaperr 95953->96004 95956 45045f 96005 4427ec 26 API calls pre_c_initialization 95956->96005 95958 4504a2 95959 4504d1 95958->95959 96006 43f2d9 20 API calls __dosmaperr 95958->96006 95960 450524 95959->95960 96008 43d70d 26 API calls 2 library calls 95959->96008 95960->95904 95960->95905 95963 45051f 95963->95960 95965 45059e 95963->95965 95964 4504c6 96007 4427ec 26 API calls pre_c_initialization 95964->96007 96009 4427fc 11 API calls _abort 95965->96009 95968 4505aa 95970 44522d BuildCatchObjectHelperInternal 95969->95970 96012 442f5e EnterCriticalSection 95970->96012 95972 44527b 96013 44532a 95972->96013 95974 445259 96016 445000 95974->96016 95975 4452a4 __wsopen_s 95975->95908 95978 445234 95978->95972 95978->95974 95979 4452c7 EnterCriticalSection 95978->95979 95979->95972 95981 4452d4 LeaveCriticalSection 95979->95981 95981->95978 95982->95922 95983->95909 95984->95939 95985->95915 95986->95909 95987->95928 95988->95909 95989->95924 95990->95931 95991->95930 95992->95932 95993->95935 95994->95942 95995->95946 95996->95944 95998 4503d7 95997->95998 95999 4503f2 95998->95999 96010 43f2d9 20 API calls __dosmaperr 95998->96010 95999->95958 96001 450416 96011 4427ec 26 API calls pre_c_initialization 96001->96011 96003 450421 96003->95958 96004->95956 96005->95952 96006->95964 96007->95959 96008->95963 96009->95968 96010->96001 96011->96003 96012->95978 96024 442fa6 LeaveCriticalSection 96013->96024 96015 445331 96015->95975 96017 444c7d FindHandler 20 API calls 96016->96017 96022 445012 96017->96022 96018 44501f 96019 4429c8 _free 20 API calls 96018->96019 96021 445071 96019->96021 96021->95972 96023 445147 EnterCriticalSection 96021->96023 96022->96018 96025 443405 11 API calls 2 library calls 96022->96025 96023->95972 96024->96015 96025->96022 96026 462a00 96040 41d7b0 messages 96026->96040 96027 41db11 PeekMessageW 96027->96040 96028 41d807 GetInputState 96028->96027 96028->96040 96030 461cbe TranslateAcceleratorW 96030->96040 96031 41da04 timeGetTime 96031->96040 96032 41db73 TranslateMessage DispatchMessageW 96033 41db8f PeekMessageW 96032->96033 96033->96040 96034 41dbaf Sleep 96056 41dbc0 96034->96056 96035 462b74 Sleep 96035->96056 96036 461dda timeGetTime 96179 42e300 23 API calls 96036->96179 96037 42e551 timeGetTime 96037->96056 96040->96027 96040->96028 96040->96030 96040->96031 96040->96032 96040->96033 96040->96034 96040->96035 96040->96036 96043 41d9d5 96040->96043 96058 41dd50 96040->96058 96065 421310 96040->96065 96119 41dfd0 185 API calls 3 library calls 96040->96119 96120 41bf40 96040->96120 96178 42edf6 IsDialogMessageW GetClassLongW 96040->96178 96180 483a2a 23 API calls 96040->96180 96181 41ec40 96040->96181 96205 48359c 82 API calls __wsopen_s 96040->96205 96041 462c0b GetExitCodeProcess 96044 462c37 CloseHandle 96041->96044 96045 462c21 WaitForSingleObject 96041->96045 96044->96056 96045->96040 96045->96044 96046 462a31 96046->96043 96047 4a29bf GetForegroundWindow 96047->96056 96048 462ca9 Sleep 96048->96040 96056->96037 96056->96040 96056->96041 96056->96043 96056->96046 96056->96047 96056->96048 96206 495658 23 API calls 96056->96206 96207 47e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96056->96207 96208 47d4dc CreateToolhelp32Snapshot Process32FirstW 96056->96208 96059 41dd83 96058->96059 96060 41dd6f 96058->96060 96250 48359c 82 API calls __wsopen_s 96059->96250 96218 41d260 96060->96218 96062 41dd7a 96062->96040 96064 462f75 96064->96064 96066 4217b0 96065->96066 96067 421376 96065->96067 96272 430242 5 API calls __Init_thread_wait 96066->96272 96069 421390 96067->96069 96070 466331 96067->96070 96073 421940 9 API calls 96069->96073 96277 49709c 185 API calls 96070->96277 96072 4217ba 96075 4217fb 96072->96075 96078 419cb3 22 API calls 96072->96078 96076 4213a0 96073->96076 96074 46633d 96074->96040 96080 466346 96075->96080 96082 42182c 96075->96082 96077 421940 9 API calls 96076->96077 96079 4213b6 96077->96079 96086 4217d4 96078->96086 96079->96075 96081 4213ec 96079->96081 96278 48359c 82 API calls __wsopen_s 96080->96278 96081->96080 96087 421408 __fread_nolock 96081->96087 96274 41aceb 23 API calls messages 96082->96274 96085 421839 96275 42d217 185 API calls 96085->96275 96273 4301f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96086->96273 96087->96085 96090 46636e 96087->96090 96097 42fddb 22 API calls 96087->96097 96099 42fe0b 22 API calls 96087->96099 96104 41ec40 185 API calls 96087->96104 96105 42152f 96087->96105 96106 4663b2 96087->96106 96109 466369 96087->96109 96279 48359c 82 API calls __wsopen_s 96090->96279 96092 4663d1 96281 495745 54 API calls _wcslen 96092->96281 96093 42153c 96095 421940 9 API calls 96093->96095 96096 421549 96095->96096 96100 4664fa 96096->96100 96101 421940 9 API calls 96096->96101 96097->96087 96098 421872 96276 42faeb 23 API calls 96098->96276 96099->96087 96100->96109 96283 48359c 82 API calls __wsopen_s 96100->96283 96107 421563 96101->96107 96104->96087 96105->96092 96105->96093 96280 48359c 82 API calls __wsopen_s 96106->96280 96107->96100 96112 4215c7 messages 96107->96112 96282 41a8c7 22 API calls __fread_nolock 96107->96282 96109->96040 96111 421940 9 API calls 96111->96112 96112->96098 96112->96100 96112->96109 96112->96111 96115 42167b messages 96112->96115 96258 485c5a 96112->96258 96263 49ac5b 96112->96263 96266 49a2ea 96112->96266 96113 42171d 96113->96040 96115->96113 96271 42ce17 22 API calls messages 96115->96271 96119->96040 96348 41adf0 96120->96348 96122 41bf9d 96123 4604b6 96122->96123 96124 41bfa9 96122->96124 96367 48359c 82 API calls __wsopen_s 96123->96367 96126 4604c6 96124->96126 96127 41c01e 96124->96127 96368 48359c 82 API calls __wsopen_s 96126->96368 96353 41ac91 96127->96353 96130 477120 22 API calls 96148 41c039 __fread_nolock messages 96130->96148 96131 41c7da 96135 42fe0b 22 API calls 96131->96135 96140 41c808 __fread_nolock 96135->96140 96137 4604f5 96141 46055a 96137->96141 96369 42d217 185 API calls 96137->96369 96144 42fe0b 22 API calls 96140->96144 96165 41c603 96141->96165 96370 48359c 82 API calls __wsopen_s 96141->96370 96142 41ec40 185 API calls 96142->96148 96143 46091a 96380 483209 23 API calls 96143->96380 96176 41c350 __fread_nolock messages 96144->96176 96145 41af8a 22 API calls 96145->96148 96148->96130 96148->96131 96148->96137 96148->96140 96148->96141 96148->96142 96148->96143 96148->96145 96149 4608a5 96148->96149 96153 460591 96148->96153 96154 4608f6 96148->96154 96159 41bbe0 40 API calls 96148->96159 96161 42fddb 22 API calls 96148->96161 96163 41c237 96148->96163 96148->96165 96171 4609bf 96148->96171 96175 42fe0b 22 API calls 96148->96175 96357 41ad81 96148->96357 96372 477099 22 API calls __fread_nolock 96148->96372 96373 495745 54 API calls _wcslen 96148->96373 96374 42aa42 22 API calls messages 96148->96374 96375 47f05c 40 API calls 96148->96375 96376 41a993 41 API calls 96148->96376 96377 41aceb 23 API calls messages 96148->96377 96150 41ec40 185 API calls 96149->96150 96152 4608cf 96150->96152 96152->96165 96378 41a81b 41 API calls 96152->96378 96371 48359c 82 API calls __wsopen_s 96153->96371 96379 48359c 82 API calls __wsopen_s 96154->96379 96159->96148 96161->96148 96162 41c253 96166 460976 96162->96166 96169 41c297 messages 96162->96169 96163->96162 96381 41a8c7 22 API calls __fread_nolock 96163->96381 96165->96040 96382 41aceb 23 API calls messages 96166->96382 96169->96171 96364 41aceb 23 API calls messages 96169->96364 96171->96165 96383 48359c 82 API calls __wsopen_s 96171->96383 96172 41c335 96172->96171 96173 41c342 96172->96173 96365 41a704 22 API calls messages 96173->96365 96175->96148 96177 41c3ac 96176->96177 96366 42ce17 22 API calls messages 96176->96366 96177->96040 96178->96040 96179->96040 96180->96040 96203 41ec76 messages 96181->96203 96182 4301f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96182->96203 96184 41fef7 96198 41ed9d messages 96184->96198 96396 41a8c7 22 API calls __fread_nolock 96184->96396 96186 42fddb 22 API calls 96186->96203 96187 464b0b 96398 48359c 82 API calls __wsopen_s 96187->96398 96188 464600 96188->96198 96395 41a8c7 22 API calls __fread_nolock 96188->96395 96192 430242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96192->96203 96193 41a8c7 22 API calls 96193->96203 96196 41fbe3 96196->96198 96200 464bdc 96196->96200 96204 41f3ae messages 96196->96204 96197 41a961 22 API calls 96197->96203 96198->96040 96199 4300a3 29 API calls pre_c_initialization 96199->96203 96399 48359c 82 API calls __wsopen_s 96200->96399 96202 464beb 96400 48359c 82 API calls __wsopen_s 96202->96400 96203->96182 96203->96184 96203->96186 96203->96187 96203->96188 96203->96192 96203->96193 96203->96196 96203->96197 96203->96198 96203->96199 96203->96202 96203->96204 96393 4201e0 185 API calls 2 library calls 96203->96393 96394 4206a0 41 API calls messages 96203->96394 96204->96198 96397 48359c 82 API calls __wsopen_s 96204->96397 96205->96040 96206->96056 96207->96056 96401 47def7 96208->96401 96210 47d5db FindCloseChangeNotification 96210->96056 96211 47d529 Process32NextW 96211->96210 96213 47d522 96211->96213 96212 41a961 22 API calls 96212->96213 96213->96210 96213->96211 96213->96212 96214 419cb3 22 API calls 96213->96214 96407 41525f 22 API calls 96213->96407 96408 416350 22 API calls 96213->96408 96409 42ce60 41 API calls 96213->96409 96214->96213 96219 41ec40 185 API calls 96218->96219 96220 41d29d 96219->96220 96221 41d30b messages 96220->96221 96222 41d6d5 96220->96222 96223 461bc4 96220->96223 96225 41d3c3 96220->96225 96231 41d4b8 96220->96231 96234 42fddb 22 API calls 96220->96234 96245 41d429 __fread_nolock messages 96220->96245 96221->96062 96222->96221 96235 42fe0b 22 API calls 96222->96235 96257 48359c 82 API calls __wsopen_s 96223->96257 96225->96222 96226 41d3ce 96225->96226 96228 42fddb 22 API calls 96226->96228 96227 41d5ff 96229 461bb5 96227->96229 96230 41d614 96227->96230 96239 41d3d5 __fread_nolock 96228->96239 96256 495705 23 API calls 96229->96256 96233 42fddb 22 API calls 96230->96233 96236 42fe0b 22 API calls 96231->96236 96242 41d46a 96233->96242 96234->96220 96235->96239 96236->96245 96237 42fddb 22 API calls 96238 41d3f6 96237->96238 96238->96245 96251 41bec0 185 API calls 96238->96251 96239->96237 96239->96238 96241 461ba4 96255 48359c 82 API calls __wsopen_s 96241->96255 96242->96062 96245->96227 96245->96241 96245->96242 96246 461b7f 96245->96246 96248 461b5d 96245->96248 96252 411f6f 185 API calls 96245->96252 96254 48359c 82 API calls __wsopen_s 96246->96254 96253 48359c 82 API calls __wsopen_s 96248->96253 96250->96064 96251->96245 96252->96245 96253->96242 96254->96242 96255->96242 96256->96223 96257->96221 96284 417510 96258->96284 96262 485c77 96262->96112 96316 49ad64 96263->96316 96265 49ac6f 96265->96112 96267 417510 53 API calls 96266->96267 96268 49a306 96267->96268 96269 47d4dc 47 API calls 96268->96269 96270 49a315 96269->96270 96270->96112 96271->96115 96272->96072 96273->96075 96274->96085 96275->96098 96276->96098 96277->96074 96278->96109 96279->96109 96280->96109 96281->96107 96282->96112 96283->96109 96285 417522 96284->96285 96286 417525 96284->96286 96307 47dbbe lstrlenW 96285->96307 96287 41755b 96286->96287 96288 41752d 96286->96288 96290 4550f6 96287->96290 96293 41756d 96287->96293 96298 45500f 96287->96298 96312 4351c6 26 API calls 96288->96312 96315 435183 26 API calls 96290->96315 96291 41753d 96297 42fddb 22 API calls 96291->96297 96313 42fb21 51 API calls 96293->96313 96294 45510e 96294->96294 96299 417547 96297->96299 96301 42fe0b 22 API calls 96298->96301 96306 455088 96298->96306 96300 419cb3 22 API calls 96299->96300 96300->96285 96302 455058 96301->96302 96303 42fddb 22 API calls 96302->96303 96304 45507f 96303->96304 96305 419cb3 22 API calls 96304->96305 96305->96306 96314 42fb21 51 API calls 96306->96314 96308 47dc06 96307->96308 96309 47dbdc GetFileAttributesW 96307->96309 96308->96262 96309->96308 96310 47dbe8 FindFirstFileW 96309->96310 96310->96308 96311 47dbf9 FindClose 96310->96311 96311->96308 96312->96291 96313->96291 96314->96290 96315->96294 96317 41a961 22 API calls 96316->96317 96318 49ad77 ___scrt_fastfail 96317->96318 96319 49adce 96318->96319 96320 417510 53 API calls 96318->96320 96321 49adee 96319->96321 96322 417510 53 API calls 96319->96322 96324 49adab 96320->96324 96323 49ae3a 96321->96323 96326 417510 53 API calls 96321->96326 96325 49ade4 96322->96325 96328 49ae4d ___scrt_fastfail 96323->96328 96347 41b567 39 API calls 96323->96347 96324->96319 96329 417510 53 API calls 96324->96329 96345 417620 22 API calls _wcslen 96325->96345 96335 49ae04 96326->96335 96333 417510 53 API calls 96328->96333 96331 49adc4 96329->96331 96344 417620 22 API calls _wcslen 96331->96344 96334 49ae85 ShellExecuteExW 96333->96334 96340 49aeb0 96334->96340 96335->96323 96336 417510 53 API calls 96335->96336 96337 49ae28 96336->96337 96337->96323 96346 41a8c7 22 API calls __fread_nolock 96337->96346 96339 49aec8 96339->96265 96340->96339 96341 49af35 GetProcessId 96340->96341 96342 49af48 96341->96342 96343 49af58 CloseHandle 96342->96343 96343->96339 96344->96319 96345->96321 96346->96323 96347->96328 96349 41ae01 96348->96349 96351 41ae1c messages 96348->96351 96350 41aec9 22 API calls 96349->96350 96352 41ae09 CharUpperBuffW 96350->96352 96351->96122 96352->96351 96354 41acae 96353->96354 96355 41acd1 96354->96355 96384 48359c 82 API calls __wsopen_s 96354->96384 96355->96148 96358 41ad92 96357->96358 96359 45fadb 96357->96359 96360 42fddb 22 API calls 96358->96360 96361 41ad99 96360->96361 96385 41adcd 96361->96385 96364->96172 96365->96176 96366->96176 96367->96126 96368->96165 96369->96141 96370->96165 96371->96165 96372->96148 96373->96148 96374->96148 96375->96148 96376->96148 96377->96148 96378->96154 96379->96165 96380->96163 96381->96162 96382->96171 96383->96165 96384->96355 96391 41addd 96385->96391 96386 41adb6 96386->96148 96387 42fddb 22 API calls 96387->96391 96388 41a961 22 API calls 96388->96391 96390 41adcd 22 API calls 96390->96391 96391->96386 96391->96387 96391->96388 96391->96390 96392 41a8c7 22 API calls __fread_nolock 96391->96392 96392->96391 96393->96203 96394->96203 96395->96198 96396->96198 96397->96198 96398->96198 96399->96202 96400->96198 96405 47df02 96401->96405 96402 47df19 96411 4362fb 39 API calls _strftime 96402->96411 96405->96402 96406 47df1f 96405->96406 96410 4363b2 GetStringTypeW _strftime 96405->96410 96406->96213 96407->96213 96408->96213 96409->96213 96410->96405 96411->96406 96412 452402 96415 411410 96412->96415 96416 4524b8 DestroyWindow 96415->96416 96417 41144f mciSendStringW 96415->96417 96430 4524c4 96416->96430 96418 4116c6 96417->96418 96419 41146b 96417->96419 96418->96419 96420 4116d5 UnregisterHotKey 96418->96420 96421 411479 96419->96421 96419->96430 96420->96418 96448 41182e 96421->96448 96424 452509 96429 45252d 96424->96429 96431 45251c FreeLibrary 96424->96431 96425 4524e2 FindClose 96425->96430 96426 4524d8 96426->96430 96454 416246 CloseHandle 96426->96454 96427 41148e 96427->96429 96436 41149c 96427->96436 96432 452541 VirtualFree 96429->96432 96439 411509 96429->96439 96430->96424 96430->96425 96430->96426 96431->96424 96432->96429 96433 4114f8 OleUninitialize 96433->96439 96434 411514 96438 411524 96434->96438 96435 452589 96441 452598 messages 96435->96441 96455 4832eb 6 API calls messages 96435->96455 96436->96433 96452 411944 VirtualFreeEx CloseHandle 96438->96452 96439->96434 96439->96435 96443 452627 96441->96443 96456 4764d4 22 API calls messages 96441->96456 96444 41153a 96444->96441 96445 41161f 96444->96445 96445->96443 96453 411876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96445->96453 96447 4116c1 96449 41183b 96448->96449 96450 411480 96449->96450 96457 47702a 22 API calls 96449->96457 96450->96424 96450->96427 96452->96444 96453->96447 96454->96426 96455->96435 96456->96441 96457->96449 96458 411cad SystemParametersInfoW 96459 411033 96464 414c91 96459->96464 96463 411042 96465 41a961 22 API calls 96464->96465 96466 414cff 96465->96466 96472 413af0 96466->96472 96469 414d9c 96470 411038 96469->96470 96475 4151f7 22 API calls __fread_nolock 96469->96475 96471 4300a3 29 API calls __onexit 96470->96471 96471->96463 96476 413b1c 96472->96476 96475->96469 96477 413b0f 96476->96477 96478 413b29 96476->96478 96477->96469 96478->96477 96479 413b30 RegOpenKeyExW 96478->96479 96479->96477 96480 413b4a RegQueryValueExW 96479->96480 96481 413b80 RegCloseKey 96480->96481 96482 413b6b 96480->96482 96481->96477 96482->96481 96483 463f75 96494 42ceb1 96483->96494 96485 463f8b 96493 464006 96485->96493 96503 42e300 23 API calls 96485->96503 96487 41bf40 185 API calls 96488 464052 96487->96488 96491 464a88 96488->96491 96505 48359c 82 API calls __wsopen_s 96488->96505 96490 463fe6 96490->96488 96504 481abf 22 API calls 96490->96504 96493->96487 96495 42ced2 96494->96495 96496 42cebf 96494->96496 96498 42ced7 96495->96498 96499 42cf05 96495->96499 96506 41aceb 23 API calls messages 96496->96506 96500 42fddb 22 API calls 96498->96500 96507 41aceb 23 API calls messages 96499->96507 96502 42cec9 96500->96502 96502->96485 96503->96490 96504->96493 96505->96491 96506->96502 96507->96502 96508 412e37 96509 41a961 22 API calls 96508->96509 96510 412e4d 96509->96510 96587 414ae3 96510->96587 96512 412e6b 96513 413a5a 24 API calls 96512->96513 96514 412e7f 96513->96514 96515 419cb3 22 API calls 96514->96515 96516 412e8c 96515->96516 96517 414ecb 94 API calls 96516->96517 96518 412ea5 96517->96518 96519 452cb0 96518->96519 96520 412ead 96518->96520 96521 482cf9 80 API calls 96519->96521 96601 41a8c7 22 API calls __fread_nolock 96520->96601 96522 452cc3 96521->96522 96524 452ccf 96522->96524 96526 414f39 68 API calls 96522->96526 96528 414f39 68 API calls 96524->96528 96525 412ec3 96602 416f88 22 API calls 96525->96602 96526->96524 96532 452ce5 96528->96532 96529 412ecf 96530 419cb3 22 API calls 96529->96530 96531 412edc 96530->96531 96603 41a81b 41 API calls 96531->96603 96619 413084 22 API calls 96532->96619 96535 412eec 96537 419cb3 22 API calls 96535->96537 96536 452d02 96620 413084 22 API calls 96536->96620 96539 412f12 96537->96539 96604 41a81b 41 API calls 96539->96604 96540 452d1e 96542 413a5a 24 API calls 96540->96542 96544 452d44 96542->96544 96543 412f21 96547 41a961 22 API calls 96543->96547 96621 413084 22 API calls 96544->96621 96546 452d50 96622 41a8c7 22 API calls __fread_nolock 96546->96622 96549 412f3f 96547->96549 96605 413084 22 API calls 96549->96605 96550 452d5e 96623 413084 22 API calls 96550->96623 96553 412f4b 96606 434a28 40 API calls 3 library calls 96553->96606 96554 452d6d 96624 41a8c7 22 API calls __fread_nolock 96554->96624 96556 412f59 96556->96532 96557 412f63 96556->96557 96607 434a28 40 API calls 3 library calls 96557->96607 96560 452d83 96625 413084 22 API calls 96560->96625 96561 412f6e 96561->96536 96563 412f78 96561->96563 96608 434a28 40 API calls 3 library calls 96563->96608 96564 452d90 96566 412f83 96566->96540 96567 412f8d 96566->96567 96609 434a28 40 API calls 3 library calls 96567->96609 96569 412f98 96570 412fdc 96569->96570 96610 413084 22 API calls 96569->96610 96570->96554 96571 412fe8 96570->96571 96571->96564 96613 4163eb 22 API calls 96571->96613 96573 412fbf 96611 41a8c7 22 API calls __fread_nolock 96573->96611 96575 412ff8 96614 416a50 22 API calls 96575->96614 96578 412fcd 96612 413084 22 API calls 96578->96612 96579 413006 96615 4170b0 23 API calls 96579->96615 96584 413021 96585 413065 96584->96585 96616 416f88 22 API calls 96584->96616 96617 4170b0 23 API calls 96584->96617 96618 413084 22 API calls 96584->96618 96588 414af0 __wsopen_s 96587->96588 96589 416b57 22 API calls 96588->96589 96590 414b22 96588->96590 96589->96590 96600 414b58 96590->96600 96626 414c6d 96590->96626 96592 419cb3 22 API calls 96594 414c52 96592->96594 96593 419cb3 22 API calls 96593->96600 96596 41515f 22 API calls 96594->96596 96595 414c6d 22 API calls 96595->96600 96598 414c5e 96596->96598 96597 41515f 22 API calls 96597->96600 96598->96512 96599 414c29 96599->96592 96599->96598 96600->96593 96600->96595 96600->96597 96600->96599 96601->96525 96602->96529 96603->96535 96604->96543 96605->96553 96606->96556 96607->96561 96608->96566 96609->96569 96610->96573 96611->96578 96612->96570 96613->96575 96614->96579 96615->96584 96616->96584 96617->96584 96618->96584 96619->96536 96620->96540 96621->96546 96622->96550 96623->96554 96624->96560 96625->96564 96627 41aec9 22 API calls 96626->96627 96628 414c78 96627->96628 96628->96590 96629 413156 96632 413170 96629->96632 96633 413187 96632->96633 96634 4131eb 96633->96634 96635 41318c 96633->96635 96670 4131e9 96633->96670 96639 4131f1 96634->96639 96640 452dfb 96634->96640 96636 413265 PostQuitMessage 96635->96636 96637 413199 96635->96637 96673 41316a 96636->96673 96642 4131a4 96637->96642 96643 452e7c 96637->96643 96638 4131d0 DefWindowProcW 96638->96673 96644 4131f8 96639->96644 96645 41321d SetTimer RegisterWindowMessageW 96639->96645 96680 4118e2 10 API calls 96640->96680 96649 452e68 96642->96649 96650 4131ae 96642->96650 96684 47bf30 34 API calls ___scrt_fastfail 96643->96684 96646 413201 KillTimer 96644->96646 96647 452d9c 96644->96647 96651 413246 CreatePopupMenu 96645->96651 96645->96673 96653 4130f2 Shell_NotifyIconW 96646->96653 96659 452dd7 MoveWindow 96647->96659 96660 452da1 96647->96660 96648 452e1c 96681 42e499 42 API calls 96648->96681 96683 47c161 27 API calls ___scrt_fastfail 96649->96683 96656 452e4d 96650->96656 96657 4131b9 96650->96657 96651->96673 96661 413214 96653->96661 96656->96638 96682 470ad7 22 API calls 96656->96682 96662 413253 96657->96662 96668 4131c4 96657->96668 96658 452e8e 96658->96638 96658->96673 96659->96673 96663 452da7 96660->96663 96664 452dc6 SetFocus 96660->96664 96677 413c50 DeleteObject DestroyWindow 96661->96677 96678 41326f 44 API calls ___scrt_fastfail 96662->96678 96663->96668 96669 452db0 96663->96669 96664->96673 96668->96638 96674 4130f2 Shell_NotifyIconW 96668->96674 96679 4118e2 10 API calls 96669->96679 96670->96638 96671 413263 96671->96673 96675 452e41 96674->96675 96676 413837 49 API calls 96675->96676 96676->96670 96677->96673 96678->96671 96679->96673 96680->96648 96681->96668 96682->96670 96683->96671 96684->96658 96685 4303fb 96686 430407 BuildCatchObjectHelperInternal 96685->96686 96714 42feb1 96686->96714 96688 43040e 96689 430561 96688->96689 96692 430438 96688->96692 96744 43083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96689->96744 96691 430568 96737 434e52 96691->96737 96703 430477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96692->96703 96725 44247d 96692->96725 96698 430457 96701 4304d8 96733 430959 96701->96733 96703->96701 96740 434e1a 38 API calls 3 library calls 96703->96740 96705 4304de 96706 4304f3 96705->96706 96741 430992 GetModuleHandleW 96706->96741 96708 4304fa 96708->96691 96709 4304fe 96708->96709 96710 430507 96709->96710 96742 434df5 28 API calls _abort 96709->96742 96743 430040 13 API calls 2 library calls 96710->96743 96713 43050f 96713->96698 96715 42feba 96714->96715 96746 430698 IsProcessorFeaturePresent 96715->96746 96717 42fec6 96747 432c94 10 API calls 3 library calls 96717->96747 96719 42fecb 96724 42fecf 96719->96724 96748 442317 96719->96748 96722 42fee6 96722->96688 96724->96688 96726 442494 96725->96726 96727 430a8c _ValidateLocalCookies 5 API calls 96726->96727 96728 430451 96727->96728 96728->96698 96729 442421 96728->96729 96730 442450 96729->96730 96731 430a8c _ValidateLocalCookies 5 API calls 96730->96731 96732 442479 96731->96732 96732->96703 96799 432340 96733->96799 96736 43097f 96736->96705 96801 434bcf 96737->96801 96740->96701 96741->96708 96742->96710 96743->96713 96744->96691 96746->96717 96747->96719 96752 44d1f6 96748->96752 96751 432cbd 8 API calls 3 library calls 96751->96724 96755 44d213 96752->96755 96756 44d20f 96752->96756 96754 42fed8 96754->96722 96754->96751 96755->96756 96758 444bfb 96755->96758 96770 430a8c 96756->96770 96759 444c07 BuildCatchObjectHelperInternal 96758->96759 96777 442f5e EnterCriticalSection 96759->96777 96761 444c0e 96778 4450af 96761->96778 96763 444c1d 96769 444c2c 96763->96769 96791 444a8f 29 API calls 96763->96791 96766 444c27 96792 444b45 GetStdHandle GetFileType 96766->96792 96768 444c3d __wsopen_s 96768->96755 96793 444c48 LeaveCriticalSection _abort 96769->96793 96771 430a97 IsProcessorFeaturePresent 96770->96771 96772 430a95 96770->96772 96774 430c5d 96771->96774 96772->96754 96798 430c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96774->96798 96776 430d40 96776->96754 96777->96761 96779 4450bb BuildCatchObjectHelperInternal 96778->96779 96780 4450df 96779->96780 96781 4450c8 96779->96781 96794 442f5e EnterCriticalSection 96780->96794 96795 43f2d9 20 API calls __dosmaperr 96781->96795 96784 4450cd 96796 4427ec 26 API calls pre_c_initialization 96784->96796 96785 4450eb 96789 445000 __wsopen_s 21 API calls 96785->96789 96790 445117 96785->96790 96788 4450d7 __wsopen_s 96788->96763 96789->96785 96797 44513e LeaveCriticalSection _abort 96790->96797 96791->96766 96792->96769 96793->96768 96794->96785 96795->96784 96796->96788 96797->96788 96798->96776 96800 43096c GetStartupInfoW 96799->96800 96800->96736 96802 434bdb FindHandler 96801->96802 96803 434be2 96802->96803 96804 434bf4 96802->96804 96840 434d29 GetModuleHandleW 96803->96840 96825 442f5e EnterCriticalSection 96804->96825 96807 434be7 96807->96804 96841 434d6d GetModuleHandleExW 96807->96841 96808 434c99 96829 434cd9 96808->96829 96813 434c70 96814 434c88 96813->96814 96819 442421 _abort 5 API calls 96813->96819 96820 442421 _abort 5 API calls 96814->96820 96815 434bfb 96815->96808 96815->96813 96826 4421a8 96815->96826 96816 434ce2 96849 451d29 5 API calls _ValidateLocalCookies 96816->96849 96817 434cb6 96832 434ce8 96817->96832 96819->96814 96820->96808 96825->96815 96850 441ee1 96826->96850 96869 442fa6 LeaveCriticalSection 96829->96869 96831 434cb2 96831->96816 96831->96817 96870 44360c 96832->96870 96835 434d16 96838 434d6d _abort 8 API calls 96835->96838 96836 434cf6 GetPEB 96836->96835 96837 434d06 GetCurrentProcess TerminateProcess 96836->96837 96837->96835 96839 434d1e ExitProcess 96838->96839 96840->96807 96842 434d97 GetProcAddress 96841->96842 96843 434dba 96841->96843 96844 434dac 96842->96844 96845 434dc0 FreeLibrary 96843->96845 96846 434dc9 96843->96846 96844->96843 96845->96846 96847 430a8c _ValidateLocalCookies 5 API calls 96846->96847 96848 434bf3 96847->96848 96848->96804 96853 441e90 96850->96853 96852 441f05 96852->96813 96854 441e9c BuildCatchObjectHelperInternal 96853->96854 96861 442f5e EnterCriticalSection 96854->96861 96856 441eaa 96862 441f31 96856->96862 96860 441ec8 __wsopen_s 96860->96852 96861->96856 96863 441f51 96862->96863 96867 441f59 96862->96867 96864 430a8c _ValidateLocalCookies 5 API calls 96863->96864 96865 441eb7 96864->96865 96868 441ed5 LeaveCriticalSection _abort 96865->96868 96866 4429c8 _free 20 API calls 96866->96863 96867->96863 96867->96866 96868->96860 96869->96831 96871 443627 96870->96871 96872 443631 96870->96872 96874 430a8c _ValidateLocalCookies 5 API calls 96871->96874 96877 442fd7 5 API calls 2 library calls 96872->96877 96875 434cf2 96874->96875 96875->96835 96875->96836 96876 443648 96876->96871 96877->96876 96878 411098 96883 4142de 96878->96883 96882 4110a7 96884 41a961 22 API calls 96883->96884 96885 4142f5 GetVersionExW 96884->96885 96886 416b57 22 API calls 96885->96886 96887 414342 96886->96887 96888 4193b2 22 API calls 96887->96888 96897 414378 96887->96897 96889 41436c 96888->96889 96891 4137a0 22 API calls 96889->96891 96890 41441b GetCurrentProcess IsWow64Process 96892 414437 96890->96892 96891->96897 96893 453824 GetSystemInfo 96892->96893 96894 41444f LoadLibraryA 96892->96894 96895 414460 GetProcAddress 96894->96895 96896 41449c GetSystemInfo 96894->96896 96895->96896 96899 414470 GetNativeSystemInfo 96895->96899 96900 414476 96896->96900 96897->96890 96898 4537df 96897->96898 96899->96900 96901 41109d 96900->96901 96902 41447a FreeLibrary 96900->96902 96903 4300a3 29 API calls __onexit 96901->96903 96902->96901 96903->96882 96904 41105b 96909 41344d 96904->96909 96906 41106a 96940 4300a3 29 API calls __onexit 96906->96940 96908 411074 96910 41345d __wsopen_s 96909->96910 96911 41a961 22 API calls 96910->96911 96912 413513 96911->96912 96913 413a5a 24 API calls 96912->96913 96914 41351c 96913->96914 96941 413357 96914->96941 96917 4133c6 22 API calls 96918 413535 96917->96918 96919 41515f 22 API calls 96918->96919 96920 413544 96919->96920 96921 41a961 22 API calls 96920->96921 96922 41354d 96921->96922 96923 41a6c3 22 API calls 96922->96923 96924 413556 RegOpenKeyExW 96923->96924 96925 453176 RegQueryValueExW 96924->96925 96929 413578 96924->96929 96926 453193 96925->96926 96927 45320c RegCloseKey 96925->96927 96928 42fe0b 22 API calls 96926->96928 96927->96929 96936 45321e _wcslen 96927->96936 96930 4531ac 96928->96930 96929->96906 96932 415722 22 API calls 96930->96932 96931 414c6d 22 API calls 96931->96936 96933 4531b7 RegQueryValueExW 96932->96933 96934 4531d4 96933->96934 96937 4531ee messages 96933->96937 96935 416b57 22 API calls 96934->96935 96935->96937 96936->96929 96936->96931 96938 419cb3 22 API calls 96936->96938 96939 41515f 22 API calls 96936->96939 96937->96927 96938->96936 96939->96936 96940->96908 96942 451f50 __wsopen_s 96941->96942 96943 413364 GetFullPathNameW 96942->96943 96944 413386 96943->96944 96945 416b57 22 API calls 96944->96945 96946 4133a4 96945->96946 96946->96917 96947 41f7bf 96948 41f7d3 96947->96948 96949 41fcb6 96947->96949 96951 41fcc2 96948->96951 96953 42fddb 22 API calls 96948->96953 96984 41aceb 23 API calls messages 96949->96984 96985 41aceb 23 API calls messages 96951->96985 96954 41f7e5 96953->96954 96954->96951 96955 41f83e 96954->96955 96956 41fd3d 96954->96956 96958 421310 185 API calls 96955->96958 96960 41ed9d messages 96955->96960 96986 481155 22 API calls 96956->96986 96980 41ec76 messages 96958->96980 96959 464beb 96992 48359c 82 API calls __wsopen_s 96959->96992 96962 41fef7 96962->96960 96988 41a8c7 22 API calls __fread_nolock 96962->96988 96964 42fddb 22 API calls 96964->96980 96965 464b0b 96990 48359c 82 API calls __wsopen_s 96965->96990 96966 41a8c7 22 API calls 96966->96980 96970 464600 96970->96960 96987 41a8c7 22 API calls __fread_nolock 96970->96987 96973 41fbe3 96973->96960 96976 464bdc 96973->96976 96981 41f3ae messages 96973->96981 96974 41a961 22 API calls 96974->96980 96975 4300a3 29 API calls pre_c_initialization 96975->96980 96991 48359c 82 API calls __wsopen_s 96976->96991 96977 430242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96977->96980 96979 4301f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96979->96980 96980->96959 96980->96960 96980->96962 96980->96964 96980->96965 96980->96966 96980->96970 96980->96973 96980->96974 96980->96975 96980->96977 96980->96979 96980->96981 96982 4201e0 185 API calls 2 library calls 96980->96982 96983 4206a0 41 API calls messages 96980->96983 96981->96960 96989 48359c 82 API calls __wsopen_s 96981->96989 96982->96980 96983->96980 96984->96951 96985->96956 96986->96960 96987->96960 96988->96960 96989->96960 96990->96960 96991->96959 96992->96960

                                            Executed Functions

                                            Function 004142DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 234 4142de-41434d call 41a961 GetVersionExW call 416b57 239 453617-45362a 234->239 240 414353 234->240 241 45362b-45362f 239->241 242 414355-414357 240->242 243 453631 241->243 244 453632-45363e 241->244 245 453656 242->245 246 41435d-4143bc call 4193b2 call 4137a0 242->246 243->244 244->241 247 453640-453642 244->247 250 45365d-453660 245->250 263 4143c2-4143c4 246->263 264 4537df-4537e6 246->264 247->242 249 453648-45364f 247->249 249->239 252 453651 249->252 253 453666-4536a8 250->253 254 41441b-414435 GetCurrentProcess IsWow64Process 250->254 252->245 253->254 258 4536ae-4536b1 253->258 256 414494-41449a 254->256 257 414437 254->257 260 41443d-414449 256->260 257->260 261 4536b3-4536bd 258->261 262 4536db-4536e5 258->262 269 453824-453828 GetSystemInfo 260->269 270 41444f-41445e LoadLibraryA 260->270 271 4536bf-4536c5 261->271 272 4536ca-4536d6 261->272 265 4536e7-4536f3 262->265 266 4536f8-453702 262->266 263->250 273 4143ca-4143dd 263->273 267 453806-453809 264->267 268 4537e8 264->268 265->254 277 453715-453721 266->277 278 453704-453710 266->278 279 4537f4-4537fc 267->279 280 45380b-45381a 267->280 276 4537ee 268->276 281 414460-41446e GetProcAddress 270->281 282 41449c-4144a6 GetSystemInfo 270->282 271->254 272->254 274 4143e3-4143e5 273->274 275 453726-45372f 273->275 283 45374d-453762 274->283 284 4143eb-4143ee 274->284 285 453731-453737 275->285 286 45373c-453748 275->286 276->279 277->254 278->254 279->267 280->276 287 45381c-453822 280->287 281->282 288 414470-414474 GetNativeSystemInfo 281->288 289 414476-414478 282->289 292 453764-45376a 283->292 293 45376f-45377b 283->293 290 453791-453794 284->290 291 4143f4-41440f 284->291 285->254 286->254 287->279 288->289 294 414481-414493 289->294 295 41447a-41447b FreeLibrary 289->295 290->254 298 45379a-4537c1 290->298 296 414415 291->296 297 453780-45378c 291->297 292->254 293->254 295->294 296->254 297->254 299 4537c3-4537c9 298->299 300 4537ce-4537da 298->300 299->254 300->254
                                            APIs
                                            • GetVersionExW.KERNEL32(?), ref: 0041430D
                                              • Part of subcall function 00416B57: _wcslen.LIBCMT ref: 00416B6A
                                            • GetCurrentProcess.KERNEL32(?,004ACB64,00000000,?,?), ref: 00414422
                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00414429
                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00414454
                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00414466
                                            • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00414474
                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 0041447B
                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 004144A0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                            • API String ID: 3290436268-3101561225
                                            • Opcode ID: aaf28ca9ac9dff68355ec1cf01acc6150346ab212075de34b17506de4523a9e2
                                            • Instruction ID: 5bd0a10c115b8233cb2554a713b1d08cb2f7d6e949969e7e1139dd94e7fea33c
                                            • Opcode Fuzzy Hash: aaf28ca9ac9dff68355ec1cf01acc6150346ab212075de34b17506de4523a9e2
                                            • Instruction Fuzzy Hash: 6AA1C27198A2D0CFE711CB6978C05D97FA46B66741B0848FADC819BB33D2384959CB3E
                                            Function 004142A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 638 4142a2-4142ba CreateStreamOnHGlobal 639 4142da-4142dd 638->639 640 4142bc-4142d3 FindResourceExW 638->640 641 4142d9 640->641 642 4535ba-4535c9 LoadResource 640->642 641->639 642->641 643 4535cf-4535dd SizeofResource 642->643 643->641 644 4535e3-4535ee LockResource 643->644 644->641 645 4535f4-453612 644->645 645->641
                                            APIs
                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,004150AA,?,?,00000000,00000000), ref: 004142B2
                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,004150AA,?,?,00000000,00000000), ref: 004142C9
                                            • LoadResource.KERNEL32(?,00000000,?,?,004150AA,?,?,00000000,00000000,?,?,?,?,?,?,00414F20), ref: 004535BE
                                            • SizeofResource.KERNEL32(?,00000000,?,?,004150AA,?,?,00000000,00000000,?,?,?,?,?,?,00414F20), ref: 004535D3
                                            • LockResource.KERNEL32(004150AA,?,?,004150AA,?,?,00000000,00000000,?,?,?,?,?,?,00414F20,?), ref: 004535E6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                            • String ID: SCRIPT
                                            • API String ID: 3051347437-3967369404
                                            • Opcode ID: 746cf777421605f4214d5d84872288f6da5fa601163c1849baf0c5c19e0d5c78
                                            • Instruction ID: 64b352aa6eec582408cddc42f2d7f946e43335457cb45514df6342ae0d7497fa
                                            • Opcode Fuzzy Hash: 746cf777421605f4214d5d84872288f6da5fa601163c1849baf0c5c19e0d5c78
                                            • Instruction Fuzzy Hash: 4E118E71600700BFD7218B65DC88FA77BBAEBC6B91F2041AEF402D6290DB71DC408675
                                            Function 00452BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00412B6B
                                              • Part of subcall function 00413A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,004E1418,?,00412E7F,?,?,?,00000000), ref: 00413A78
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,004D2224), ref: 00452C10
                                            • ShellExecuteW.SHELL32(00000000,?,?,004D2224), ref: 00452C17
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                            • String ID: runas
                                            • API String ID: 448630720-4000483414
                                            • Opcode ID: adc9694af30804778cb0f32cd20c049f26a85de0057f438f61f20be7b8d1c523
                                            • Instruction ID: ad4ded320dad4d48f974248dad2d2636c224a195f8523edf24c567d04a517595
                                            • Opcode Fuzzy Hash: adc9694af30804778cb0f32cd20c049f26a85de0057f438f61f20be7b8d1c523
                                            • Instruction Fuzzy Hash: B411D2312483456AC704FF21D9A19FE7BA4AB9175AF04142FF582421A3CF7C9A9AC71E
                                            Function 0047D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1153 47d4dc-47d524 CreateToolhelp32Snapshot Process32FirstW call 47def7 1156 47d5d2-47d5d5 1153->1156 1157 47d5db-47d5ea FindCloseChangeNotification 1156->1157 1158 47d529-47d538 Process32NextW 1156->1158 1158->1157 1159 47d53e-47d5ad call 41a961 * 2 call 419cb3 call 41525f call 41988f call 416350 call 42ce60 1158->1159 1174 47d5b7-47d5be 1159->1174 1175 47d5af-47d5b1 1159->1175 1177 47d5c0-47d5cd call 41988f * 2 1174->1177 1176 47d5b3-47d5b5 1175->1176 1175->1177 1176->1174 1176->1177 1177->1156
                                            APIs
                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0047D501
                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0047D50F
                                            • Process32NextW.KERNEL32(00000000,?), ref: 0047D52F
                                            • FindCloseChangeNotification.KERNEL32(00000000), ref: 0047D5DC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                            • String ID:
                                            • API String ID: 3243318325-0
                                            • Opcode ID: ae6df1fc43c79cceca9ac8620771c9b993d029c47febd1ffbe75dfa978aa0795
                                            • Instruction ID: f94cc9343f9b6e6d5958c8450b0b2dfa4962ca403455e7102376e4fbd1840aad
                                            • Opcode Fuzzy Hash: ae6df1fc43c79cceca9ac8620771c9b993d029c47febd1ffbe75dfa978aa0795
                                            • Instruction Fuzzy Hash: 4D31C471108300AFD300EF54C881AEFBBF8EF99348F14492EF585821A1EB759988CB96
                                            Function 0047DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1181 47dbbe-47dbda lstrlenW 1182 47dc06 1181->1182 1183 47dbdc-47dbe6 GetFileAttributesW 1181->1183 1184 47dc09-47dc0d 1182->1184 1183->1184 1185 47dbe8-47dbf7 FindFirstFileW 1183->1185 1185->1182 1186 47dbf9-47dc04 FindClose 1185->1186 1186->1184
                                            APIs
                                            • lstrlenW.KERNEL32(?,00455222), ref: 0047DBCE
                                            • GetFileAttributesW.KERNEL32(?), ref: 0047DBDD
                                            • FindFirstFileW.KERNEL32(?,?), ref: 0047DBEE
                                            • FindClose.KERNEL32(00000000), ref: 0047DBFA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                            • String ID:
                                            • API String ID: 2695905019-0
                                            • Opcode ID: 0d694c7e09d17afecbe423db6a296fda9315c71e712afbfc010a4e8934ba701c
                                            • Instruction ID: 09ebdddbf36ce4036177ee0147db7007318ee147bebc28438f175371bef3acbf
                                            • Opcode Fuzzy Hash: 0d694c7e09d17afecbe423db6a296fda9315c71e712afbfc010a4e8934ba701c
                                            • Instruction Fuzzy Hash: 0DF0A031C209105B92216B78AC4D8EB3BBC9E02334B148B53F83AC21E0EBB45D55869E
                                            Function 00434CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentProcess.KERNEL32(004428E9,?,00434CBE,004428E9,004D88B8,0000000C,00434E15,004428E9,00000002,00000000,?,004428E9), ref: 00434D09
                                            • TerminateProcess.KERNEL32(00000000,?,00434CBE,004428E9,004D88B8,0000000C,00434E15,004428E9,00000002,00000000,?,004428E9), ref: 00434D10
                                            • ExitProcess.KERNEL32 ref: 00434D22
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Process$CurrentExitTerminate
                                            • String ID:
                                            • API String ID: 1703294689-0
                                            • Opcode ID: 055a9437ebe809f51264ae9737a8e9a537305b218d522fa2cea4adfab8ac1e9c
                                            • Instruction ID: e2ce1280af31f4e8cff46ac7f0b083e64033e412971894a31d71b14f0566a782
                                            • Opcode Fuzzy Hash: 055a9437ebe809f51264ae9737a8e9a537305b218d522fa2cea4adfab8ac1e9c
                                            • Instruction Fuzzy Hash: 6EE0B631000148ABDFA1AF55DD49A993F69EB86785F104029FC159A232CB39ED42CB88
                                            Function 0041BF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: BuffCharUpper
                                            • String ID: p#N
                                            • API String ID: 3964851224-2222828212
                                            • Opcode ID: 4f8f30c51c091be62d8b66e2113beae141722586461c8744d58602f27f58713f
                                            • Instruction ID: 46ac8441f4e408f5f890657d813a83ac492ee8f03bec2790fc94a1389a817f05
                                            • Opcode Fuzzy Hash: 4f8f30c51c091be62d8b66e2113beae141722586461c8744d58602f27f58713f
                                            • Instruction Fuzzy Hash: 39A26E706083419FC714DF15C480B6BB7E1BF89304F54896EE89A8B352E779EC85CB9A
                                            Function 0041D730 Relevance: 21.6, APIs: 14, Instructions: 627windowsleeptimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetInputState.USER32 ref: 0041D807
                                            • timeGetTime.WINMM ref: 0041DA07
                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041DB28
                                            • TranslateMessage.USER32(?), ref: 0041DB7B
                                            • DispatchMessageW.USER32(?), ref: 0041DB89
                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041DB9F
                                            • Sleep.KERNEL32(0000000A), ref: 0041DBB1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                            • String ID:
                                            • API String ID: 2189390790-0
                                            • Opcode ID: 3021fa069af09abbdf81435a6c8d7f07dce15a3d17180e59dc37583e6733f1a5
                                            • Instruction ID: 233eb11a11d6ee92a0007f630f6eca49b9dfb503b303113e6136d5293f7cdb47
                                            • Opcode Fuzzy Hash: 3021fa069af09abbdf81435a6c8d7f07dce15a3d17180e59dc37583e6733f1a5
                                            • Instruction Fuzzy Hash: 9C42E6B0A08641EFD724CF25C984BAAB7E4BF45304F14452FE4568B391D7B8E885CB8B
                                            Function 00412CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • GetSysColorBrush.USER32(0000000F), ref: 00412D07
                                            • RegisterClassExW.USER32(00000030), ref: 00412D31
                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00412D42
                                            • InitCommonControlsEx.COMCTL32(?), ref: 00412D5F
                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00412D6F
                                            • LoadIconW.USER32(000000A9), ref: 00412D85
                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00412D94
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                            • API String ID: 2914291525-1005189915
                                            • Opcode ID: 32c5a8e4bb33209f5f27b13525c99b181c67f46ff3983be29a8df546a1a241be
                                            • Instruction ID: 26d889eeab7737b67dd740a4315651944a1799193d87aa314ad0eb52171a6d8d
                                            • Opcode Fuzzy Hash: 32c5a8e4bb33209f5f27b13525c99b181c67f46ff3983be29a8df546a1a241be
                                            • Instruction Fuzzy Hash: 8621E3B5D41259AFDB40DFA4E889BDDBFB4FB09700F00812AF911AA2A1D7B50540CF98
                                            Function 0045065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 302 45065b-45068b call 45042f 305 4506a6-4506b2 call 445221 302->305 306 45068d-450698 call 43f2c6 302->306 311 4506b4-4506c9 call 43f2c6 call 43f2d9 305->311 312 4506cb-450714 call 45039a 305->312 313 45069a-4506a1 call 43f2d9 306->313 311->313 321 450716-45071f 312->321 322 450781-45078a GetFileType 312->322 323 45097d-450983 313->323 327 450756-45077c GetLastError call 43f2a3 321->327 328 450721-450725 321->328 324 4507d3-4507d6 322->324 325 45078c-4507bd GetLastError call 43f2a3 CloseHandle 322->325 330 4507df-4507e5 324->330 331 4507d8-4507dd 324->331 325->313 339 4507c3-4507ce call 43f2d9 325->339 327->313 328->327 332 450727-450754 call 45039a 328->332 336 4507e9-450837 call 44516a 330->336 337 4507e7 330->337 331->336 332->322 332->327 345 450847-45086b call 45014d 336->345 346 450839-450845 call 4505ab 336->346 337->336 339->313 352 45086d 345->352 353 45087e-4508c1 345->353 346->345 351 45086f-450879 call 4486ae 346->351 351->323 352->351 355 4508c3-4508c7 353->355 356 4508e2-4508f0 353->356 355->356 358 4508c9-4508dd 355->358 359 4508f6-4508fa 356->359 360 45097b 356->360 358->356 359->360 361 4508fc-45092f CloseHandle call 45039a 359->361 360->323 364 450931-45095d GetLastError call 43f2a3 call 445333 361->364 365 450963-450977 361->365 364->365 365->360
                                            APIs
                                              • Part of subcall function 0045039A: CreateFileW.KERNEL32(00000000,00000000,?,00450704,?,?,00000000,?,00450704,00000000,0000000C), ref: 004503B7
                                            • GetLastError.KERNEL32 ref: 0045076F
                                            • __dosmaperr.LIBCMT ref: 00450776
                                            • GetFileType.KERNEL32(00000000), ref: 00450782
                                            • GetLastError.KERNEL32 ref: 0045078C
                                            • __dosmaperr.LIBCMT ref: 00450795
                                            • CloseHandle.KERNEL32(00000000), ref: 004507B5
                                            • CloseHandle.KERNEL32(?), ref: 004508FF
                                            • GetLastError.KERNEL32 ref: 00450931
                                            • __dosmaperr.LIBCMT ref: 00450938
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                            • String ID: H
                                            • API String ID: 4237864984-2852464175
                                            • Opcode ID: 62422ab422a217111100034ea33636ba52f09ab7fcb2cecb204abd2e280dd0aa
                                            • Instruction ID: 8e904d2056069bcdf7042deb4b8b28dc10fc79de7f2d6027b8a517a76bdb949f
                                            • Opcode Fuzzy Hash: 62422ab422a217111100034ea33636ba52f09ab7fcb2cecb204abd2e280dd0aa
                                            • Instruction Fuzzy Hash: 8AA138369001448FDF19AF68D891BAE7BA0AB0A325F14015EFC119F3D2DB799C17CB99
                                            Function 0041344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                              • Part of subcall function 00413A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,004E1418,?,00412E7F,?,?,?,00000000), ref: 00413A78
                                              • Part of subcall function 00413357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00413379
                                            • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0041356A
                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0045318D
                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 004531CE
                                            • RegCloseKey.ADVAPI32(?), ref: 00453210
                                            • _wcslen.LIBCMT ref: 00453277
                                            • _wcslen.LIBCMT ref: 00453286
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                            • API String ID: 98802146-2727554177
                                            • Opcode ID: d7f516d6f1b2094d181121cdd66a1be86fd6ebd7d42b9ec4b6d83e05a80168fe
                                            • Instruction ID: e858ca5e4124b1a09b43b7b6f1e66bc920bdadb0341b8ba7d42d13a84b332d22
                                            • Opcode Fuzzy Hash: d7f516d6f1b2094d181121cdd66a1be86fd6ebd7d42b9ec4b6d83e05a80168fe
                                            • Instruction Fuzzy Hash: 66717F714043409EC314DF66DD8299BBBE8BF95744F40443FF94587262EBB89A88CF69
                                            Function 00412B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • GetSysColorBrush.USER32(0000000F), ref: 00412B8E
                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00412B9D
                                            • LoadIconW.USER32(00000063), ref: 00412BB3
                                            • LoadIconW.USER32(000000A4), ref: 00412BC5
                                            • LoadIconW.USER32(000000A2), ref: 00412BD7
                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00412BEF
                                            • RegisterClassExW.USER32(?), ref: 00412C40
                                              • Part of subcall function 00412CD4: GetSysColorBrush.USER32(0000000F), ref: 00412D07
                                              • Part of subcall function 00412CD4: RegisterClassExW.USER32(00000030), ref: 00412D31
                                              • Part of subcall function 00412CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00412D42
                                              • Part of subcall function 00412CD4: InitCommonControlsEx.COMCTL32(?), ref: 00412D5F
                                              • Part of subcall function 00412CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00412D6F
                                              • Part of subcall function 00412CD4: LoadIconW.USER32(000000A9), ref: 00412D85
                                              • Part of subcall function 00412CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00412D94
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                            • String ID: #$0$AutoIt v3
                                            • API String ID: 423443420-4155596026
                                            • Opcode ID: 5f3defe11aa67fa14354c54093b3ed26a43743fd2890b839e2a8da65b06e3452
                                            • Instruction ID: 3b2bc01a16742ff9486beedea7918da6c5c0350a629f755a44a63e5c1f45029d
                                            • Opcode Fuzzy Hash: 5f3defe11aa67fa14354c54093b3ed26a43743fd2890b839e2a8da65b06e3452
                                            • Instruction Fuzzy Hash: 7D210974E40358ABEB109FA5ECD5AAD7FB4FB48B50F00403AE901AA6B1D7B51540DF98
                                            Function 00413170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 443 413170-413185 444 4131e5-4131e7 443->444 445 413187-41318a 443->445 444->445 448 4131e9 444->448 446 4131eb 445->446 447 41318c-413193 445->447 452 4131f1-4131f6 446->452 453 452dfb-452e23 call 4118e2 call 42e499 446->453 449 413265-41326d PostQuitMessage 447->449 450 413199-41319e 447->450 451 4131d0-4131d8 DefWindowProcW 448->451 458 413219-41321b 449->458 455 4131a4-4131a8 450->455 456 452e7c-452e90 call 47bf30 450->456 457 4131de-4131e4 451->457 459 4131f8-4131fb 452->459 460 41321d-413244 SetTimer RegisterWindowMessageW 452->460 488 452e28-452e2f 453->488 464 452e68-452e77 call 47c161 455->464 465 4131ae-4131b3 455->465 456->458 482 452e96 456->482 458->457 461 413201-41320f KillTimer call 4130f2 459->461 462 452d9c-452d9f 459->462 460->458 466 413246-413251 CreatePopupMenu 460->466 477 413214 call 413c50 461->477 474 452dd7-452df6 MoveWindow 462->474 475 452da1-452da5 462->475 464->458 471 452e4d-452e54 465->471 472 4131b9-4131be 465->472 466->458 471->451 476 452e5a-452e63 call 470ad7 471->476 480 413253-413263 call 41326f 472->480 481 4131c4-4131ca 472->481 474->458 483 452da7-452daa 475->483 484 452dc6-452dd2 SetFocus 475->484 476->451 477->458 480->458 481->451 481->488 482->451 483->481 489 452db0-452dc1 call 4118e2 483->489 484->458 488->451 492 452e35-452e48 call 4130f2 call 413837 488->492 489->458 492->451
                                            APIs
                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0041316A,?,?), ref: 004131D8
                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,0041316A,?,?), ref: 00413204
                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00413227
                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0041316A,?,?), ref: 00413232
                                            • CreatePopupMenu.USER32 ref: 00413246
                                            • PostQuitMessage.USER32(00000000), ref: 00413267
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                            • String ID: TaskbarCreated
                                            • API String ID: 129472671-2362178303
                                            • Opcode ID: 8149633abbb3ca5b222fed1e4430dfdd859661b12acb343d4b0ed40abd8c8192
                                            • Instruction ID: 6c59f49d2d4b00ad51ea740e1028840623781f8c34ef55a238766ca6cf6b1d49
                                            • Opcode Fuzzy Hash: 8149633abbb3ca5b222fed1e4430dfdd859661b12acb343d4b0ed40abd8c8192
                                            • Instruction Fuzzy Hash: 1F411935380144B6DB146F689D8D7FE3A59E706346F04413BF901892B2CBBD9EC1876E
                                            Function 00411410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 499 411410-411449 500 4524b8-4524b9 DestroyWindow 499->500 501 41144f-411465 mciSendStringW 499->501 506 4524c4-4524d1 500->506 502 4116c6-4116d3 501->502 503 41146b-411473 501->503 504 4116d5-4116f0 UnregisterHotKey 502->504 505 4116f8-4116ff 502->505 503->506 507 411479-411488 call 41182e 503->507 504->505 509 4116f2-4116f3 call 4110d0 504->509 505->503 510 411705 505->510 511 452500-452507 506->511 512 4524d3-4524d6 506->512 518 45250e-45251a 507->518 519 41148e-411496 507->519 509->505 510->502 511->506 515 452509 511->515 516 4524e2-4524e5 FindClose 512->516 517 4524d8-4524e0 call 416246 512->517 515->518 520 4524eb-4524f8 516->520 517->520 526 452524-45252b 518->526 527 45251c-45251e FreeLibrary 518->527 523 452532-45253f 519->523 524 41149c-4114c1 call 41cfa0 519->524 520->511 525 4524fa-4524fb call 4832b1 520->525 531 452566-45256d 523->531 532 452541-45255e VirtualFree 523->532 537 4114c3 524->537 538 4114f8-411503 OleUninitialize 524->538 525->511 526->518 530 45252d 526->530 527->526 530->523 531->523 533 45256f 531->533 532->531 535 452560-452561 call 483317 532->535 539 452574-452578 533->539 535->531 540 4114c6-4114f6 call 411a05 call 4119ae 537->540 538->539 541 411509-41150e 538->541 539->541 542 45257e-452584 539->542 540->538 544 411514-41151e 541->544 545 452589-452596 call 4832eb 541->545 542->541 548 411524-4115a5 call 41988f call 411944 call 4117d5 call 42fe14 call 41177c call 41988f call 41cfa0 call 4117fe call 42fe14 544->548 549 411707-411714 call 42f80e 544->549 558 452598 545->558 562 45259d-4525bf call 42fdcd 548->562 588 4115ab-4115cf call 42fe14 548->588 549->548 560 41171a 549->560 558->562 560->549 567 4525c1 562->567 570 4525c6-4525e8 call 42fdcd 567->570 576 4525ea 570->576 579 4525ef-452611 call 42fdcd 576->579 586 452613 579->586 589 452618-452625 call 4764d4 586->589 588->570 594 4115d5-4115f9 call 42fe14 588->594 595 452627 589->595 594->579 600 4115ff-411619 call 42fe14 594->600 597 45262c-452639 call 42ac64 595->597 603 45263b 597->603 600->589 605 41161f-411643 call 4117d5 call 42fe14 600->605 606 452640-45264d call 483245 603->606 605->597 614 411649-411651 605->614 612 45264f 606->612 616 452654-452661 call 4832cc 612->616 614->606 615 411657-411675 call 41988f call 41190a 614->615 615->616 625 41167b-411689 615->625 622 452663 616->622 624 452668-452675 call 4832cc 622->624 630 452677 624->630 625->624 627 41168f-4116c5 call 41988f * 3 call 411876 625->627 630->630
                                            APIs
                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00411459
                                            • OleUninitialize.OLE32(?,00000000), ref: 004114F8
                                            • UnregisterHotKey.USER32(?), ref: 004116DD
                                            • DestroyWindow.USER32(?), ref: 004524B9
                                            • FreeLibrary.KERNEL32(?), ref: 0045251E
                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0045254B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                            • String ID: close all
                                            • API String ID: 469580280-3243417748
                                            • Opcode ID: 4ff476de33277d7b836ac711e5cf8907dd91acfce96309b1a4c7f8c6795ed69c
                                            • Instruction ID: 1cdaf9cef9cef249be199b6956ef20ef562f5cfe89942317c1ea88c597efcc65
                                            • Opcode Fuzzy Hash: 4ff476de33277d7b836ac711e5cf8907dd91acfce96309b1a4c7f8c6795ed69c
                                            • Instruction Fuzzy Hash: FAD1CE30701222DFCB19EF15C594A6AF7A0BF06705F1441AFE90A6B362DB38AC56CF49
                                            Function 00412C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 648 412c63-412cd3 CreateWindowExW * 2 ShowWindow * 2
                                            APIs
                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00412C91
                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00412CB2
                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00411CAD,?), ref: 00412CC6
                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00411CAD,?), ref: 00412CCF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$CreateShow
                                            • String ID: AutoIt v3$edit
                                            • API String ID: 1584632944-3779509399
                                            • Opcode ID: 2593c6742b82fe79092b42ec5e3f34119de21b5e21aa63ce0c963a6b0e605cb1
                                            • Instruction ID: 99052c86cc8cf3efcc0869b0853d3bb92962d71e3989a705adee18fcf6d74e1a
                                            • Opcode Fuzzy Hash: 2593c6742b82fe79092b42ec5e3f34119de21b5e21aa63ce0c963a6b0e605cb1
                                            • Instruction Fuzzy Hash: A5F03A759802D07AFB700713AC88E772EBDD7C7F50B00002AFD00AA5B1C2750840DAB8
                                            Function 0049AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 763 49ad64-49ad9c call 41a961 call 432340 768 49ad9e-49adb5 call 417510 763->768 769 49add1-49add5 763->769 768->769 780 49adb7-49adce call 417510 call 417620 768->780 771 49adf1-49adf5 769->771 772 49add7-49adee call 417510 call 417620 769->772 774 49ae3a 771->774 775 49adf7-49ae0e call 417510 771->775 772->771 778 49ae3c-49ae40 774->778 775->778 789 49ae10-49ae21 call 419b47 775->789 782 49ae53-49aeae call 432340 call 417510 ShellExecuteExW 778->782 783 49ae42-49ae50 call 41b567 778->783 780->769 800 49aeb0-49aeb6 call 42fe14 782->800 801 49aeb7-49aeb9 782->801 783->782 789->774 799 49ae23-49ae2e call 417510 789->799 799->774 810 49ae30-49ae35 call 41a8c7 799->810 800->801 805 49aebb-49aec1 call 42fe14 801->805 806 49aec2-49aec6 801->806 805->806 807 49aec8-49aed6 806->807 808 49af0a-49af0e 806->808 813 49aed8 807->813 814 49aedb-49aeeb 807->814 815 49af1b-49af33 call 41cfa0 808->815 816 49af10-49af19 808->816 810->774 813->814 818 49aeed 814->818 819 49aef0-49af08 call 41cfa0 814->819 820 49af6d-49af7b call 41988f 815->820 827 49af35-49af46 GetProcessId 815->827 816->820 818->819 819->820 828 49af48 827->828 829 49af4e-49af67 call 41cfa0 CloseHandle 827->829 828->829 829->820
                                            APIs
                                            • ShellExecuteExW.SHELL32(0000003C), ref: 0049AEA3
                                              • Part of subcall function 00417620: _wcslen.LIBCMT ref: 00417625
                                            • GetProcessId.KERNEL32(00000000), ref: 0049AF38
                                            • CloseHandle.KERNEL32(00000000), ref: 0049AF67
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                            • String ID: <$@
                                            • API String ID: 146682121-1426351568
                                            • Opcode ID: b8c1e8766ed3d111998b884c414ad35b5207a28245b02c25b2e048cd9a911e5c
                                            • Instruction ID: 768865b3bdf31409f9d64233fa41ed74dc96dff1021e3930170bc98b8bc759db
                                            • Opcode Fuzzy Hash: b8c1e8766ed3d111998b884c414ad35b5207a28245b02c25b2e048cd9a911e5c
                                            • Instruction Fuzzy Hash: 4D714970A00615DFCF14DF55C484A9EBBF1BF08318F0484AAE81AAB751CB78ED95CB99
                                            Function 00413B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1142 413b1c-413b27 1143 413b99-413b9b 1142->1143 1144 413b29-413b2e 1142->1144 1146 413b8c-413b8f 1143->1146 1144->1143 1145 413b30-413b48 RegOpenKeyExW 1144->1145 1145->1143 1147 413b4a-413b69 RegQueryValueExW 1145->1147 1148 413b80-413b8b RegCloseKey 1147->1148 1149 413b6b-413b76 1147->1149 1148->1146 1150 413b90-413b97 1149->1150 1151 413b78-413b7a 1149->1151 1152 413b7e 1150->1152 1151->1152 1152->1148
                                            APIs
                                            • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00413B0F,SwapMouseButtons,00000004,?), ref: 00413B40
                                            • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00413B0F,SwapMouseButtons,00000004,?), ref: 00413B61
                                            • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00413B0F,SwapMouseButtons,00000004,?), ref: 00413B83
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CloseOpenQueryValue
                                            • String ID: Control Panel\Mouse
                                            • API String ID: 3677997916-824357125
                                            • Opcode ID: 089459aa4bae07c699fe4cf93e00379ad960607a0c012dee4c00178955b40e5d
                                            • Instruction ID: efe99ebc86e2a43639fa0a45ccb95c55ad0c1e52a376fff70b7430767290cc3a
                                            • Opcode Fuzzy Hash: 089459aa4bae07c699fe4cf93e00379ad960607a0c012dee4c00178955b40e5d
                                            • Instruction Fuzzy Hash: 34112AB5515208FFDB208FA5DC84AEFBBB8EF05745B10446AA805D7211E235AE809768
                                            Function 00413923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 004533A2
                                              • Part of subcall function 00416B57: _wcslen.LIBCMT ref: 00416B6A
                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00413A04
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: IconLoadNotifyShell_String_wcslen
                                            • String ID: Line:
                                            • API String ID: 2289894680-1585850449
                                            • Opcode ID: 9c8269cd77b392e4b6cc86720c9b986e4d0e489490e0938c946c4369cdf0796d
                                            • Instruction ID: 64eb98bd1e8a2c6d8bf1d1448a80795433b550d303183492142cb03938254339
                                            • Opcode Fuzzy Hash: 9c8269cd77b392e4b6cc86720c9b986e4d0e489490e0938c946c4369cdf0796d
                                            • Instruction Fuzzy Hash: 6E31E571448304AAD321EF20DC45BEBB7D8AF44719F10092FF999931A1DB789A89C7CE
                                            Function 00412DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetOpenFileNameW.COMDLG32(?), ref: 00452C8C
                                              • Part of subcall function 00413AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00413A97,?,?,00412E7F,?,?,?,00000000), ref: 00413AC2
                                              • Part of subcall function 00412DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00412DC4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Name$Path$FileFullLongOpen
                                            • String ID: X$`eM
                                            • API String ID: 779396738-3105956497
                                            • Opcode ID: 007bc4fc2ed29e8fa6074b4542330180b982ea32c1c1f0f6e4dc116566c22c30
                                            • Instruction ID: 60189ebbf70a092f4650bb241f0bb35d40b29c1db4a319a09a0ab6a936fb48da
                                            • Opcode Fuzzy Hash: 007bc4fc2ed29e8fa6074b4542330180b982ea32c1c1f0f6e4dc116566c22c30
                                            • Instruction Fuzzy Hash: F221C671A00258ABDB41DF95D8457EE7BF89F49305F00805BE405E7341DBFC55898F69
                                            Function 004110F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00411BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00411BF4
                                              • Part of subcall function 00411BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00411BFC
                                              • Part of subcall function 00411BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00411C07
                                              • Part of subcall function 00411BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00411C12
                                              • Part of subcall function 00411BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00411C1A
                                              • Part of subcall function 00411BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00411C22
                                              • Part of subcall function 00411B4A: RegisterWindowMessageW.USER32(00000004,?,004112C4), ref: 00411BA2
                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0041136A
                                            • OleInitialize.OLE32 ref: 00411388
                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 004524AB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                            • String ID:
                                            • API String ID: 1986988660-0
                                            • Opcode ID: edf4b1c9d4ce36de066d10ca834a21dcfb9e4e6da13ae5f4827b678026176e8a
                                            • Instruction ID: b84454b7ec4f0764e400905ca68859637c0bfc71ced587ec1fd0445a8f5a922f
                                            • Opcode Fuzzy Hash: edf4b1c9d4ce36de066d10ca834a21dcfb9e4e6da13ae5f4827b678026176e8a
                                            • Instruction Fuzzy Hash: 807181B4991380AF8384EF7AA9C56A93AE4BB89344754853FD41ACB372E7344481CF4D
                                            Function 004486AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,004485CC,?,004D8CC8,0000000C), ref: 00448704
                                            • GetLastError.KERNEL32(?,004485CC,?,004D8CC8,0000000C), ref: 0044870E
                                            • __dosmaperr.LIBCMT ref: 00448739
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                            • String ID:
                                            • API String ID: 490808831-0
                                            • Opcode ID: cce0ef7157022dc22e8da79089ef6260ca41a62ec3158b915f3db859766f3306
                                            • Instruction ID: ea73b3928fc640aac435520ba355ecc7594b0d5115cddce301038186b9cb4e05
                                            • Opcode Fuzzy Hash: cce0ef7157022dc22e8da79089ef6260ca41a62ec3158b915f3db859766f3306
                                            • Instruction Fuzzy Hash: CA016F3360416027FAA16634588577F27594B92778F36011FFC148B2D3DDAC8C81815C
                                            Function 00421310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                            Download Yara Rule
                                            APIs
                                            • __Init_thread_footer.LIBCMT ref: 004217F6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Init_thread_footer
                                            • String ID: CALL
                                            • API String ID: 1385522511-4196123274
                                            • Opcode ID: 41212f0e1ce9b56a779dcf767c79bec3191dc1a49ee4215f29e3bd4d612818d4
                                            • Instruction ID: a776517bb2fe5df75cedd954906f4bafdafd1e5466ba507881bd09a3726e9400
                                            • Opcode Fuzzy Hash: 41212f0e1ce9b56a779dcf767c79bec3191dc1a49ee4215f29e3bd4d612818d4
                                            • Instruction Fuzzy Hash: 7422CE706083119FC714DF15E480B2ABBF1BF95308F54896EF8868B361D779E885CB8A
                                            Function 00413837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00413908
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: IconNotifyShell_
                                            • String ID:
                                            • API String ID: 1144537725-0
                                            • Opcode ID: fd78e65f647e565f40d04c310ccd18759a714ca5127559965ce8409613bfb067
                                            • Instruction ID: 056957f1de2ae35761f1b6e384e14098924950fae4bfab9b2b904b30d0ce5a52
                                            • Opcode Fuzzy Hash: fd78e65f647e565f40d04c310ccd18759a714ca5127559965ce8409613bfb067
                                            • Instruction Fuzzy Hash: 7B31AEB06043009FE320EF65D8847D7BBE8FB49709F00092FF99987251E775AA84CB5A
                                            Function 00414ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00414E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00414EDD,?,004E1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00414E9C
                                              • Part of subcall function 00414E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00414EAE
                                              • Part of subcall function 00414E90: FreeLibrary.KERNEL32(00000000,?,?,00414EDD,?,004E1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00414EC0
                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,004E1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00414EFD
                                              • Part of subcall function 00414E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00453CDE,?,004E1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00414E62
                                              • Part of subcall function 00414E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00414E74
                                              • Part of subcall function 00414E59: FreeLibrary.KERNEL32(00000000,?,?,00453CDE,?,004E1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00414E87
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Library$Load$AddressFreeProc
                                            • String ID:
                                            • API String ID: 2632591731-0
                                            • Opcode ID: 7105be3e625b6789eedda4a0fb4253c0138869e0127055b4b7711cd55418853a
                                            • Instruction ID: 900f2c9c90345bbf6c8c6cc6d72cff397e7799e8d9f53e8a554612d68bf07ed7
                                            • Opcode Fuzzy Hash: 7105be3e625b6789eedda4a0fb4253c0138869e0127055b4b7711cd55418853a
                                            • Instruction Fuzzy Hash: 39112732600305ABCF11BF62DD02FED77A4AF80715F10842FF442AA2C1DE789A86D758
                                            Function 00448402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: __wsopen_s
                                            • String ID:
                                            • API String ID: 3347428461-0
                                            • Opcode ID: 2ba38ccc1f517318ac4ca6c83e4bfe39dc5b3b419bedfe04272d4e55b40f7bb4
                                            • Instruction ID: 468fc146550a3b5ad369d51ca4c32303ba9c9804c984b30da46b8717e1514b66
                                            • Opcode Fuzzy Hash: 2ba38ccc1f517318ac4ca6c83e4bfe39dc5b3b419bedfe04272d4e55b40f7bb4
                                            • Instruction Fuzzy Hash: 9C11187590410AAFDB15DF58E94199F7BF5EF48314F14406AFC08AB312EA31EA11CBA9
                                            Function 00445000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00444C7D: RtlAllocateHeap.NTDLL(00000008,00411129,00000000,?,00442E29,00000001,00000364,?,?,?,0043F2DE,00443863,004E1444,?,0042FDF5,?), ref: 00444CBE
                                            • _free.LIBCMT ref: 0044506C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: AllocateHeap_free
                                            • String ID:
                                            • API String ID: 614378929-0
                                            • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                            • Instruction ID: 3207294c87015c732eee2cb8e60bba1371940945a62811add9f7db552efcf610
                                            • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                            • Instruction Fuzzy Hash: E9014E762047055BF7318F55D881A5AFBEDFB85370F65051EF184932C1EA746805C778
                                            Function 0043E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                            • Instruction ID: 4d792ed2e3683cdd0f0f3db6df7e6a3928387465b157af95a35fa66ad32eb828
                                            • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                            • Instruction Fuzzy Hash: 2DF0F932912A14D6E6313A679C06B5B37989F66339F50171FF420922D2CB7CD40285AD
                                            Function 00444C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RtlAllocateHeap.NTDLL(00000008,00411129,00000000,?,00442E29,00000001,00000364,?,?,?,0043F2DE,00443863,004E1444,?,0042FDF5,?), ref: 00444CBE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: 00b8a9029b60a4de6008d7f84fe3df22ef27a5458a4a8b3990a9dd5d917f4057
                                            • Instruction ID: 7ee51492ea6bf53f0f876b325c3ebd3a3d483ebfaeec00ef9577486e0ae18ae0
                                            • Opcode Fuzzy Hash: 00b8a9029b60a4de6008d7f84fe3df22ef27a5458a4a8b3990a9dd5d917f4057
                                            • Instruction Fuzzy Hash: CAF0B43164222466FB215F62AC85B5B3788AFC17B1B1E4127BC15AB2D1CA38D80146AC
                                            Function 00443820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RtlAllocateHeap.NTDLL(00000000,?,004E1444,?,0042FDF5,?,?,0041A976,00000010,004E1440,004113FC,?,004113C6,?,00411129), ref: 00443852
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: f80a1775c4178c73938ae438c7dc3135fc328c179332c78d4bdc76bbfe87b6fe
                                            • Instruction ID: 2be2194f537c97b26d387be2b5a0cfa5e511e3eb05b278967ff7e17510578f57
                                            • Opcode Fuzzy Hash: f80a1775c4178c73938ae438c7dc3135fc328c179332c78d4bdc76bbfe87b6fe
                                            • Instruction Fuzzy Hash: 49E0E53110022496F6213E679C01B9BB6C9AB82FB2F050037BC14966D1DB29ED0185ED
                                            Function 00414F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNEL32(?,?,004E1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00414F6D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: FreeLibrary
                                            • String ID:
                                            • API String ID: 3664257935-0
                                            • Opcode ID: 5e81d9c48a0a96b64a1673927d00dc671cac0e2df3dc051f73cd1d71df787b82
                                            • Instruction ID: d8e467e417625fc9cc4bbec40cd4c4cc744f867c383fa02e1d3cfa8514ed483f
                                            • Opcode Fuzzy Hash: 5e81d9c48a0a96b64a1673927d00dc671cac0e2df3dc051f73cd1d71df787b82
                                            • Instruction Fuzzy Hash: 0BF0A970105302CFCB348F21D4908A2BBE0EF44329320897FE1EA86720C739988ADF08
                                            Function 004130F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0041314E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: IconNotifyShell_
                                            • String ID:
                                            • API String ID: 1144537725-0
                                            • Opcode ID: 8d4745098d247c865b053b599f1c001060be833388ed5f776e639976ecd23720
                                            • Instruction ID: 9644816f2644e973a62ff5c4221b72a75d44b3e4d76f69f2c84862296c4903f2
                                            • Opcode Fuzzy Hash: 8d4745098d247c865b053b599f1c001060be833388ed5f776e639976ecd23720
                                            • Instruction Fuzzy Hash: DAF0A7709403449FE752DF24DC857D67BBCA70570CF0000F9A54896292D77447C8CF49
                                            Function 00412DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00412DC4
                                              • Part of subcall function 00416B57: _wcslen.LIBCMT ref: 00416B6A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: LongNamePath_wcslen
                                            • String ID:
                                            • API String ID: 541455249-0
                                            • Opcode ID: 07e93df19021665f8703897f14feb267f6a17ad950f393ec9de9c6906b6ee212
                                            • Instruction ID: 2739d31557871911e61141ce964b9a973c10960a1f6eb8ab37d91c0c6c9ed021
                                            • Opcode Fuzzy Hash: 07e93df19021665f8703897f14feb267f6a17ad950f393ec9de9c6906b6ee212
                                            • Instruction Fuzzy Hash: 2FE0C273A042245BCB20A2999C06FEA77EDDFC8794F0500B6FD09E7258DA64ED848698
                                            Function 00412B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00413837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00413908
                                              • Part of subcall function 0041D730: GetInputState.USER32 ref: 0041D807
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00412B6B
                                              • Part of subcall function 004130F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0041314E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                            • String ID:
                                            • API String ID: 3667716007-0
                                            • Opcode ID: 448c220d5c012b6285b664cea2ddf5140af79e0b910bfb50521a8966eba76f2c
                                            • Instruction ID: 05eef3e647f2d1bdc569f713e98c19156a91d242edd2c6bba7c316fc13daa8e0
                                            • Opcode Fuzzy Hash: 448c220d5c012b6285b664cea2ddf5140af79e0b910bfb50521a8966eba76f2c
                                            • Instruction Fuzzy Hash: 8AE04F3160424407CA04BF66A8525EDA7999B9535AF40553FF142862A3CF6C89C5435A
                                            Function 0045039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • CreateFileW.KERNEL32(00000000,00000000,?,00450704,?,?,00000000,?,00450704,00000000,0000000C), ref: 004503B7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 13cd5b35064a8f4c334f2466d3f35b3b711b8666d2090b4f2faec2d5c0f6257b
                                            • Instruction ID: 04a77af7f8c2275ecb2ffb4b20581333ca1a498ae7f0c6d44ef901ceab7b802d
                                            • Opcode Fuzzy Hash: 13cd5b35064a8f4c334f2466d3f35b3b711b8666d2090b4f2faec2d5c0f6257b
                                            • Instruction Fuzzy Hash: 23D06C3214010DBBDF028F84DD46EDA3FAAFB48714F014010BE1856020C736E821AB94
                                            Function 00411CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                            Download Yara Rule
                                            APIs
                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00411CBC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: InfoParametersSystem
                                            • String ID:
                                            • API String ID: 3098949447-0
                                            • Opcode ID: a651408382e47b846d8772c1fe62edfba992f306b6b4cddaca8a63fcdc23facc
                                            • Instruction ID: c43445fa6cd2b0e5a4a152cc0ed159e05a7acda552d4d864697e47614e2418b9
                                            • Opcode Fuzzy Hash: a651408382e47b846d8772c1fe62edfba992f306b6b4cddaca8a63fcdc23facc
                                            • Instruction Fuzzy Hash: 20C09B356C0354BFF2144780BDCAF107754A348B00F444011F6095D5F3C7F11810D758

                                            Non-executed Functions

                                            Function 004A9576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00429BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00429BB2
                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 004A961A
                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 004A965B
                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 004A969F
                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 004A96C9
                                            • SendMessageW.USER32 ref: 004A96F2
                                            • GetKeyState.USER32(00000011), ref: 004A978B
                                            • GetKeyState.USER32(00000009), ref: 004A9798
                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 004A97AE
                                            • GetKeyState.USER32(00000010), ref: 004A97B8
                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 004A97E9
                                            • SendMessageW.USER32 ref: 004A9810
                                            • SendMessageW.USER32(?,00001030,?,004A7E95), ref: 004A9918
                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 004A992E
                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 004A9941
                                            • SetCapture.USER32(?), ref: 004A994A
                                            • ClientToScreen.USER32(?,?), ref: 004A99AF
                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 004A99BC
                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 004A99D6
                                            • ReleaseCapture.USER32 ref: 004A99E1
                                            • GetCursorPos.USER32(?), ref: 004A9A19
                                            • ScreenToClient.USER32(?,?), ref: 004A9A26
                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 004A9A80
                                            • SendMessageW.USER32 ref: 004A9AAE
                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 004A9AEB
                                            • SendMessageW.USER32 ref: 004A9B1A
                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 004A9B3B
                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 004A9B4A
                                            • GetCursorPos.USER32(?), ref: 004A9B68
                                            • ScreenToClient.USER32(?,?), ref: 004A9B75
                                            • GetParent.USER32(?), ref: 004A9B93
                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 004A9BFA
                                            • SendMessageW.USER32 ref: 004A9C2B
                                            • ClientToScreen.USER32(?,?), ref: 004A9C84
                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 004A9CB4
                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 004A9CDE
                                            • SendMessageW.USER32 ref: 004A9D01
                                            • ClientToScreen.USER32(?,?), ref: 004A9D4E
                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 004A9D82
                                              • Part of subcall function 00429944: GetWindowLongW.USER32(?,000000EB), ref: 00429952
                                            • GetWindowLongW.USER32(?,000000F0), ref: 004A9E05
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                            • String ID: @GUI_DRAGID$F$p#N
                                            • API String ID: 3429851547-2054023450
                                            • Opcode ID: 3faf7f7d99aa7be426bc0ffa34db28e195b7383e21ce021d671e6d87b7168031
                                            • Instruction ID: 2872065ed9abebc30ef48a79d199d808c24ffbffe602ce20e88ab05f5eb9e2d2
                                            • Opcode Fuzzy Hash: 3faf7f7d99aa7be426bc0ffa34db28e195b7383e21ce021d671e6d87b7168031
                                            • Instruction Fuzzy Hash: CA42AC74605240AFDB24CF24CC84AABBBE5FF5A314F14062EF699872A1D735EC50CB5A
                                            Function 004A4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 004A48F3
                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 004A4908
                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 004A4927
                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 004A494B
                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 004A495C
                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 004A497B
                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 004A49AE
                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 004A49D4
                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 004A4A0F
                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 004A4A56
                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 004A4A7E
                                            • IsMenu.USER32(?), ref: 004A4A97
                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 004A4AF2
                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 004A4B20
                                            • GetWindowLongW.USER32(?,000000F0), ref: 004A4B94
                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 004A4BE3
                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 004A4C82
                                            • wsprintfW.USER32 ref: 004A4CAE
                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 004A4CC9
                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 004A4CF1
                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 004A4D13
                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 004A4D33
                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 004A4D5A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                            • String ID: %d/%02d/%02d
                                            • API String ID: 4054740463-328681919
                                            • Opcode ID: 831bbe782fddd53915d68ab6d12a48bdfeed1c4b838ca2b70fbe564aeaf992eb
                                            • Instruction ID: d4e54a8277d1ec3bdc5d3dffb94d56975de19d66760bfbbcc03ba14aa7d86c4f
                                            • Opcode Fuzzy Hash: 831bbe782fddd53915d68ab6d12a48bdfeed1c4b838ca2b70fbe564aeaf992eb
                                            • Instruction Fuzzy Hash: D812D171600214AFEB258F24DC49FAF7BF8AFD6314F10412AF515EA2E1DBB89941CB58
                                            Function 0042F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0042F998
                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0046F474
                                            • IsIconic.USER32(00000000), ref: 0046F47D
                                            • ShowWindow.USER32(00000000,00000009), ref: 0046F48A
                                            • SetForegroundWindow.USER32(00000000), ref: 0046F494
                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0046F4AA
                                            • GetCurrentThreadId.KERNEL32 ref: 0046F4B1
                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0046F4BD
                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0046F4CE
                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0046F4D6
                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0046F4DE
                                            • SetForegroundWindow.USER32(00000000), ref: 0046F4E1
                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0046F4F6
                                            • keybd_event.USER32(00000012,00000000), ref: 0046F501
                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0046F50B
                                            • keybd_event.USER32(00000012,00000000), ref: 0046F510
                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0046F519
                                            • keybd_event.USER32(00000012,00000000), ref: 0046F51E
                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0046F528
                                            • keybd_event.USER32(00000012,00000000), ref: 0046F52D
                                            • SetForegroundWindow.USER32(00000000), ref: 0046F530
                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0046F557
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                            • String ID: Shell_TrayWnd
                                            • API String ID: 4125248594-2988720461
                                            • Opcode ID: 2b396dec389d5808e26e17054d6bf84b8e6eb8f18ddd4c07db2f3a4fc30e717a
                                            • Instruction ID: 6f0a8fd8c16c7855d3511cfa0acd8bab40b8d326641864457239685d22461f6e
                                            • Opcode Fuzzy Hash: 2b396dec389d5808e26e17054d6bf84b8e6eb8f18ddd4c07db2f3a4fc30e717a
                                            • Instruction Fuzzy Hash: 77315471B40328BFEB206BB55C8AFBF7E6CEB45B50F100076F601E61D1DAB55D00AA69
                                            Function 00471201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004716C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0047170D
                                              • Part of subcall function 004716C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0047173A
                                              • Part of subcall function 004716C3: GetLastError.KERNEL32 ref: 0047174A
                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00471286
                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 004712A8
                                            • CloseHandle.KERNEL32(?), ref: 004712B9
                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004712D1
                                            • GetProcessWindowStation.USER32 ref: 004712EA
                                            • SetProcessWindowStation.USER32(00000000), ref: 004712F4
                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00471310
                                              • Part of subcall function 004710BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,004711FC), ref: 004710D4
                                              • Part of subcall function 004710BF: CloseHandle.KERNEL32(?,?,004711FC), ref: 004710E9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                            • String ID: $default$winsta0$ZM
                                            • API String ID: 22674027-4222036657
                                            • Opcode ID: 71d2bbac04593452b474afd2be378670fe14e6c8fbde249b72caaf834ea05ee3
                                            • Instruction ID: 5ebe5b4610c0680d9d62e6ad8f3315e4581e40c96d5973091170d4397814dd83
                                            • Opcode Fuzzy Hash: 71d2bbac04593452b474afd2be378670fe14e6c8fbde249b72caaf834ea05ee3
                                            • Instruction Fuzzy Hash: A481A171900209AFDF219FA8DC49FEF7FB9EF05704F14812AF914A62A0D7388944CB69
                                            Function 00470B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004710F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00471114
                                              • Part of subcall function 004710F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00470B9B,?,?,?), ref: 00471120
                                              • Part of subcall function 004710F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00470B9B,?,?,?), ref: 0047112F
                                              • Part of subcall function 004710F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00470B9B,?,?,?), ref: 00471136
                                              • Part of subcall function 004710F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0047114D
                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00470BCC
                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00470C00
                                            • GetLengthSid.ADVAPI32(?), ref: 00470C17
                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00470C51
                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00470C6D
                                            • GetLengthSid.ADVAPI32(?), ref: 00470C84
                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00470C8C
                                            • HeapAlloc.KERNEL32(00000000), ref: 00470C93
                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00470CB4
                                            • CopySid.ADVAPI32(00000000), ref: 00470CBB
                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00470CEA
                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00470D0C
                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00470D1E
                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00470D45
                                            • HeapFree.KERNEL32(00000000), ref: 00470D4C
                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00470D55
                                            • HeapFree.KERNEL32(00000000), ref: 00470D5C
                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00470D65
                                            • HeapFree.KERNEL32(00000000), ref: 00470D6C
                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00470D78
                                            • HeapFree.KERNEL32(00000000), ref: 00470D7F
                                              • Part of subcall function 00471193: GetProcessHeap.KERNEL32(00000008,00470BB1,?,00000000,?,00470BB1,?), ref: 004711A1
                                              • Part of subcall function 00471193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00470BB1,?), ref: 004711A8
                                              • Part of subcall function 00471193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00470BB1,?), ref: 004711B7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                            • String ID:
                                            • API String ID: 4175595110-0
                                            • Opcode ID: 1b8153b32cc06ffeacdc767c23e31243b0441e50c6438e83969ba2ff51be4d39
                                            • Instruction ID: f75398bc8c1c949a0eff6f3967684da32f54ae3d3bbeb5faa71af6c81c44da00
                                            • Opcode Fuzzy Hash: 1b8153b32cc06ffeacdc767c23e31243b0441e50c6438e83969ba2ff51be4d39
                                            • Instruction Fuzzy Hash: 5A714C7190120AEFDF209FE4DC84BEFBBB8AF05304F148526E919A6291D779A905CF64
                                            Function 0048EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • OpenClipboard.USER32(004ACC08), ref: 0048EB29
                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 0048EB37
                                            • GetClipboardData.USER32(0000000D), ref: 0048EB43
                                            • CloseClipboard.USER32 ref: 0048EB4F
                                            • GlobalLock.KERNEL32(00000000), ref: 0048EB87
                                            • CloseClipboard.USER32 ref: 0048EB91
                                            • GlobalUnlock.KERNEL32(00000000,00000000), ref: 0048EBBC
                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 0048EBC9
                                            • GetClipboardData.USER32(00000001), ref: 0048EBD1
                                            • GlobalLock.KERNEL32(00000000), ref: 0048EBE2
                                            • GlobalUnlock.KERNEL32(00000000,?), ref: 0048EC22
                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 0048EC38
                                            • GetClipboardData.USER32(0000000F), ref: 0048EC44
                                            • GlobalLock.KERNEL32(00000000), ref: 0048EC55
                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0048EC77
                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0048EC94
                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0048ECD2
                                            • GlobalUnlock.KERNEL32(00000000,?,?), ref: 0048ECF3
                                            • CountClipboardFormats.USER32 ref: 0048ED14
                                            • CloseClipboard.USER32 ref: 0048ED59
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                            • String ID:
                                            • API String ID: 420908878-0
                                            • Opcode ID: 6b4e96f6a69040cf0d6115442954a480089e9f58b116ef10b6fea427e8af3e67
                                            • Instruction ID: 9306f0b11657eb8d9a23f21ffc00f9e261983ffbde9b1bd8d88eeb74486a11bb
                                            • Opcode Fuzzy Hash: 6b4e96f6a69040cf0d6115442954a480089e9f58b116ef10b6fea427e8af3e67
                                            • Instruction Fuzzy Hash: FC61F5352043029FD300EF26C884F6E7BE4AF85714F04496EF456872A2DB39ED45CB6A
                                            Function 0048698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNEL32(?,?), ref: 004869BE
                                            • FindClose.KERNEL32(00000000), ref: 00486A12
                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00486A4E
                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00486A75
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00486AB2
                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00486ADF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                            • API String ID: 3830820486-3289030164
                                            • Opcode ID: d50b361ecc7459d6a310d35c16ad13c7e183dbb0e16df1676b4f462f063730cb
                                            • Instruction ID: 952399157b43fb10bf334b2d9b7ad416bf02b22bcdc3439a9c8d05a9a9766f16
                                            • Opcode Fuzzy Hash: d50b361ecc7459d6a310d35c16ad13c7e183dbb0e16df1676b4f462f063730cb
                                            • Instruction Fuzzy Hash: BFD15371508300AFC714EBA5D891EAFB7ECAF88708F44491EF589C7291EB38DA44C766
                                            Function 00489642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00489663
                                            • GetFileAttributesW.KERNEL32(?), ref: 004896A1
                                            • SetFileAttributesW.KERNEL32(?,?), ref: 004896BB
                                            • FindNextFileW.KERNEL32(00000000,?), ref: 004896D3
                                            • FindClose.KERNEL32(00000000), ref: 004896DE
                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 004896FA
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 0048974A
                                            • SetCurrentDirectoryW.KERNEL32(004D6B7C), ref: 00489768
                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00489772
                                            • FindClose.KERNEL32(00000000), ref: 0048977F
                                            • FindClose.KERNEL32(00000000), ref: 0048978F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                            • String ID: *.*
                                            • API String ID: 1409584000-438819550
                                            • Opcode ID: b37c28f8aa6febed70524a5c74c0ac3342af179ceccea51debf3ec7e05f1a97a
                                            • Instruction ID: 76abdfb5c3706c9f0603e01a83b8f067962f123f56fa04c96d695ab40ba92a32
                                            • Opcode Fuzzy Hash: b37c28f8aa6febed70524a5c74c0ac3342af179ceccea51debf3ec7e05f1a97a
                                            • Instruction Fuzzy Hash: 9431B432500619AADB10BFB4DC48AEF77AC9F49320F1845A7E805E2290EB38DD408B5C
                                            Function 0048979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 004897BE
                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00489819
                                            • FindClose.KERNEL32(00000000), ref: 00489824
                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00489840
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00489890
                                            • SetCurrentDirectoryW.KERNEL32(004D6B7C), ref: 004898AE
                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 004898B8
                                            • FindClose.KERNEL32(00000000), ref: 004898C5
                                            • FindClose.KERNEL32(00000000), ref: 004898D5
                                              • Part of subcall function 0047DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0047DB00
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                            • String ID: *.*
                                            • API String ID: 2640511053-438819550
                                            • Opcode ID: 582084bc44084f2350d59844ef028be15d9055e5863383b6f64733860eee3faf
                                            • Instruction ID: 2526aa5c16bd58def1cde4d971fda47a61c40baeea5adc0bf30615f079905b43
                                            • Opcode Fuzzy Hash: 582084bc44084f2350d59844ef028be15d9055e5863383b6f64733860eee3faf
                                            • Instruction Fuzzy Hash: 5A31A532500A1A6EDF10BFB5DC48AEF77AC9F06324F1845A7E814A2290DB38DD458B6C
                                            Function 0049BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0049C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0049B6AE,?,?), ref: 0049C9B5
                                              • Part of subcall function 0049C998: _wcslen.LIBCMT ref: 0049C9F1
                                              • Part of subcall function 0049C998: _wcslen.LIBCMT ref: 0049CA68
                                              • Part of subcall function 0049C998: _wcslen.LIBCMT ref: 0049CA9E
                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0049BF3E
                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0049BFA9
                                            • RegCloseKey.ADVAPI32(00000000), ref: 0049BFCD
                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0049C02C
                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0049C0E7
                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0049C154
                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0049C1E9
                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0049C23A
                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0049C2E3
                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0049C382
                                            • RegCloseKey.ADVAPI32(00000000), ref: 0049C38F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                            • String ID:
                                            • API String ID: 3102970594-0
                                            • Opcode ID: b5f5c5a4c534941cde03ae3d014e1612a5b48bcce8370d105012001d2e23bed7
                                            • Instruction ID: f8e0af166d31c316af214529f682295d1b4fd83829a2da681b95b168441c762d
                                            • Opcode Fuzzy Hash: b5f5c5a4c534941cde03ae3d014e1612a5b48bcce8370d105012001d2e23bed7
                                            • Instruction Fuzzy Hash: FF024D716042009FDB14DF24C8D5E2ABBE5EF89318F1884AEF84ACB2A2D735ED45CB55
                                            Function 00488195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLocalTime.KERNEL32(?), ref: 00488257
                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00488267
                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00488273
                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00488310
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00488324
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00488356
                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0048838C
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00488395
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CurrentDirectoryTime$File$Local$System
                                            • String ID: *.*
                                            • API String ID: 1464919966-438819550
                                            • Opcode ID: 80373a1b7d3725b696cef15b87f7b1ed5e1f2b2db72753518e9ec4bd2d1dfda6
                                            • Instruction ID: 8c87cecdd7d48a25a21600357a76941b17b959492d1dc5e36fa3645ee2878ee6
                                            • Opcode Fuzzy Hash: 80373a1b7d3725b696cef15b87f7b1ed5e1f2b2db72753518e9ec4bd2d1dfda6
                                            • Instruction Fuzzy Hash: C6615B725043059FCB10EF61C88099FB3E9FF89318F44896EF98987251DB39E945CB9A
                                            Function 0047D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00413AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00413A97,?,?,00412E7F,?,?,?,00000000), ref: 00413AC2
                                              • Part of subcall function 0047E199: GetFileAttributesW.KERNEL32(?,0047CF95), ref: 0047E19A
                                            • FindFirstFileW.KERNEL32(?,?), ref: 0047D122
                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0047D1DD
                                            • MoveFileW.KERNEL32(?,?), ref: 0047D1F0
                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0047D20D
                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0047D237
                                              • Part of subcall function 0047D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0047D21C,?,?), ref: 0047D2B2
                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 0047D253
                                            • FindClose.KERNEL32(00000000), ref: 0047D264
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                            • String ID: \*.*
                                            • API String ID: 1946585618-1173974218
                                            • Opcode ID: 52b6dc8331a7ce922533ba6c519eb5c51158a04816a5c1bfc2b72679fcad07fe
                                            • Instruction ID: c9bd246417695e58f40d9c310ba86c615feddd4b560745cbcdddbfd4be17de3e
                                            • Opcode Fuzzy Hash: 52b6dc8331a7ce922533ba6c519eb5c51158a04816a5c1bfc2b72679fcad07fe
                                            • Instruction Fuzzy Hash: 50619271C1110D9FCF05EBE1C9929EDB775AF15304F2481AAE40677192EB386F4ACB68
                                            Function 0048ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                            • String ID:
                                            • API String ID: 1737998785-0
                                            • Opcode ID: cd68f13ec782993252d30324e1fb8098c14ce5da59e5cb62fc8a2c464e88e98a
                                            • Instruction ID: f6a1ee12a9bf1f9d6cd9cfd059f083aaf3a7f76c7cfd54588a7e6f3cede820cf
                                            • Opcode Fuzzy Hash: cd68f13ec782993252d30324e1fb8098c14ce5da59e5cb62fc8a2c464e88e98a
                                            • Instruction Fuzzy Hash: 4141A235604611DFD310DF16D888B6ABBE1EF45318F14C4AAE4198B7A2C739EC42CB98
                                            Function 0047E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004716C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0047170D
                                              • Part of subcall function 004716C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0047173A
                                              • Part of subcall function 004716C3: GetLastError.KERNEL32 ref: 0047174A
                                            • ExitWindowsEx.USER32(?,00000000), ref: 0047E932
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                            • String ID: $ $@$SeShutdownPrivilege
                                            • API String ID: 2234035333-3163812486
                                            • Opcode ID: c0bb1e47f55966020c3eb9b5c09e81f143c2da03bb055d585ed43775d9d982f9
                                            • Instruction ID: 4121d37f4915808f1e42dbe2fa5f43559ff917019860fa529bbb4499c1d22683
                                            • Opcode Fuzzy Hash: c0bb1e47f55966020c3eb9b5c09e81f143c2da03bb055d585ed43775d9d982f9
                                            • Instruction Fuzzy Hash: B4012BF3610210ABEB5426B69C85FFB765C9708744F158667FA06F21D1D6685C40829C
                                            Function 00491204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00491276
                                            • WSAGetLastError.WSOCK32 ref: 00491283
                                            • bind.WSOCK32(00000000,?,00000010), ref: 004912BA
                                            • WSAGetLastError.WSOCK32 ref: 004912C5
                                            • closesocket.WSOCK32(00000000), ref: 004912F4
                                            • listen.WSOCK32(00000000,00000005), ref: 00491303
                                            • WSAGetLastError.WSOCK32 ref: 0049130D
                                            • closesocket.WSOCK32(00000000), ref: 0049133C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                            • String ID:
                                            • API String ID: 540024437-0
                                            • Opcode ID: f2901c0e9320d57d6022956eb0eba1e4c89fefc9eb384b579d7bac31061d82de
                                            • Instruction ID: 36fb13bde51371ff65b9a3fbae29feb4be3297c3ac66fa839b86cba43553d432
                                            • Opcode Fuzzy Hash: f2901c0e9320d57d6022956eb0eba1e4c89fefc9eb384b579d7bac31061d82de
                                            • Instruction Fuzzy Hash: A64162316001019FDB10EF64C484B6ABBE5BF46318F1881ADD8569F3E6C779ED81CBA5
                                            Function 0044B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _free.LIBCMT ref: 0044B9D4
                                            • _free.LIBCMT ref: 0044B9F8
                                            • _free.LIBCMT ref: 0044BB7F
                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,004B3700), ref: 0044BB91
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,004E121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0044BC09
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,004E1270,000000FF,?,0000003F,00000000,?), ref: 0044BC36
                                            • _free.LIBCMT ref: 0044BD4B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                            • String ID:
                                            • API String ID: 314583886-0
                                            • Opcode ID: 947d3d152d4689eb1bfec6cf6bdd486f82cd9c713d1e7efe0a6840d044974208
                                            • Instruction ID: e9597cbb70ea9c676cba07968464c17cb60811c319e0a9a9fe6d1cced2f7fdb4
                                            • Opcode Fuzzy Hash: 947d3d152d4689eb1bfec6cf6bdd486f82cd9c713d1e7efe0a6840d044974208
                                            • Instruction Fuzzy Hash: A5C11971A042459FEB209F6A8C81AAA7BB8EF45314F1441AFE990EB352D738DD4187D8
                                            Function 0047D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00413AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00413A97,?,?,00412E7F,?,?,?,00000000), ref: 00413AC2
                                              • Part of subcall function 0047E199: GetFileAttributesW.KERNEL32(?,0047CF95), ref: 0047E19A
                                            • FindFirstFileW.KERNEL32(?,?), ref: 0047D420
                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0047D470
                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0047D481
                                            • FindClose.KERNEL32(00000000), ref: 0047D498
                                            • FindClose.KERNEL32(00000000), ref: 0047D4A1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                            • String ID: \*.*
                                            • API String ID: 2649000838-1173974218
                                            • Opcode ID: e8453d006fc1e7dfa993f2c16fbef677be51cae7b30a75245200ed417a9ecffb
                                            • Instruction ID: 881502f683e4a739534d3d2421454e492770a406ec2f3b67fa0c6386e1b0b148
                                            • Opcode Fuzzy Hash: e8453d006fc1e7dfa993f2c16fbef677be51cae7b30a75245200ed417a9ecffb
                                            • Instruction Fuzzy Hash: 2C31B2714183449BC300EF61C8918EF77E8AE91314F448E1FF4D552191EB38AA49C76B
                                            Function 0044E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: __floor_pentium4
                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                            • API String ID: 4168288129-2761157908
                                            • Opcode ID: 55d8a0112e7536801a80e2d2face1bd2a77649d72c9dacf9f5349b32c2276289
                                            • Instruction ID: 7f2a59f8be7e269ccb82b669bf2442bb820b17bf4250837d9df762e4fa5cdb0f
                                            • Opcode Fuzzy Hash: 55d8a0112e7536801a80e2d2face1bd2a77649d72c9dacf9f5349b32c2276289
                                            • Instruction Fuzzy Hash: F4C24872E046288FEB25CE299D407EAB7B5FB48305F1441EBD80DE7241E778AE858F45
                                            Function 0048648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _wcslen.LIBCMT ref: 004864DC
                                            • CoInitialize.OLE32(00000000), ref: 00486639
                                            • CoCreateInstance.OLE32(004AFCF8,00000000,00000001,004AFB68,?), ref: 00486650
                                            • CoUninitialize.OLE32 ref: 004868D4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                            • String ID: .lnk
                                            • API String ID: 886957087-24824748
                                            • Opcode ID: 5746d0e128abf1746091c8fc35c349ecb1e70696260edf34eeb56ce358158970
                                            • Instruction ID: bd6775c1ad53ba9417aa207dd946af9fa3ab70a9163365b3164009be91aae2f7
                                            • Opcode Fuzzy Hash: 5746d0e128abf1746091c8fc35c349ecb1e70696260edf34eeb56ce358158970
                                            • Instruction Fuzzy Hash: 5ED15B71508301AFC304EF25C891AABB7E8FF98708F10496EF5958B291EB34ED45CB96
                                            Function 004922DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 004922E8
                                              • Part of subcall function 0048E4EC: GetWindowRect.USER32(?,?), ref: 0048E504
                                            • GetDesktopWindow.USER32 ref: 00492312
                                            • GetWindowRect.USER32(00000000), ref: 00492319
                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00492355
                                            • GetCursorPos.USER32(?), ref: 00492381
                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 004923DF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                            • String ID:
                                            • API String ID: 2387181109-0
                                            • Opcode ID: a8a07764a6c0faaf334571e613809a976c782fb92ab1b4b6bfa29b7e8829307b
                                            • Instruction ID: bda8f7bd6a7f8d7156a8f373fab8ae418e43ecd8c114459a1b6a3ef742074e25
                                            • Opcode Fuzzy Hash: a8a07764a6c0faaf334571e613809a976c782fb92ab1b4b6bfa29b7e8829307b
                                            • Instruction Fuzzy Hash: C931E672505315AFCB20DF25C845B5B7BE9FF89314F00092EF98597181DB78E908CB95
                                            Function 00489B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00489B78
                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00489C8B
                                              • Part of subcall function 00483874: GetInputState.USER32 ref: 004838CB
                                              • Part of subcall function 00483874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00483966
                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00489BA8
                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00489C75
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                            • String ID: *.*
                                            • API String ID: 1972594611-438819550
                                            • Opcode ID: 205a781e5336a773ee82f868c49ac03131397ed52d091963f8dde5e3f5b8f9b8
                                            • Instruction ID: 49a0db4858c119d05f826541f64bd1c1de7c45d6420c29d4adb679eba4af7771
                                            • Opcode Fuzzy Hash: 205a781e5336a773ee82f868c49ac03131397ed52d091963f8dde5e3f5b8f9b8
                                            • Instruction Fuzzy Hash: 2941B3719006099FDF15EF64C889AEE7BF4FF05310F24445BE805A2291EB39AE84CF68
                                            Function 0042997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00429BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00429BB2
                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 00429A4E
                                            • GetSysColor.USER32(0000000F), ref: 00429B23
                                            • SetBkColor.GDI32(?,00000000), ref: 00429B36
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Color$LongProcWindow
                                            • String ID:
                                            • API String ID: 3131106179-0
                                            • Opcode ID: 4ef140965a7e9bddf5908c3ae7c646a6ee2ee3860e67d70e09dad162ffcfb65a
                                            • Instruction ID: f33e99569ca7314aa580f14835c56f0e6487d477b6a2df7b9c28cc2b4582c339
                                            • Opcode Fuzzy Hash: 4ef140965a7e9bddf5908c3ae7c646a6ee2ee3860e67d70e09dad162ffcfb65a
                                            • Instruction Fuzzy Hash: 45A12D703085A0BEE724AA2DAC98D7B295DEF43358F54411FF402C6792DA2D9D42C27F
                                            Function 00491806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0049304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0049307A
                                              • Part of subcall function 0049304E: _wcslen.LIBCMT ref: 0049309B
                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0049185D
                                            • WSAGetLastError.WSOCK32 ref: 00491884
                                            • bind.WSOCK32(00000000,?,00000010), ref: 004918DB
                                            • WSAGetLastError.WSOCK32 ref: 004918E6
                                            • closesocket.WSOCK32(00000000), ref: 00491915
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                            • String ID:
                                            • API String ID: 1601658205-0
                                            • Opcode ID: 7e95823b984781d212d0e4ecb6d37d4c6716ace0ec562b3ecb0f5ad93d868c32
                                            • Instruction ID: 61dfaf6aaed178368c8f86e4d8af9b38a4c53dc191049b18f6dc8a06e67cc523
                                            • Opcode Fuzzy Hash: 7e95823b984781d212d0e4ecb6d37d4c6716ace0ec562b3ecb0f5ad93d868c32
                                            • Instruction Fuzzy Hash: 6251B171A00210AFDB10EF24C886F6A7BE5AB45718F04809DF9155F3D3C779ED428BA5
                                            Function 004A1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                            • String ID:
                                            • API String ID: 292994002-0
                                            • Opcode ID: 6e5d71aa7a4d9ef380b255c1eeea343da12b459512fefac7ffe15549fde06518
                                            • Instruction ID: 1b582f708d5333429c38d7c272864bafcb15e379d6e87731d89e9730ec1cd216
                                            • Opcode Fuzzy Hash: 6e5d71aa7a4d9ef380b255c1eeea343da12b459512fefac7ffe15549fde06518
                                            • Instruction Fuzzy Hash: A52197317406115FE7208F1AD884B677BE5EFA6325F19806EE846CB361C779EC42CB98
                                            Function 00418060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                            • API String ID: 0-1546025612
                                            • Opcode ID: a47f74887cdec0ca62775d863d3a2791c6fad9aba549954cb7e236fff54248cf
                                            • Instruction ID: dcac04e15f16dcd5f4ad99a31405ad59be15cef23d9735500cacf7078ae58de4
                                            • Opcode Fuzzy Hash: a47f74887cdec0ca62775d863d3a2791c6fad9aba549954cb7e236fff54248cf
                                            • Instruction Fuzzy Hash: 00A28C70A0061ACBDF24CF58C9507EEB7B1AB54311F25819BEC15A7382EB389DC5CB99
                                            Function 00478298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 004782AA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: lstrlen
                                            • String ID: ($tbM$|
                                            • API String ID: 1659193697-2959561728
                                            • Opcode ID: c23b86ca403bf94f26a533bf83f7f39ba68dd61d92ce4452704abdd4c5bcc04a
                                            • Instruction ID: 26f52a6da03ec17fb982b3d23b80084894bb90065f382fbebe4ab9c652514ebc
                                            • Opcode Fuzzy Hash: c23b86ca403bf94f26a533bf83f7f39ba68dd61d92ce4452704abdd4c5bcc04a
                                            • Instruction Fuzzy Hash: 2C324674A007059FCB28CF19C484AAAB7F0FF48710B15C56EE89ADB7A1EB74E941CB44
                                            Function 0047AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0047AAAC
                                            • SetKeyboardState.USER32(00000080), ref: 0047AAC8
                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0047AB36
                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0047AB88
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: KeyboardState$InputMessagePostSend
                                            • String ID:
                                            • API String ID: 432972143-0
                                            • Opcode ID: 1e88283fa3b960101e8e1c967dc627a4e1c5f4b4010cdb7a1c330d9be1e59f62
                                            • Instruction ID: d047cb36b58012327e03cf793e2875beafb4bef4af9709bef7950b2e43ec58b9
                                            • Opcode Fuzzy Hash: 1e88283fa3b960101e8e1c967dc627a4e1c5f4b4010cdb7a1c330d9be1e59f62
                                            • Instruction Fuzzy Hash: E831FB30A40204AEFB25CA65C805BFF7BA6ABC5310F04C21BF289552D1D37CA965C75B
                                            Function 0048CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 0048CE89
                                            • GetLastError.KERNEL32(?,00000000), ref: 0048CEEA
                                            • SetEvent.KERNEL32(?,?,00000000), ref: 0048CEFE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ErrorEventFileInternetLastRead
                                            • String ID:
                                            • API String ID: 234945975-0
                                            • Opcode ID: a9c051143c1e3b11bd2e1e4940b97909d37930246d3b9fa34ba0518a3cd32c00
                                            • Instruction ID: 7f7814d51e181b2f6b9beb3ab883d1bc04334b89ad5f6d1789026b9788c9685f
                                            • Opcode Fuzzy Hash: a9c051143c1e3b11bd2e1e4940b97909d37930246d3b9fa34ba0518a3cd32c00
                                            • Instruction Fuzzy Hash: 752192719003059BE730EF55D984BAB77F8EB51354F10482FE64692291D778ED058B68
                                            Function 00485C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNEL32(?,?), ref: 00485CC1
                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00485D17
                                            • FindClose.KERNEL32(?), ref: 00485D5F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Find$File$CloseFirstNext
                                            • String ID:
                                            • API String ID: 3541575487-0
                                            • Opcode ID: 84f86bb209615a9e86f169a691e9267b644bf16b9ba532a07f7d90a7f9662fdf
                                            • Instruction ID: 17d6ded8bbdfeb055e7ab827c6b7c8d2470d14081125e9846a0701b152a51fdc
                                            • Opcode Fuzzy Hash: 84f86bb209615a9e86f169a691e9267b644bf16b9ba532a07f7d90a7f9662fdf
                                            • Instruction Fuzzy Hash: 6251AA346046019FC714DF28C494A9AB7E4FF49318F14895EE95A8B3A1CB38EC45CF95
                                            Function 00442622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • IsDebuggerPresent.KERNEL32 ref: 0044271A
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00442724
                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00442731
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                            • String ID:
                                            • API String ID: 3906539128-0
                                            • Opcode ID: e6634ef1f1cf553940349ee3d284e99854a98cefd423b437a59bbc8382b7cf6e
                                            • Instruction ID: f0a91f49a73f4d2670ce6a8201a05471ec36f34d493f05d08f924ae8020d6c70
                                            • Opcode Fuzzy Hash: e6634ef1f1cf553940349ee3d284e99854a98cefd423b437a59bbc8382b7cf6e
                                            • Instruction Fuzzy Hash: F431D67490121C9BCB21DF65DD897DDBBB8AF08310F5042EAE80CA7260E7749F818F48
                                            Function 004851CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNEL32(00000001), ref: 004851DA
                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00485238
                                            • SetErrorMode.KERNEL32(00000000), ref: 004852A1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ErrorMode$DiskFreeSpace
                                            • String ID:
                                            • API String ID: 1682464887-0
                                            • Opcode ID: cbfd20ac1b9916423c1bd9f7b370c35ce454e305f9f13a635842239b7a4dcb63
                                            • Instruction ID: b46b3ddad400828f7b0c3bd4e6fbbc9f4f51c2a9c9057384e1868e1abc44f79b
                                            • Opcode Fuzzy Hash: cbfd20ac1b9916423c1bd9f7b370c35ce454e305f9f13a635842239b7a4dcb63
                                            • Instruction Fuzzy Hash: 1F314F75A00518DFDB00EF55D8C4EADBBB4FF49318F04849AE8059B392DB35E856CB54
                                            Function 004716C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00430668
                                              • Part of subcall function 0042FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00430685
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0047170D
                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0047173A
                                            • GetLastError.KERNEL32 ref: 0047174A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                            • String ID:
                                            • API String ID: 577356006-0
                                            • Opcode ID: d6759744601ebbdabb8cd3e76b1f565d2232adab4d7a3dec0a667158343e4808
                                            • Instruction ID: 18fc88071497311a0cba97fe41d400e6cfb07f12cfe12254bab8d2776a0ad4d1
                                            • Opcode Fuzzy Hash: d6759744601ebbdabb8cd3e76b1f565d2232adab4d7a3dec0a667158343e4808
                                            • Instruction Fuzzy Hash: E811C1B2514304AFD7189F54ECC6DABBBBDEB04714B60C52EE05693251EB74BC418B68
                                            Function 0047D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0047D608
                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0047D645
                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0047D650
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CloseControlCreateDeviceFileHandle
                                            • String ID:
                                            • API String ID: 33631002-0
                                            • Opcode ID: a6742f7660be72c51bd600da9fc50fb6fdfdd852e52e12c84e56d818b71834be
                                            • Instruction ID: b5a699aacca66e5602bb2e1963d6860e8a37be59f87fb75179525ac0aaec123b
                                            • Opcode Fuzzy Hash: a6742f7660be72c51bd600da9fc50fb6fdfdd852e52e12c84e56d818b71834be
                                            • Instruction Fuzzy Hash: 24117C71E01228BBDB108F949C84FAFBFBCEB45B50F108122F908E7290D6704A018BA5
                                            Function 00471663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0047168C
                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 004716A1
                                            • FreeSid.ADVAPI32(?), ref: 004716B1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                            • String ID:
                                            • API String ID: 3429775523-0
                                            • Opcode ID: a259ebb3a9bd4bc8146d36e062b05acaa742873583dce6b6539371f138a4ed5c
                                            • Instruction ID: 0e2bef568d4ae50979519424c85f10ed086d26084bc358bcbfc30b265d87147d
                                            • Opcode Fuzzy Hash: a259ebb3a9bd4bc8146d36e062b05acaa742873583dce6b6539371f138a4ed5c
                                            • Instruction Fuzzy Hash: FAF0F47195030DFBDB00DFE49C89EAEBBBCEB09604F508565E501E2191E774AA448A54
                                            Function 0044C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: /
                                            • API String ID: 0-2043925204
                                            • Opcode ID: c0ed885b057a154dd4d4a007440493614cf3c8344ddb9dce7dacc7a261998021
                                            • Instruction ID: 8369cdf84fbea0b1922c9144b817f9f71b20c85c1454a9d6c02d077b6d318009
                                            • Opcode Fuzzy Hash: c0ed885b057a154dd4d4a007440493614cf3c8344ddb9dce7dacc7a261998021
                                            • Instruction Fuzzy Hash: 164149729012196FDB209FB9CC88EBB77B9EB84314F1442AEF905C7280E6749D41CB58
                                            Function 0046D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetUserNameW.ADVAPI32(?,?), ref: 0046D28C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: NameUser
                                            • String ID: X64
                                            • API String ID: 2645101109-893830106
                                            • Opcode ID: 893398ad9dafa3edd6b738b8f27ec3f3615b9fdb97cc81ed712a2810b442ca0d
                                            • Instruction ID: ed0a3ed3a20f4c6a0c6a86f509358568946b49f33e52ce0ab44c71645a3f08ea
                                            • Opcode Fuzzy Hash: 893398ad9dafa3edd6b738b8f27ec3f3615b9fdb97cc81ed712a2810b442ca0d
                                            • Instruction Fuzzy Hash: FAD0C9B4D0516DEACB90CB90ECC8DD9B77CBB04305F100192F106A2000DB3495498F15
                                            Function 0043CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                            • Instruction ID: 93108dced47ae960ecb6207f19bdd7daf14b010d4f522f71b178ba6952163ed0
                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                            • Instruction Fuzzy Hash: 25021D72E002199BDF14CFA9C9C06AEFBF1EF48314F25916AD819F7384D735AA418B94
                                            Function 0041CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Variable is not of type 'Object'.$p#N
                                            • API String ID: 0-3233274810
                                            • Opcode ID: c758f5d67d77f277a1f363d3eca551ca7fc69e5f37f305e31ba0af17a94627e0
                                            • Instruction ID: eaf1ae8991d39c9fd18ce6b6a1c7b5a3536a6b9310fb3bb73bb85a732cb4285a
                                            • Opcode Fuzzy Hash: c758f5d67d77f277a1f363d3eca551ca7fc69e5f37f305e31ba0af17a94627e0
                                            • Instruction Fuzzy Hash: 77328E70940218DBDF14DF90D981AEEB7B5FF04308F14405BE806AB392E779AD86CB5A
                                            Function 004868EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNEL32(?,?), ref: 00486918
                                            • FindClose.KERNEL32(00000000), ref: 00486961
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Find$CloseFileFirst
                                            • String ID:
                                            • API String ID: 2295610775-0
                                            • Opcode ID: 59ebd294e15c8fe6538ac749b4ab6692e04ffde2667a46df7be83a552f42afa5
                                            • Instruction ID: 9d71941b85c6fcdba99199f5a1609a0b72cbea65a5800d56cdd19460d75f049e
                                            • Opcode Fuzzy Hash: 59ebd294e15c8fe6538ac749b4ab6692e04ffde2667a46df7be83a552f42afa5
                                            • Instruction Fuzzy Hash: 621181716042009FD710DF29D8C4A1ABBE5EF85328F15C6AEE4698F7A2C734EC45CB95
                                            Function 004837B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00494891,?,?,00000035,?), ref: 004837E4
                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00494891,?,?,00000035,?), ref: 004837F4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ErrorFormatLastMessage
                                            • String ID:
                                            • API String ID: 3479602957-0
                                            • Opcode ID: 1a44e45063fc424b86853aa1404ef490567e98cbb2e72d99a7bb7dc316c0e784
                                            • Instruction ID: 9eeae545dbadd5be335424df86c9b4d180ad6a20f6f13cbd3374a379a3265c39
                                            • Opcode Fuzzy Hash: 1a44e45063fc424b86853aa1404ef490567e98cbb2e72d99a7bb7dc316c0e784
                                            • Instruction Fuzzy Hash: 8FF0EC71A042142AD75027664C4DFDB7A9DDFC5B65F000176F505D2291D9609D44C7F8
                                            Function 0047B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0047B25D
                                            • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 0047B270
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: InputSendkeybd_event
                                            • String ID:
                                            • API String ID: 3536248340-0
                                            • Opcode ID: 34c6daeecc7c90afa9245fa8cd82a39deb64df1fd9a568f54d6be64025163a19
                                            • Instruction ID: 27d8c012cca1ca3818a3cc571a97bf8d54cc97717b1acda51ea59f53da98aea9
                                            • Opcode Fuzzy Hash: 34c6daeecc7c90afa9245fa8cd82a39deb64df1fd9a568f54d6be64025163a19
                                            • Instruction Fuzzy Hash: 9AF01D7580424EABDB059FA0C805BFE7FB4FF09309F00805AF955A5192C37986119F98
                                            Function 004710BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                            Download Yara Rule
                                            APIs
                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,004711FC), ref: 004710D4
                                            • CloseHandle.KERNEL32(?,?,004711FC), ref: 004710E9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: AdjustCloseHandlePrivilegesToken
                                            • String ID:
                                            • API String ID: 81990902-0
                                            • Opcode ID: 997a3911de43d7f1788c898a2ce99a18f538b818e6647ed9d7572805791f4b92
                                            • Instruction ID: 99b901fce3db8f87312295d95c22310121ec12dc42d2ff0e07c4f11101fcbfc5
                                            • Opcode Fuzzy Hash: 997a3911de43d7f1788c898a2ce99a18f538b818e6647ed9d7572805791f4b92
                                            • Instruction Fuzzy Hash: D3E04F32018610AEE7252B61FC05EB37BA9EF04310B10883EF4A6804B1DB626C90DB58
                                            Function 0044676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00446766,?,?,00000008,?,?,0044FEFE,00000000), ref: 00446998
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionRaise
                                            • String ID:
                                            • API String ID: 3997070919-0
                                            • Opcode ID: 7e0699f6885c9e0e35e63e4f06ff1928b36fabb1e40a5a5284bea70460529ed5
                                            • Instruction ID: d393cb3b16803b487488d236cd6f9d7c94727054d244dfda872452f66f586e50
                                            • Opcode Fuzzy Hash: 7e0699f6885c9e0e35e63e4f06ff1928b36fabb1e40a5a5284bea70460529ed5
                                            • Instruction Fuzzy Hash: DDB16E71610608DFE715CF28C486B657BE0FF46364F268659E899CF3A2C339D982CB46
                                            Function 0042B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID: 0-3916222277
                                            • Opcode ID: 3f88c311f12813d9ae2998550c1f4482843a08754cbfa491248a302a7f4aef57
                                            • Instruction ID: 76232ba2bdb4dd4a55621ba40e147716257af1688b8bdec1df18873947bd21c7
                                            • Opcode Fuzzy Hash: 3f88c311f12813d9ae2998550c1f4482843a08754cbfa491248a302a7f4aef57
                                            • Instruction Fuzzy Hash: 07126F71A002299BCB14DF58D8806EEB7B5FF48310F54819BE849EB355EB389E81CF95
                                            Function 0048EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            • BlockInput.USER32(00000001), ref: 0048EABD
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: BlockInput
                                            • String ID:
                                            • API String ID: 3456056419-0
                                            • Opcode ID: 7212ef0b92fc8f380ed5a3efaf03d38414c787674acb62c3cddc732ad52ca21e
                                            • Instruction ID: 1781a261ba94e53d80adcaf363e293251e87bf873f1f1829f6dab33583834531
                                            • Opcode Fuzzy Hash: 7212ef0b92fc8f380ed5a3efaf03d38414c787674acb62c3cddc732ad52ca21e
                                            • Instruction Fuzzy Hash: 1BE01A31200204AFC710EF5AD844E9ABBE9AF98764F00842BFC49C7391DA74E8818B95
                                            Function 004309D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,004303EE), ref: 004309DA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled
                                            • String ID:
                                            • API String ID: 3192549508-0
                                            • Opcode ID: a069eac97da2023fc5ff85f1cb8ec43ecea8412b9b591cdbb40bca010c4db709
                                            • Instruction ID: 991ab77617efdda4c5f72285da7c0ec40fb0d159deb7bbb2cff1c3768c8cb150
                                            • Opcode Fuzzy Hash: a069eac97da2023fc5ff85f1cb8ec43ecea8412b9b591cdbb40bca010c4db709
                                            • Instruction Fuzzy Hash:
                                            Function 0043781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0
                                            • API String ID: 0-4108050209
                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                            • Instruction ID: 110126e8969a0e9dd53842a00397caa192adff14845f88466a9de7126b6a3ff4
                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                            • Instruction Fuzzy Hash: DF5134E160C7456AEB3C6629449A7BF67859F0E344F183A0FE8C287382C61DDE02D35E
                                            Function 00482046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0&N
                                            • API String ID: 0-2307969841
                                            • Opcode ID: 07183efe61759c0c6122caa06fbb8e47cfae173e81ac29cc90237ca9693c9288
                                            • Instruction ID: 5a794de70105e9bdb6ded61bf82c1de75a8d5c1544ed8ab870e91f3ec8027bfd
                                            • Opcode Fuzzy Hash: 07183efe61759c0c6122caa06fbb8e47cfae173e81ac29cc90237ca9693c9288
                                            • Instruction Fuzzy Hash: 8421EB326206118BDB28CF79C91367E73E9A754310F148A2EE4A7C73D1DEB9A904C784
                                            Function 00446DD9 Relevance: .6, Instructions: 637COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0968b6ffe64bf806d03d9ab60a54bc427789297fd9135d47466a2d5038968240
                                            • Instruction ID: 881136962dc75cc9bf3f34b6bc7bcc0ca3eb2d6e1765fa22485b7ef371f1c26b
                                            • Opcode Fuzzy Hash: 0968b6ffe64bf806d03d9ab60a54bc427789297fd9135d47466a2d5038968240
                                            • Instruction Fuzzy Hash: 8F323521D29F014EEB239635CD22336A64DAFB73C5F15D737E81AB5EA5EB68C4834104
                                            Function 0042CC39 Relevance: .6, Instructions: 635COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 77ca3e73ff07188aab83d9a94ca336fb4c74d74a551f28ffe4fe9bce99ff69fe
                                            • Instruction ID: c51d29c05a9ec3443fe24ba45c0e2700ca34eacb9bb1c584056eba32015b3e1f
                                            • Opcode Fuzzy Hash: 77ca3e73ff07188aab83d9a94ca336fb4c74d74a551f28ffe4fe9bce99ff69fe
                                            • Instruction Fuzzy Hash: 2A32E131B001558BDF28CE69D4D467E7BA1AF45300F68816BD4DA9B391F23C9E82DB4B
                                            Function 00417920 Relevance: .6, Instructions: 563COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 712087f3bbc745d8999e4c51d660741acee481365acf0c3745171dd79400d11f
                                            • Instruction ID: e79187e9489bcf6a0213a319a3d41cb664b3c4e337d71a61c055d85dfabdbe0e
                                            • Opcode Fuzzy Hash: 712087f3bbc745d8999e4c51d660741acee481365acf0c3745171dd79400d11f
                                            • Instruction Fuzzy Hash: 7222F1B0A04609DFDF04CF65C991AFEB3B5FF48304F10412AE816A7291EB39AD55CB59
                                            Function 004191C0 Relevance: .5, Instructions: 475COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 597c15c94f3e24693ccbaa3ffe14ddc12397de19a2e4d1a18d1255de68f09313
                                            • Instruction ID: c4ea14548b8f248bac80e692cb8833e04a3c248062f6c23e961347b75e32532f
                                            • Opcode Fuzzy Hash: 597c15c94f3e24693ccbaa3ffe14ddc12397de19a2e4d1a18d1255de68f09313
                                            • Instruction Fuzzy Hash: 0102F6B0E00109EBCB05DF65D981AAEB7B1FF44304F50816AE816DB391E739EE55CB89
                                            Function 00449EEE Relevance: .3, Instructions: 294COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 985c991bc033f74a7c532f2352aa882db713a6ed12624c534da32706451a2290
                                            • Instruction ID: 079241d686458ae519cec04d320dcdebed1900bfd42149ffe0d8f6bdec5cbed8
                                            • Opcode Fuzzy Hash: 985c991bc033f74a7c532f2352aa882db713a6ed12624c534da32706451a2290
                                            • Instruction Fuzzy Hash: 33B10720D2AF504ED7239A398871337B69C6FB76D6F51E72BFC1674D22EB2185834144
                                            Function 00431C77 Relevance: .3, Instructions: 254COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                            • Instruction ID: 88aa4d5110643c649ddbc04e2564b90e9b6b4898e293fa57585c52177d949e86
                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                            • Instruction Fuzzy Hash: EF9198721080A34ADB29423E853503FFFE15E563B1B1A279FD4F2CA2E1FE18D954D624
                                            Function 00431F32 Relevance: .2, Instructions: 244COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                            • Instruction ID: f36da6c9ae39eabfd6f1422d29a11aeeabe2fa74acda59b9c4c23dd5d96b0052
                                            • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                            • Instruction Fuzzy Hash: 409187722080A309DB6D4239867403FFFF15A963B1B1A179FD4F2CB2D5EE68C558E624
                                            Function 004319B0 Relevance: .2, Instructions: 240COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                            • Instruction ID: 22f1bcf4688c62c16413c403157820c39866a4f555445a4a06d86e54ad177b84
                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                            • Instruction Fuzzy Hash: F291C6722090E30ADB2D427A847403FFFE14A963B2B1A279FD4F2CA2E1FD18D555D624
                                            Function 00437A4A Relevance: .2, Instructions: 237COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 665f1f512deed0926ffc35e1f86ea16cee1f24a7845e9de2f44113ac22bf4de6
                                            • Instruction ID: 0ab1eda3c4a2fc816106b00c2e7bdc9c09070e2be8bb8df06286ae26a1288aaa
                                            • Opcode Fuzzy Hash: 665f1f512deed0926ffc35e1f86ea16cee1f24a7845e9de2f44113ac22bf4de6
                                            • Instruction Fuzzy Hash: AC613AE120874956DA34AA2848957BFB3A4DF4D718F14391FF8C2DB382D61DAE42C35E
                                            Function 00437CA7 Relevance: .2, Instructions: 237COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9e6a13024682c61d09378aabdfe7cc2aa841bb2a405dfad74ccdf5efd8af8506
                                            • Instruction ID: b2a439f55ce16124dc78880318638c415f119d223588e3b7d968c0c4349d371b
                                            • Opcode Fuzzy Hash: 9e6a13024682c61d09378aabdfe7cc2aa841bb2a405dfad74ccdf5efd8af8506
                                            • Instruction Fuzzy Hash: E1616BF120870966DE385A289892BBF63949F4D744F20395FF9C3DB381D61E9D42825E
                                            Function 00431706 Relevance: .2, Instructions: 232COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                            • Instruction ID: 769b7f0385c46742cd252e659e0394e639662515a03f0afdc5151e829fa24050
                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                            • Instruction Fuzzy Hash: 0F8196725080A309DB2D423A857443FFFE15E963A1B1E179FD4F2CA2E1EE18C554D628
                                            Function 00492ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • DeleteObject.GDI32(00000000), ref: 00492B30
                                            • DeleteObject.GDI32(00000000), ref: 00492B43
                                            • DestroyWindow.USER32 ref: 00492B52
                                            • GetDesktopWindow.USER32 ref: 00492B6D
                                            • GetWindowRect.USER32(00000000), ref: 00492B74
                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00492CA3
                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00492CB1
                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00492CF8
                                            • GetClientRect.USER32(00000000,?), ref: 00492D04
                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00492D40
                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00492D62
                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00492D75
                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00492D80
                                            • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00492D89
                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00492D98
                                            • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00492DA1
                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00492DA8
                                            • GlobalFree.KERNEL32(00000000), ref: 00492DB3
                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00492DC5
                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,004AFC38,00000000), ref: 00492DDB
                                            • GlobalFree.KERNEL32(00000000), ref: 00492DEB
                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00492E11
                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00492E30
                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00492E52
                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0049303F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                            • String ID: $AutoIt v3$DISPLAY$static
                                            • API String ID: 2211948467-2373415609
                                            • Opcode ID: 48e8eb2a03e54829c18017eeefd8fa3ca7c4d6be2a3aa6711a90ad40ac848b43
                                            • Instruction ID: ffe006199e9f278330d7a5bd163bf6eceddee57d23d595ee7ffd9f292397d65f
                                            • Opcode Fuzzy Hash: 48e8eb2a03e54829c18017eeefd8fa3ca7c4d6be2a3aa6711a90ad40ac848b43
                                            • Instruction Fuzzy Hash: 8B027D71A00205AFDB14DF64CD89EAE7FB9EF49314F008169F915AB2A1DB74AD01CF68
                                            Function 004A70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetTextColor.GDI32(?,00000000), ref: 004A712F
                                            • GetSysColorBrush.USER32(0000000F), ref: 004A7160
                                            • GetSysColor.USER32(0000000F), ref: 004A716C
                                            • SetBkColor.GDI32(?,000000FF), ref: 004A7186
                                            • SelectObject.GDI32(?,?), ref: 004A7195
                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 004A71C0
                                            • GetSysColor.USER32(00000010), ref: 004A71C8
                                            • CreateSolidBrush.GDI32(00000000), ref: 004A71CF
                                            • FrameRect.USER32(?,?,00000000), ref: 004A71DE
                                            • DeleteObject.GDI32(00000000), ref: 004A71E5
                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 004A7230
                                            • FillRect.USER32(?,?,?), ref: 004A7262
                                            • GetWindowLongW.USER32(?,000000F0), ref: 004A7284
                                              • Part of subcall function 004A73E8: GetSysColor.USER32(00000012), ref: 004A7421
                                              • Part of subcall function 004A73E8: SetTextColor.GDI32(?,?), ref: 004A7425
                                              • Part of subcall function 004A73E8: GetSysColorBrush.USER32(0000000F), ref: 004A743B
                                              • Part of subcall function 004A73E8: GetSysColor.USER32(0000000F), ref: 004A7446
                                              • Part of subcall function 004A73E8: GetSysColor.USER32(00000011), ref: 004A7463
                                              • Part of subcall function 004A73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 004A7471
                                              • Part of subcall function 004A73E8: SelectObject.GDI32(?,00000000), ref: 004A7482
                                              • Part of subcall function 004A73E8: SetBkColor.GDI32(?,00000000), ref: 004A748B
                                              • Part of subcall function 004A73E8: SelectObject.GDI32(?,?), ref: 004A7498
                                              • Part of subcall function 004A73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 004A74B7
                                              • Part of subcall function 004A73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004A74CE
                                              • Part of subcall function 004A73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 004A74DB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                            • String ID:
                                            • API String ID: 4124339563-0
                                            • Opcode ID: 387da33191b763c80f60395e1e0bf90603a70079851a8bccc49a5ecc04a16dbf
                                            • Instruction ID: f9750ebc21ed2f779264fe058ba64ec8d91ebe6f7ce6eb81098d1e806a156fdc
                                            • Opcode Fuzzy Hash: 387da33191b763c80f60395e1e0bf90603a70079851a8bccc49a5ecc04a16dbf
                                            • Instruction Fuzzy Hash: 21A1B072508311BFDB509F60DC88A6B7BE9FF4A320F100A29F962961E1D734E945CF56
                                            Function 00428D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • DestroyWindow.USER32(?,?), ref: 00428E14
                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00466AC5
                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00466AFE
                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00466F43
                                              • Part of subcall function 00428F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00428BE8,?,00000000,?,?,?,?,00428BBA,00000000,?), ref: 00428FC5
                                            • SendMessageW.USER32(?,00001053), ref: 00466F7F
                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00466F96
                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00466FAC
                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00466FB7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                            • String ID: 0
                                            • API String ID: 2760611726-4108050209
                                            • Opcode ID: 0ae642a49dc10cab2eb136b1e90c390d6a728b744337930b170b8338b7df97e8
                                            • Instruction ID: e85ca2b2c90c6feb97eea3cbf86d1acb8bcee936fe23978b98dc5e39ab1ebc98
                                            • Opcode Fuzzy Hash: 0ae642a49dc10cab2eb136b1e90c390d6a728b744337930b170b8338b7df97e8
                                            • Instruction Fuzzy Hash: 2312AD30201261EFD725CF14D884BAABBE5FB45300F56446EF485CB262DB39AC52CF9A
                                            Function 00492711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • DestroyWindow.USER32(00000000), ref: 0049273E
                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0049286A
                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 004928A9
                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 004928B9
                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00492900
                                            • GetClientRect.USER32(00000000,?), ref: 0049290C
                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00492955
                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00492964
                                            • GetStockObject.GDI32(00000011), ref: 00492974
                                            • SelectObject.GDI32(00000000,00000000), ref: 00492978
                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00492988
                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00492991
                                            • DeleteDC.GDI32(00000000), ref: 0049299A
                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004929C6
                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 004929DD
                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00492A1D
                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00492A31
                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 00492A42
                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00492A77
                                            • GetStockObject.GDI32(00000011), ref: 00492A82
                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00492A8D
                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00492A97
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                            • API String ID: 2910397461-517079104
                                            • Opcode ID: f02e6e03209e82f10c4dcfa8a99c1eccd857aca8c649c6cbd17841e4bc6b8f98
                                            • Instruction ID: ac55f365a4a78227d321ccebc7043afebb5a7eabf6cfe2735ba8c94126c14207
                                            • Opcode Fuzzy Hash: f02e6e03209e82f10c4dcfa8a99c1eccd857aca8c649c6cbd17841e4bc6b8f98
                                            • Instruction Fuzzy Hash: BFB16D71A40215BFEB14DFA8CD85FAF7BA9EB05714F004129F914EB2A1D774AD40CBA8
                                            Function 00484ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNEL32(00000001), ref: 00484AED
                                            • GetDriveTypeW.KERNEL32(?,004ACB68,?,\\.\,004ACC08), ref: 00484BCA
                                            • SetErrorMode.KERNEL32(00000000,004ACB68,?,\\.\,004ACC08), ref: 00484D36
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ErrorMode$DriveType
                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                            • API String ID: 2907320926-4222207086
                                            • Opcode ID: 7ebe6ad75f755881f33468f4446c242a2916dd2afe087671c2a08d4cf28eaebd
                                            • Instruction ID: 427a2dd218af584eb15e7a214791de95c45331cfc946f5d6ba2a1a272927d42f
                                            • Opcode Fuzzy Hash: 7ebe6ad75f755881f33468f4446c242a2916dd2afe087671c2a08d4cf28eaebd
                                            • Instruction Fuzzy Hash: 8161C2307011079BCB04FF24C991AADB7A5AB84744B22881BF806AB751DB7DED42DB5E
                                            Function 004A73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSysColor.USER32(00000012), ref: 004A7421
                                            • SetTextColor.GDI32(?,?), ref: 004A7425
                                            • GetSysColorBrush.USER32(0000000F), ref: 004A743B
                                            • GetSysColor.USER32(0000000F), ref: 004A7446
                                            • CreateSolidBrush.GDI32(?), ref: 004A744B
                                            • GetSysColor.USER32(00000011), ref: 004A7463
                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 004A7471
                                            • SelectObject.GDI32(?,00000000), ref: 004A7482
                                            • SetBkColor.GDI32(?,00000000), ref: 004A748B
                                            • SelectObject.GDI32(?,?), ref: 004A7498
                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 004A74B7
                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004A74CE
                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 004A74DB
                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 004A752A
                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 004A7554
                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 004A7572
                                            • DrawFocusRect.USER32(?,?), ref: 004A757D
                                            • GetSysColor.USER32(00000011), ref: 004A758E
                                            • SetTextColor.GDI32(?,00000000), ref: 004A7596
                                            • DrawTextW.USER32(?,004A70F5,000000FF,?,00000000), ref: 004A75A8
                                            • SelectObject.GDI32(?,?), ref: 004A75BF
                                            • DeleteObject.GDI32(?), ref: 004A75CA
                                            • SelectObject.GDI32(?,?), ref: 004A75D0
                                            • DeleteObject.GDI32(?), ref: 004A75D5
                                            • SetTextColor.GDI32(?,?), ref: 004A75DB
                                            • SetBkColor.GDI32(?,?), ref: 004A75E5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                            • String ID:
                                            • API String ID: 1996641542-0
                                            • Opcode ID: 257a6af781de2c50c59ef0ad882d7957856ae2bddbe2f56119799be8a6bac961
                                            • Instruction ID: 08a8fdc4e1a997d8656ee657d41150064e53ff0c03ac1a4196fc342feacf585f
                                            • Opcode Fuzzy Hash: 257a6af781de2c50c59ef0ad882d7957856ae2bddbe2f56119799be8a6bac961
                                            • Instruction Fuzzy Hash: 41615F72D04218BFDF119FA4DC89AAE7FB9EB0A320F114125F915AB2A1D7749940CF94
                                            Function 004A0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCursorPos.USER32(?), ref: 004A1128
                                            • GetDesktopWindow.USER32 ref: 004A113D
                                            • GetWindowRect.USER32(00000000), ref: 004A1144
                                            • GetWindowLongW.USER32(?,000000F0), ref: 004A1199
                                            • DestroyWindow.USER32(?), ref: 004A11B9
                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 004A11ED
                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 004A120B
                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 004A121D
                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 004A1232
                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 004A1245
                                            • IsWindowVisible.USER32(00000000), ref: 004A12A1
                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 004A12BC
                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 004A12D0
                                            • GetWindowRect.USER32(00000000,?), ref: 004A12E8
                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 004A130E
                                            • GetMonitorInfoW.USER32(00000000,?), ref: 004A1328
                                            • CopyRect.USER32(?,?), ref: 004A133F
                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 004A13AA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                            • String ID: ($0$tooltips_class32
                                            • API String ID: 698492251-4156429822
                                            • Opcode ID: 22dc715e092b7db86997d443cd8f30914446447dd2da8694ece98b2402bc7719
                                            • Instruction ID: 0ffc2c64c37b8490d36b32f9974f36d28d8c94be82043d8f3acc072a01946b38
                                            • Opcode Fuzzy Hash: 22dc715e092b7db86997d443cd8f30914446447dd2da8694ece98b2402bc7719
                                            • Instruction Fuzzy Hash: 94B1AE71608340AFD700DF65C884BABBBE4FF99354F00891EF9999B261C735E845CB99
                                            Function 004A0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CharUpperBuffW.USER32(?,?), ref: 004A02E5
                                            • _wcslen.LIBCMT ref: 004A031F
                                            • _wcslen.LIBCMT ref: 004A0389
                                            • _wcslen.LIBCMT ref: 004A03F1
                                            • _wcslen.LIBCMT ref: 004A0475
                                            • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 004A04C5
                                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 004A0504
                                              • Part of subcall function 0042F9F2: _wcslen.LIBCMT ref: 0042F9FD
                                              • Part of subcall function 0047223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00472258
                                              • Part of subcall function 0047223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0047228A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                            • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                            • API String ID: 1103490817-719923060
                                            • Opcode ID: 8bae7d9e2864a4c7ddbb3d1f7814e8f1ae5bb241f1fc9bbb8b66333534eb2381
                                            • Instruction ID: 18ae399115aa6f0accb2650a70511161145c9c3628812edb00ffb1e0d68a9a9c
                                            • Opcode Fuzzy Hash: 8bae7d9e2864a4c7ddbb3d1f7814e8f1ae5bb241f1fc9bbb8b66333534eb2381
                                            • Instruction Fuzzy Hash: 9FE1D3312082009FC714DF25C55096BB3E2BFA9718F54496FF8969B391D738ED45CB8A
                                            Function 00428891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00428968
                                            • GetSystemMetrics.USER32(00000007), ref: 00428970
                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0042899B
                                            • GetSystemMetrics.USER32(00000008), ref: 004289A3
                                            • GetSystemMetrics.USER32(00000004), ref: 004289C8
                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 004289E5
                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 004289F5
                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00428A28
                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00428A3C
                                            • GetClientRect.USER32(00000000,000000FF), ref: 00428A5A
                                            • GetStockObject.GDI32(00000011), ref: 00428A76
                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00428A81
                                              • Part of subcall function 0042912D: GetCursorPos.USER32(?), ref: 00429141
                                              • Part of subcall function 0042912D: ScreenToClient.USER32(00000000,?), ref: 0042915E
                                              • Part of subcall function 0042912D: GetAsyncKeyState.USER32(00000001), ref: 00429183
                                              • Part of subcall function 0042912D: GetAsyncKeyState.USER32(00000002), ref: 0042919D
                                            • SetTimer.USER32(00000000,00000000,00000028,004290FC), ref: 00428AA8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                            • String ID: AutoIt v3 GUI
                                            • API String ID: 1458621304-248962490
                                            • Opcode ID: 5f8ba771d19987adb07de9170ad83bdb939ca2147108a9e47d0a27ffd58f4270
                                            • Instruction ID: f0d2f4109e6c040b0ed59e70fe219348a0646202f3286822d3bfbae8bd7143cb
                                            • Opcode Fuzzy Hash: 5f8ba771d19987adb07de9170ad83bdb939ca2147108a9e47d0a27ffd58f4270
                                            • Instruction Fuzzy Hash: 6DB1A171A002199FDB14DF68DC85BAE3BB5FB48315F11422AFA05EB290DB38E841CF59
                                            Function 00470D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004710F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00471114
                                              • Part of subcall function 004710F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00470B9B,?,?,?), ref: 00471120
                                              • Part of subcall function 004710F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00470B9B,?,?,?), ref: 0047112F
                                              • Part of subcall function 004710F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00470B9B,?,?,?), ref: 00471136
                                              • Part of subcall function 004710F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0047114D
                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00470DF5
                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00470E29
                                            • GetLengthSid.ADVAPI32(?), ref: 00470E40
                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00470E7A
                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00470E96
                                            • GetLengthSid.ADVAPI32(?), ref: 00470EAD
                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00470EB5
                                            • HeapAlloc.KERNEL32(00000000), ref: 00470EBC
                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00470EDD
                                            • CopySid.ADVAPI32(00000000), ref: 00470EE4
                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00470F13
                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00470F35
                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00470F47
                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00470F6E
                                            • HeapFree.KERNEL32(00000000), ref: 00470F75
                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00470F7E
                                            • HeapFree.KERNEL32(00000000), ref: 00470F85
                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00470F8E
                                            • HeapFree.KERNEL32(00000000), ref: 00470F95
                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00470FA1
                                            • HeapFree.KERNEL32(00000000), ref: 00470FA8
                                              • Part of subcall function 00471193: GetProcessHeap.KERNEL32(00000008,00470BB1,?,00000000,?,00470BB1,?), ref: 004711A1
                                              • Part of subcall function 00471193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00470BB1,?), ref: 004711A8
                                              • Part of subcall function 00471193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00470BB1,?), ref: 004711B7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                            • String ID:
                                            • API String ID: 4175595110-0
                                            • Opcode ID: ad664e0038d737355d8e93589271598f1583315f857685ac41813197bac5a640
                                            • Instruction ID: 7099d9c0095d656a1b53d86a66b4f77c82821f2cff5746ffa2e987abacfeea12
                                            • Opcode Fuzzy Hash: ad664e0038d737355d8e93589271598f1583315f857685ac41813197bac5a640
                                            • Instruction Fuzzy Hash: 60714CB290520AEBDB20DFA5DC44BEFBBB8BF05300F148126F919B6291D7759905CF68
                                            Function 0049C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0049C4BD
                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,004ACC08,00000000,?,00000000,?,?), ref: 0049C544
                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0049C5A4
                                            • _wcslen.LIBCMT ref: 0049C5F4
                                            • _wcslen.LIBCMT ref: 0049C66F
                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0049C6B2
                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0049C7C1
                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0049C84D
                                            • RegCloseKey.ADVAPI32(?), ref: 0049C881
                                            • RegCloseKey.ADVAPI32(00000000), ref: 0049C88E
                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0049C960
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                            • API String ID: 9721498-966354055
                                            • Opcode ID: 2ced33538ed2535916cdee53a60421807eefa47b74879befdf96ccf7f0aff622
                                            • Instruction ID: 4da2fe471f31ca3bfbd45d4141142f24a7ff825f6c59403002ef929b4aecf9e9
                                            • Opcode Fuzzy Hash: 2ced33538ed2535916cdee53a60421807eefa47b74879befdf96ccf7f0aff622
                                            • Instruction Fuzzy Hash: ED1280312042019FDB14DF15C491A6ABBE5FF88358F05886EF8499B3A2DB39FC41CB89
                                            Function 004A091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CharUpperBuffW.USER32(?,?), ref: 004A09C6
                                            • _wcslen.LIBCMT ref: 004A0A01
                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 004A0A54
                                            • _wcslen.LIBCMT ref: 004A0A8A
                                            • _wcslen.LIBCMT ref: 004A0B06
                                            • _wcslen.LIBCMT ref: 004A0B81
                                              • Part of subcall function 0042F9F2: _wcslen.LIBCMT ref: 0042F9FD
                                              • Part of subcall function 00472BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00472BFA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                            • API String ID: 1103490817-4258414348
                                            • Opcode ID: 0720a5bfdb4e81eb8932f2283124a063d73bb46e898ebb9025f98d16490c2fe7
                                            • Instruction ID: 71bb98aa1d0cb647c24a067f9355aa1627f251d85bc7f1c45857d5aefb18cbd5
                                            • Opcode Fuzzy Hash: 0720a5bfdb4e81eb8932f2283124a063d73bb46e898ebb9025f98d16490c2fe7
                                            • Instruction Fuzzy Hash: 13E1D1712083019FC714DF25C45096AB7E2BFA9318F50895FF8999B3A2D738ED45CB8A
                                            Function 0049C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$BuffCharUpper
                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                            • API String ID: 1256254125-909552448
                                            • Opcode ID: bac4f9cd323f08682ec5b06894ef53aa53b38e830bd08fb05a1defae5ff1d7ed
                                            • Instruction ID: d5d863f6c86e870ab54e73c1e16bf93cde290a1e23b92c2b14424a1a4fa95069
                                            • Opcode Fuzzy Hash: bac4f9cd323f08682ec5b06894ef53aa53b38e830bd08fb05a1defae5ff1d7ed
                                            • Instruction Fuzzy Hash: 3071023260012A8BCF20DE78D9D16BF3B91AFA4764B50453BE85697384E63CDD8583AC
                                            Function 004A833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _wcslen.LIBCMT ref: 004A835A
                                            • _wcslen.LIBCMT ref: 004A836E
                                            • _wcslen.LIBCMT ref: 004A8391
                                            • _wcslen.LIBCMT ref: 004A83B4
                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 004A83F2
                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,004A5BF2), ref: 004A844E
                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 004A8487
                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 004A84CA
                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 004A8501
                                            • FreeLibrary.KERNEL32(?), ref: 004A850D
                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 004A851D
                                            • DestroyIcon.USER32(?,?,?,?,?,004A5BF2), ref: 004A852C
                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 004A8549
                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 004A8555
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                            • String ID: .dll$.exe$.icl
                                            • API String ID: 799131459-1154884017
                                            • Opcode ID: a0ba2eaa562fba035ce4f5868e329f6d95a4f8662d8f1f7125fc70b63ca8b933
                                            • Instruction ID: 87c3c71bab557bf3440b5ae3ca86f648046470f02ca5c71676a4d27e303ff600
                                            • Opcode Fuzzy Hash: a0ba2eaa562fba035ce4f5868e329f6d95a4f8662d8f1f7125fc70b63ca8b933
                                            • Instruction Fuzzy Hash: E061DF71900215BEEB14DF64CC81BFF7BA8FB19720F10451AF815DA1D1EB78A980CBA8
                                            Function 00417778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                            • API String ID: 0-1645009161
                                            • Opcode ID: 906981ebe441df8ad8bd832637147d7a609d2f17126796be3c12219213d426e8
                                            • Instruction ID: 9163805a9ffd9d5412d66ca13c160e931ca9fb4f2aefb45c61f1c69912936ce9
                                            • Opcode Fuzzy Hash: 906981ebe441df8ad8bd832637147d7a609d2f17126796be3c12219213d426e8
                                            • Instruction Fuzzy Hash: B681F470A40605ABDB20AF61DC52FEF7B74AF15304F04402BF805AA292EB7CD985C79D
                                            Function 00483E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                            Download Yara Rule
                                            APIs
                                            • CharLowerBuffW.USER32(?,?), ref: 00483EF8
                                            • _wcslen.LIBCMT ref: 00483F03
                                            • _wcslen.LIBCMT ref: 00483F5A
                                            • _wcslen.LIBCMT ref: 00483F98
                                            • GetDriveTypeW.KERNEL32(?), ref: 00483FD6
                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0048401E
                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00484059
                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00484087
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: SendString_wcslen$BuffCharDriveLowerType
                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                            • API String ID: 1839972693-4113822522
                                            • Opcode ID: b726c860f32b7690b1632d17fb7119f0f0fd9924b106f2dd857fb5e4f43bb1ef
                                            • Instruction ID: 71e3a7638ec9c3419b363a39a2abbf3ea2d0218442d8a22f393c237894bea0b1
                                            • Opcode Fuzzy Hash: b726c860f32b7690b1632d17fb7119f0f0fd9924b106f2dd857fb5e4f43bb1ef
                                            • Instruction Fuzzy Hash: 6471AC316042129FC310EF24C8909AFB7E4EF99B58B10492FFA9597251EB38ED45CB99
                                            Function 00475A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadIconW.USER32(00000063), ref: 00475A2E
                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00475A40
                                            • SetWindowTextW.USER32(?,?), ref: 00475A57
                                            • GetDlgItem.USER32(?,000003EA), ref: 00475A6C
                                            • SetWindowTextW.USER32(00000000,?), ref: 00475A72
                                            • GetDlgItem.USER32(?,000003E9), ref: 00475A82
                                            • SetWindowTextW.USER32(00000000,?), ref: 00475A88
                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00475AA9
                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00475AC3
                                            • GetWindowRect.USER32(?,?), ref: 00475ACC
                                            • _wcslen.LIBCMT ref: 00475B33
                                            • SetWindowTextW.USER32(?,?), ref: 00475B6F
                                            • GetDesktopWindow.USER32 ref: 00475B75
                                            • GetWindowRect.USER32(00000000), ref: 00475B7C
                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00475BD3
                                            • GetClientRect.USER32(?,?), ref: 00475BE0
                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 00475C05
                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00475C2F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                            • String ID:
                                            • API String ID: 895679908-0
                                            • Opcode ID: 15b77cc3a12dcd2901aa2ecc5caedef83fd7d4d0605f2cc54582615693e99587
                                            • Instruction ID: d68c9926c70e6a31f208645eeaef471f8df6a7d1c520532eabc3135bfbba4c8e
                                            • Opcode Fuzzy Hash: 15b77cc3a12dcd2901aa2ecc5caedef83fd7d4d0605f2cc54582615693e99587
                                            • Instruction Fuzzy Hash: CE718231900B059FDB20DFA8CE85AAFBBF5FF48704F104529E146A66A0D7B4F944CB54
                                            Function 0048FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadCursorW.USER32(00000000,00007F89), ref: 0048FE27
                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 0048FE32
                                            • LoadCursorW.USER32(00000000,00007F00), ref: 0048FE3D
                                            • LoadCursorW.USER32(00000000,00007F03), ref: 0048FE48
                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 0048FE53
                                            • LoadCursorW.USER32(00000000,00007F01), ref: 0048FE5E
                                            • LoadCursorW.USER32(00000000,00007F81), ref: 0048FE69
                                            • LoadCursorW.USER32(00000000,00007F88), ref: 0048FE74
                                            • LoadCursorW.USER32(00000000,00007F80), ref: 0048FE7F
                                            • LoadCursorW.USER32(00000000,00007F86), ref: 0048FE8A
                                            • LoadCursorW.USER32(00000000,00007F83), ref: 0048FE95
                                            • LoadCursorW.USER32(00000000,00007F85), ref: 0048FEA0
                                            • LoadCursorW.USER32(00000000,00007F82), ref: 0048FEAB
                                            • LoadCursorW.USER32(00000000,00007F84), ref: 0048FEB6
                                            • LoadCursorW.USER32(00000000,00007F04), ref: 0048FEC1
                                            • LoadCursorW.USER32(00000000,00007F02), ref: 0048FECC
                                            • GetCursorInfo.USER32(?), ref: 0048FEDC
                                            • GetLastError.KERNEL32 ref: 0048FF1E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Cursor$Load$ErrorInfoLast
                                            • String ID:
                                            • API String ID: 3215588206-0
                                            • Opcode ID: 1cae7388290d62eb1e9138eb1ab7b6de09495a8b3acbfb82c8e11b89813763ed
                                            • Instruction ID: f024c8a07490e52d5bf28ffbe9aa5142c39de002ac0c7f767aa7bf45c1c17f68
                                            • Opcode Fuzzy Hash: 1cae7388290d62eb1e9138eb1ab7b6de09495a8b3acbfb82c8e11b89813763ed
                                            • Instruction Fuzzy Hash: D34131B0D443196ADB10DFBA8C8985EBFE8FF04754B50452BE21DE7281DB78E9018F95
                                            Function 004730F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen
                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[M
                                            • API String ID: 176396367-3897780819
                                            • Opcode ID: b96623a95b347f7aca3d4d8b97c3991ae9194941cbfa1ecd679a5c21578a44c8
                                            • Instruction ID: aa63f2a369256b94df989cc275171d9e3d6b15e2fc1709ac387eae9b27f71ea6
                                            • Opcode Fuzzy Hash: b96623a95b347f7aca3d4d8b97c3991ae9194941cbfa1ecd679a5c21578a44c8
                                            • Instruction Fuzzy Hash: 90E1E432A00516ABCB289F74C4517EEBBB0BF44715F54C12BE45AB7340DF38AE85A798
                                            Function 004300C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                            Download Yara Rule
                                            APIs
                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 004300C6
                                              • Part of subcall function 004300ED: InitializeCriticalSectionAndSpinCount.KERNEL32(004E070C,00000FA0,56E7F243,?,?,?,?,004523B3,000000FF), ref: 0043011C
                                              • Part of subcall function 004300ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,004523B3,000000FF), ref: 00430127
                                              • Part of subcall function 004300ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,004523B3,000000FF), ref: 00430138
                                              • Part of subcall function 004300ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0043014E
                                              • Part of subcall function 004300ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0043015C
                                              • Part of subcall function 004300ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0043016A
                                              • Part of subcall function 004300ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00430195
                                              • Part of subcall function 004300ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 004301A0
                                            • ___scrt_fastfail.LIBCMT ref: 004300E7
                                              • Part of subcall function 004300A3: __onexit.LIBCMT ref: 004300A9
                                            Strings
                                            • kernel32.dll, xrefs: 00430133
                                            • WakeAllConditionVariable, xrefs: 00430162
                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00430122
                                            • InitializeConditionVariable, xrefs: 00430148
                                            • SleepConditionVariableCS, xrefs: 00430154
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                            • API String ID: 66158676-1714406822
                                            • Opcode ID: 8424aec140013ab03561fba2c7cc318467006b6a89ece3e2d06ac802320f4b1a
                                            • Instruction ID: d4bd76f16599715a784a70480cebc38e1d83c7f5d8cb9fa6486302071be1f816
                                            • Opcode Fuzzy Hash: 8424aec140013ab03561fba2c7cc318467006b6a89ece3e2d06ac802320f4b1a
                                            • Instruction Fuzzy Hash: 2E21FC32B447106BDB116BA5AC55B6A77E4DB1AB61F10033BF801A7791DBBD5C008A9C
                                            Function 004844C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                            Download Yara Rule
                                            APIs
                                            • CharLowerBuffW.USER32(00000000,00000000,004ACC08), ref: 00484527
                                            • _wcslen.LIBCMT ref: 0048453B
                                            • _wcslen.LIBCMT ref: 00484599
                                            • _wcslen.LIBCMT ref: 004845F4
                                            • _wcslen.LIBCMT ref: 0048463F
                                            • _wcslen.LIBCMT ref: 004846A7
                                              • Part of subcall function 0042F9F2: _wcslen.LIBCMT ref: 0042F9FD
                                            • GetDriveTypeW.KERNEL32(?,004D6BF0,00000061), ref: 00484743
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$BuffCharDriveLowerType
                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                            • API String ID: 2055661098-1000479233
                                            • Opcode ID: a2d2277e741d4015f6cde9329ad8f7ab1f6da727179d9b750c3183022b816716
                                            • Instruction ID: 0698786d47ba9e68c8ff4849903cbcedee9b381c6aae5198ddae73ed37c08107
                                            • Opcode Fuzzy Hash: a2d2277e741d4015f6cde9329ad8f7ab1f6da727179d9b750c3183022b816716
                                            • Instruction Fuzzy Hash: BFB1DE316083029BC310EF29C890A6FB7E5AFE5724F504D1FF59697291E738E845CB5A
                                            Function 004A911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00429BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00429BB2
                                            • DragQueryPoint.SHELL32(?,?), ref: 004A9147
                                              • Part of subcall function 004A7674: ClientToScreen.USER32(?,?), ref: 004A769A
                                              • Part of subcall function 004A7674: GetWindowRect.USER32(?,?), ref: 004A7710
                                              • Part of subcall function 004A7674: PtInRect.USER32(?,?,004A8B89), ref: 004A7720
                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 004A91B0
                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 004A91BB
                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 004A91DE
                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 004A9225
                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 004A923E
                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 004A9255
                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 004A9277
                                            • DragFinish.SHELL32(?), ref: 004A927E
                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 004A9371
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#N
                                            • API String ID: 221274066-3777839306
                                            • Opcode ID: fb11f4cb25d4cca32d578a96fd01ea80aff25c89b9804c16dc353d1a40ead24b
                                            • Instruction ID: 1a6b1795c3cc3da4ae714f8f05d55f9eeb9ab44cdba21cae6a91b786647a3ec2
                                            • Opcode Fuzzy Hash: fb11f4cb25d4cca32d578a96fd01ea80aff25c89b9804c16dc353d1a40ead24b
                                            • Instruction Fuzzy Hash: 56618D71108300AFC701EF65DC85EAFBBE8EF99354F00092EF595931A1DB749A49CB9A
                                            Function 0049AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _wcslen.LIBCMT ref: 0049B198
                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0049B1B0
                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0049B1D4
                                            • _wcslen.LIBCMT ref: 0049B200
                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0049B214
                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0049B236
                                            • _wcslen.LIBCMT ref: 0049B332
                                              • Part of subcall function 004805A7: GetStdHandle.KERNEL32(000000F6), ref: 004805C6
                                            • _wcslen.LIBCMT ref: 0049B34B
                                            • _wcslen.LIBCMT ref: 0049B366
                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0049B3B6
                                            • GetLastError.KERNEL32(00000000), ref: 0049B407
                                            • CloseHandle.KERNEL32(?), ref: 0049B439
                                            • CloseHandle.KERNEL32(00000000), ref: 0049B44A
                                            • CloseHandle.KERNEL32(00000000), ref: 0049B45C
                                            • CloseHandle.KERNEL32(00000000), ref: 0049B46E
                                            • CloseHandle.KERNEL32(?), ref: 0049B4E3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                            • String ID:
                                            • API String ID: 2178637699-0
                                            • Opcode ID: 4eb561e38770358630ded4f4e217fca3135b9e56db5df3f5017d208924d2b17c
                                            • Instruction ID: 25048c09a4b289408e7811efd2d9f096f84f233f76021500413f10eee37acff8
                                            • Opcode Fuzzy Hash: 4eb561e38770358630ded4f4e217fca3135b9e56db5df3f5017d208924d2b17c
                                            • Instruction Fuzzy Hash: B2F18F315042009FCB14EF25D985B6FBBE1EF85314F14856EF8855B2A2DB39EC44CB9A
                                            Function 0041326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetMenuItemCount.USER32(004E1990), ref: 00452F8D
                                            • GetMenuItemCount.USER32(004E1990), ref: 0045303D
                                            • GetCursorPos.USER32(?), ref: 00453081
                                            • SetForegroundWindow.USER32(00000000), ref: 0045308A
                                            • TrackPopupMenuEx.USER32(004E1990,00000000,?,00000000,00000000,00000000), ref: 0045309D
                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 004530A9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                            • String ID: 0
                                            • API String ID: 36266755-4108050209
                                            • Opcode ID: 75b3e2320a797799ef73bd3b768323198f184201c7a5f854f09ed47c068707d2
                                            • Instruction ID: d52a3e0dce57be7f60c5b77a1431bcbed5ec4adafd949a2b997b8c1421e7ff8d
                                            • Opcode Fuzzy Hash: 75b3e2320a797799ef73bd3b768323198f184201c7a5f854f09ed47c068707d2
                                            • Instruction Fuzzy Hash: 7D716931640205BEEB219F24DC89FDBBF64FF02365F204217F9146A2E1C7B9A954DB98
                                            Function 004A6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • DestroyWindow.USER32(00000000,?), ref: 004A6DEB
                                              • Part of subcall function 00416B57: _wcslen.LIBCMT ref: 00416B6A
                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 004A6E5F
                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 004A6E81
                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 004A6E94
                                            • DestroyWindow.USER32(?), ref: 004A6EB5
                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00410000,00000000), ref: 004A6EE4
                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 004A6EFD
                                            • GetDesktopWindow.USER32 ref: 004A6F16
                                            • GetWindowRect.USER32(00000000), ref: 004A6F1D
                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 004A6F35
                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 004A6F4D
                                              • Part of subcall function 00429944: GetWindowLongW.USER32(?,000000EB), ref: 00429952
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                            • String ID: 0$tooltips_class32
                                            • API String ID: 2429346358-3619404913
                                            • Opcode ID: e0cd5f90fcd73690cf8c5ab392a1d1636a5a422d21d77e6fbddd6ac0f1e6dbee
                                            • Instruction ID: 480449d6847d523ead7291c8894ffbcea8572c8879d447d827b19be4b4543d40
                                            • Opcode Fuzzy Hash: e0cd5f90fcd73690cf8c5ab392a1d1636a5a422d21d77e6fbddd6ac0f1e6dbee
                                            • Instruction Fuzzy Hash: 16716B74144244AFDB21CF18DC84BABBBE9FB9A304F49042EF999873A1C774E905CB19
                                            Function 0048C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0048C4B0
                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0048C4C3
                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0048C4D7
                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0048C4F0
                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0048C533
                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0048C549
                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0048C554
                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0048C584
                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0048C5DC
                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0048C5F0
                                            • InternetCloseHandle.WININET(00000000), ref: 0048C5FB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                            • String ID:
                                            • API String ID: 3800310941-3916222277
                                            • Opcode ID: 68fb875449e4cc42c6dca594d0758b07764563a79b01867c82de9594eaedf6e5
                                            • Instruction ID: e6696c870a8f472e951e1b2e8277b7b114244663c75e5189ff1b9eef0f6f2f84
                                            • Opcode Fuzzy Hash: 68fb875449e4cc42c6dca594d0758b07764563a79b01867c82de9594eaedf6e5
                                            • Instruction Fuzzy Hash: B0515DB5500205BFDB21AF61C9C8AAF7BFCFF09754F00482AF94596250DB38E9449B78
                                            Function 004A856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 004A8592
                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004A85A2
                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004A85AD
                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004A85BA
                                            • GlobalLock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004A85C8
                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004A85D7
                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004A85E0
                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004A85E7
                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004A85F8
                                            • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,004AFC38,?), ref: 004A8611
                                            • GlobalFree.KERNEL32(00000000), ref: 004A8621
                                            • GetObjectW.GDI32(?,00000018,?), ref: 004A8641
                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 004A8671
                                            • DeleteObject.GDI32(?), ref: 004A8699
                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 004A86AF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                            • String ID:
                                            • API String ID: 3840717409-0
                                            • Opcode ID: 3109d90dc184fdbb912968a58aa33ab52785152fe92feac7fc2717fb69d8b838
                                            • Instruction ID: e6ec7d9842439c99f61616a9e84471a96dcc8ccf038acd46d5fdce04b350a222
                                            • Opcode Fuzzy Hash: 3109d90dc184fdbb912968a58aa33ab52785152fe92feac7fc2717fb69d8b838
                                            • Instruction Fuzzy Hash: DF41FA75A00208BFDB519FA5DC88EAB7BB8FF9A711F144069F905E7260DB349901CB68
                                            Function 004814BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VariantInit.OLEAUT32(00000000), ref: 00481502
                                            • VariantCopy.OLEAUT32(?,?), ref: 0048150B
                                            • VariantClear.OLEAUT32(?), ref: 00481517
                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 004815FB
                                            • VarR8FromDec.OLEAUT32(?,?), ref: 00481657
                                            • VariantInit.OLEAUT32(?), ref: 00481708
                                            • SysFreeString.OLEAUT32(?), ref: 0048178C
                                            • VariantClear.OLEAUT32(?), ref: 004817D8
                                            • VariantClear.OLEAUT32(?), ref: 004817E7
                                            • VariantInit.OLEAUT32(00000000), ref: 00481823
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                            • API String ID: 1234038744-3931177956
                                            • Opcode ID: 8626206c736955df7ae1993ca3d08af2af09fa440c0c0578b02da9b46500e2d1
                                            • Instruction ID: 1e7e7bfefe4b90ca68e4988ad8633cfb91fafc46916d762e6377b0326fef6c0c
                                            • Opcode Fuzzy Hash: 8626206c736955df7ae1993ca3d08af2af09fa440c0c0578b02da9b46500e2d1
                                            • Instruction Fuzzy Hash: 62D11571600111EBDB00AF69E884B7DB7B9BF45700F50886BF446AB2A0DB38DC47DB5A
                                            Function 0049B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                              • Part of subcall function 0049C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0049B6AE,?,?), ref: 0049C9B5
                                              • Part of subcall function 0049C998: _wcslen.LIBCMT ref: 0049C9F1
                                              • Part of subcall function 0049C998: _wcslen.LIBCMT ref: 0049CA68
                                              • Part of subcall function 0049C998: _wcslen.LIBCMT ref: 0049CA9E
                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0049B6F4
                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0049B772
                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 0049B80A
                                            • RegCloseKey.ADVAPI32(?), ref: 0049B87E
                                            • RegCloseKey.ADVAPI32(?), ref: 0049B89C
                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0049B8F2
                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0049B904
                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 0049B922
                                            • FreeLibrary.KERNEL32(00000000), ref: 0049B983
                                            • RegCloseKey.ADVAPI32(00000000), ref: 0049B994
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                            • API String ID: 146587525-4033151799
                                            • Opcode ID: f4dfe2cbd5043bef8a05754c3a9d85b1d30be51a35c1f5ef1db0f3418d6acc88
                                            • Instruction ID: fa615ed0b01782387e58b718d2a11691133ab1bdceb8145f8568586ea849ea40
                                            • Opcode Fuzzy Hash: f4dfe2cbd5043bef8a05754c3a9d85b1d30be51a35c1f5ef1db0f3418d6acc88
                                            • Instruction Fuzzy Hash: DAC18F70204201AFDB10DF15D594F2ABBE5FF84308F1485AEE5994B3A2C779EC46CB95
                                            Function 0049255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDC.USER32(00000000), ref: 004925D8
                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 004925E8
                                            • CreateCompatibleDC.GDI32(?), ref: 004925F4
                                            • SelectObject.GDI32(00000000,?), ref: 00492601
                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0049266D
                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 004926AC
                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 004926D0
                                            • SelectObject.GDI32(?,?), ref: 004926D8
                                            • DeleteObject.GDI32(?), ref: 004926E1
                                            • DeleteDC.GDI32(?), ref: 004926E8
                                            • ReleaseDC.USER32(00000000,?), ref: 004926F3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                            • String ID: (
                                            • API String ID: 2598888154-3887548279
                                            • Opcode ID: 3a7b9a2c49888b48c95b74bf81d4f26e4d17595392173c2c0c62dcee80cb7cd2
                                            • Instruction ID: afe30b257a05467c9fec05000a697a3f78429f877108e9f3009296d23cb2d67e
                                            • Opcode Fuzzy Hash: 3a7b9a2c49888b48c95b74bf81d4f26e4d17595392173c2c0c62dcee80cb7cd2
                                            • Instruction Fuzzy Hash: 6561D1B5E00219EFCF05CFA4D984AAEBBB5FF48310F20852AE955A7250E774A941CF94
                                            Function 0044DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • ___free_lconv_mon.LIBCMT ref: 0044DAA1
                                              • Part of subcall function 0044D63C: _free.LIBCMT ref: 0044D659
                                              • Part of subcall function 0044D63C: _free.LIBCMT ref: 0044D66B
                                              • Part of subcall function 0044D63C: _free.LIBCMT ref: 0044D67D
                                              • Part of subcall function 0044D63C: _free.LIBCMT ref: 0044D68F
                                              • Part of subcall function 0044D63C: _free.LIBCMT ref: 0044D6A1
                                              • Part of subcall function 0044D63C: _free.LIBCMT ref: 0044D6B3
                                              • Part of subcall function 0044D63C: _free.LIBCMT ref: 0044D6C5
                                              • Part of subcall function 0044D63C: _free.LIBCMT ref: 0044D6D7
                                              • Part of subcall function 0044D63C: _free.LIBCMT ref: 0044D6E9
                                              • Part of subcall function 0044D63C: _free.LIBCMT ref: 0044D6FB
                                              • Part of subcall function 0044D63C: _free.LIBCMT ref: 0044D70D
                                              • Part of subcall function 0044D63C: _free.LIBCMT ref: 0044D71F
                                              • Part of subcall function 0044D63C: _free.LIBCMT ref: 0044D731
                                            • _free.LIBCMT ref: 0044DA96
                                              • Part of subcall function 004429C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0044D7D1,00000000,00000000,00000000,00000000,?,0044D7F8,00000000,00000007,00000000,?,0044DBF5,00000000), ref: 004429DE
                                              • Part of subcall function 004429C8: GetLastError.KERNEL32(00000000,?,0044D7D1,00000000,00000000,00000000,00000000,?,0044D7F8,00000000,00000007,00000000,?,0044DBF5,00000000,00000000), ref: 004429F0
                                            • _free.LIBCMT ref: 0044DAB8
                                            • _free.LIBCMT ref: 0044DACD
                                            • _free.LIBCMT ref: 0044DAD8
                                            • _free.LIBCMT ref: 0044DAFA
                                            • _free.LIBCMT ref: 0044DB0D
                                            • _free.LIBCMT ref: 0044DB1B
                                            • _free.LIBCMT ref: 0044DB26
                                            • _free.LIBCMT ref: 0044DB5E
                                            • _free.LIBCMT ref: 0044DB65
                                            • _free.LIBCMT ref: 0044DB82
                                            • _free.LIBCMT ref: 0044DB9A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                            • String ID:
                                            • API String ID: 161543041-0
                                            • Opcode ID: c105ba9458f2702fb0df8d2a44a6a4991dc3ad4c0ac3a8d1d5cfe33d60b762af
                                            • Instruction ID: 0fbc7f903a6bfa94f2bcc192590e3471ce0bd6f3987e2933896b359906d1fcbb
                                            • Opcode Fuzzy Hash: c105ba9458f2702fb0df8d2a44a6a4991dc3ad4c0ac3a8d1d5cfe33d60b762af
                                            • Instruction Fuzzy Hash: 51316AB1A046459FFB21AA3AE945B5BB7E9FF00314F51442BF049D7291DA78AC40C728
                                            Function 0047365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetClassNameW.USER32(?,?,00000100), ref: 0047369C
                                            • _wcslen.LIBCMT ref: 004736A7
                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00473797
                                            • GetClassNameW.USER32(?,?,00000400), ref: 0047380C
                                            • GetDlgCtrlID.USER32(?), ref: 0047385D
                                            • GetWindowRect.USER32(?,?), ref: 00473882
                                            • GetParent.USER32(?), ref: 004738A0
                                            • ScreenToClient.USER32(00000000), ref: 004738A7
                                            • GetClassNameW.USER32(?,?,00000100), ref: 00473921
                                            • GetWindowTextW.USER32(?,?,00000400), ref: 0047395D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                            • String ID: %s%u
                                            • API String ID: 4010501982-679674701
                                            • Opcode ID: 3ee711676b9be292302927535824d43032d8a856ff6ed10647d211009fc797ff
                                            • Instruction ID: 7106b567ec3585191244bd828ee75418fe1e49136e2ca5b3a6696f0e1cf8f10d
                                            • Opcode Fuzzy Hash: 3ee711676b9be292302927535824d43032d8a856ff6ed10647d211009fc797ff
                                            • Instruction Fuzzy Hash: C691C3B1204206AFD718DF24C884BEBB7E8FF44315F00C52AFA9D82250DB38EA45DB95
                                            Function 00474954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetClassNameW.USER32(?,?,00000400), ref: 00474994
                                            • GetWindowTextW.USER32(?,?,00000400), ref: 004749DA
                                            • _wcslen.LIBCMT ref: 004749EB
                                            • CharUpperBuffW.USER32(?,00000000), ref: 004749F7
                                            • _wcsstr.LIBVCRUNTIME ref: 00474A2C
                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00474A64
                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00474A9D
                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00474AE6
                                            • GetClassNameW.USER32(?,?,00000400), ref: 00474B20
                                            • GetWindowRect.USER32(?,?), ref: 00474B8B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                            • String ID: ThumbnailClass
                                            • API String ID: 1311036022-1241985126
                                            • Opcode ID: a241618ee9a1aff6ab3c65ff6abcf850d1e318a96d8ec44b4220d26f6d52b681
                                            • Instruction ID: 3e46f777533f94fe0d5f87b77e93d849d40ddff76415f2c031b173f9daee5041
                                            • Opcode Fuzzy Hash: a241618ee9a1aff6ab3c65ff6abcf850d1e318a96d8ec44b4220d26f6d52b681
                                            • Instruction Fuzzy Hash: 0D91AC711042059FDB05DE14C981BFBB7E8EF84314F04846BED899A296DB38ED45CBAA
                                            Function 004A8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00429BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00429BB2
                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 004A8D5A
                                            • GetFocus.USER32 ref: 004A8D6A
                                            • GetDlgCtrlID.USER32(00000000), ref: 004A8D75
                                            • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 004A8E1D
                                            • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 004A8ECF
                                            • GetMenuItemCount.USER32(?), ref: 004A8EEC
                                            • GetMenuItemID.USER32(?,00000000), ref: 004A8EFC
                                            • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 004A8F2E
                                            • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 004A8F70
                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 004A8FA1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                            • String ID: 0
                                            • API String ID: 1026556194-4108050209
                                            • Opcode ID: e21fcf7b60c83f04b29851fbad66ca4c8a4a08aa3ddc92d9557dc62ea327dbbf
                                            • Instruction ID: a1483002659df2c769b64139de1c9b98ef7785f78553308075a25c6b183a3a62
                                            • Opcode Fuzzy Hash: e21fcf7b60c83f04b29851fbad66ca4c8a4a08aa3ddc92d9557dc62ea327dbbf
                                            • Instruction Fuzzy Hash: 2C81B371504311AFDB10CF24D884A6BBBE9FFAA314F14092EF985D7291DB78D901CB69
                                            Function 0047DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0047DC20
                                            • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0047DC46
                                            • _wcslen.LIBCMT ref: 0047DC50
                                            • _wcsstr.LIBVCRUNTIME ref: 0047DCA0
                                            • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0047DCBC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                            • API String ID: 1939486746-1459072770
                                            • Opcode ID: 300eaed5fc5c511edc1b13edd37aecc3def2b8c39b6ed8e627b46ca1a051e89d
                                            • Instruction ID: b3fee1bfc6078b955bec20cc79ca37a490acab5d2dd6c5a520f950a9bc8bd273
                                            • Opcode Fuzzy Hash: 300eaed5fc5c511edc1b13edd37aecc3def2b8c39b6ed8e627b46ca1a051e89d
                                            • Instruction Fuzzy Hash: A8412432A402107ADB15A661AC83FFF37BCDF5A714F50406FF904A2182EB7DA90197AD
                                            Function 0049CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0049CC64
                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0049CC8D
                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0049CD48
                                              • Part of subcall function 0049CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0049CCAA
                                              • Part of subcall function 0049CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0049CCBD
                                              • Part of subcall function 0049CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0049CCCF
                                              • Part of subcall function 0049CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0049CD05
                                              • Part of subcall function 0049CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0049CD28
                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 0049CCF3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                            • API String ID: 2734957052-4033151799
                                            • Opcode ID: 96e21358bb9ea3f98390cb7f73ff936c887cce294f6a27e653639b81f8fa2f58
                                            • Instruction ID: 7538443a2070a75c8f6738d5cf86d3d8f676141747eedc8856924e3f1a3f32c1
                                            • Opcode Fuzzy Hash: 96e21358bb9ea3f98390cb7f73ff936c887cce294f6a27e653639b81f8fa2f58
                                            • Instruction Fuzzy Hash: 1B316071A41129BBDB209B95DCC8EFFBF7CEF46754F000176F905E2240D6389E459AA8
                                            Function 00483D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00483D40
                                            • _wcslen.LIBCMT ref: 00483D6D
                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00483D9D
                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00483DBE
                                            • RemoveDirectoryW.KERNEL32(?), ref: 00483DCE
                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00483E55
                                            • CloseHandle.KERNEL32(00000000), ref: 00483E60
                                            • CloseHandle.KERNEL32(00000000), ref: 00483E6B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                            • String ID: :$\$\??\%s
                                            • API String ID: 1149970189-3457252023
                                            • Opcode ID: 80ac30bf395c0d8dca7af9d18548eadca34b56373005702233e20461d83ba766
                                            • Instruction ID: 01218be2fc8f2de56f93013dde21c61150c6cbe48c7afecb1293de8e9cae7b58
                                            • Opcode Fuzzy Hash: 80ac30bf395c0d8dca7af9d18548eadca34b56373005702233e20461d83ba766
                                            • Instruction Fuzzy Hash: 6B31B6729001096BDB21AFA0DC85FEF37BCEF89B05F1044B6F905D6150EB7897458B28
                                            Function 0047E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • timeGetTime.WINMM ref: 0047E6B4
                                              • Part of subcall function 0042E551: timeGetTime.WINMM(?,?,0047E6D4), ref: 0042E555
                                            • Sleep.KERNEL32(0000000A), ref: 0047E6E1
                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0047E705
                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0047E727
                                            • SetActiveWindow.USER32 ref: 0047E746
                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0047E754
                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 0047E773
                                            • Sleep.KERNEL32(000000FA), ref: 0047E77E
                                            • IsWindow.USER32 ref: 0047E78A
                                            • EndDialog.USER32(00000000), ref: 0047E79B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                            • String ID: BUTTON
                                            • API String ID: 1194449130-3405671355
                                            • Opcode ID: 0ce4e31316d84ee1a9df28ce108d7ae3b03154ccf470b9ad86f47536e608884c
                                            • Instruction ID: 494c76b985108189b84701e682c771b886766d41e0b061f8c7d00f00864028ea
                                            • Opcode Fuzzy Hash: 0ce4e31316d84ee1a9df28ce108d7ae3b03154ccf470b9ad86f47536e608884c
                                            • Instruction Fuzzy Hash: 0121D4B0200244AFEB105F36EDC9A663F6DF71A349F108676F409952B2DBB5AC009A2C
                                            Function 0047E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0047EA5D
                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0047EA73
                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0047EA84
                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0047EA96
                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0047EAA7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: SendString$_wcslen
                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                            • API String ID: 2420728520-1007645807
                                            • Opcode ID: df8e3da0a5e259090cab6440a6af7588a6aaf42412739cb9de69359772a0b638
                                            • Instruction ID: 185efa22bfd07092d35c6ad2d555b2b30407d90891556a1a8f714cf41da1f940
                                            • Opcode Fuzzy Hash: df8e3da0a5e259090cab6440a6af7588a6aaf42412739cb9de69359772a0b638
                                            • Instruction Fuzzy Hash: 6E11E370A9021979D720A7A2DC6AEFF6B7CEBC1F04F10046BB801A21D0EE781D45C9B8
                                            Function 00475CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,00000001), ref: 00475CE2
                                            • GetWindowRect.USER32(00000000,?), ref: 00475CFB
                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00475D59
                                            • GetDlgItem.USER32(?,00000002), ref: 00475D69
                                            • GetWindowRect.USER32(00000000,?), ref: 00475D7B
                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00475DCF
                                            • GetDlgItem.USER32(?,000003E9), ref: 00475DDD
                                            • GetWindowRect.USER32(00000000,?), ref: 00475DEF
                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00475E31
                                            • GetDlgItem.USER32(?,000003EA), ref: 00475E44
                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00475E5A
                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00475E67
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$ItemMoveRect$Invalidate
                                            • String ID:
                                            • API String ID: 3096461208-0
                                            • Opcode ID: 85fce70f1bc3c6a58b00dbe9f269ff0012521eeb4d645d9ced75c338d75638a7
                                            • Instruction ID: 7af9dc3cde50717f7a15d0e0f9f9ffc130238e322a778124ca07208abb8f559d
                                            • Opcode Fuzzy Hash: 85fce70f1bc3c6a58b00dbe9f269ff0012521eeb4d645d9ced75c338d75638a7
                                            • Instruction Fuzzy Hash: 3C510E71B00605AFDF18CFA8DD89AAEBBB5FB48300F548129F519E7290D7749E04CB54
                                            Function 00428BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00428F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00428BE8,?,00000000,?,?,?,?,00428BBA,00000000,?), ref: 00428FC5
                                            • DestroyWindow.USER32(?), ref: 00428C81
                                            • KillTimer.USER32(00000000,?,?,?,?,00428BBA,00000000,?), ref: 00428D1B
                                            • DestroyAcceleratorTable.USER32(00000000), ref: 00466973
                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00428BBA,00000000,?), ref: 004669A1
                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00428BBA,00000000,?), ref: 004669B8
                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00428BBA,00000000), ref: 004669D4
                                            • DeleteObject.GDI32(00000000), ref: 004669E6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                            • String ID:
                                            • API String ID: 641708696-0
                                            • Opcode ID: d312ec482637de34eab6c8cb0abf800ef1d87be553b45fe41c1f9b4440f380c5
                                            • Instruction ID: 6c6c78c700273877c720b5be97dd70d0af4906cd395b8db5d91e4763b518ce99
                                            • Opcode Fuzzy Hash: d312ec482637de34eab6c8cb0abf800ef1d87be553b45fe41c1f9b4440f380c5
                                            • Instruction Fuzzy Hash: FA61C170202620DFDB219F15EA88B2A7BF1FB41316F55452EE0429B671CB39AC81CF9D
                                            Function 00429838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00429944: GetWindowLongW.USER32(?,000000EB), ref: 00429952
                                            • GetSysColor.USER32(0000000F), ref: 00429862
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ColorLongWindow
                                            • String ID:
                                            • API String ID: 259745315-0
                                            • Opcode ID: 5a4886a40c9aaeaf3bb6ae34570c01d04d3e4fd7cde98486b7776afaba0a22ec
                                            • Instruction ID: f874ee9d2f2be3fd10760c2b7717790b9c456f1175dcccdab44d2fb6697bf3e7
                                            • Opcode Fuzzy Hash: 5a4886a40c9aaeaf3bb6ae34570c01d04d3e4fd7cde98486b7776afaba0a22ec
                                            • Instruction Fuzzy Hash: 1741FA31600650AFDB206F38AC84BBA3B65EB17330F584656F9A2873E2D7349C42DB19
                                            Function 00448D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .C
                                            • API String ID: 0-1181961956
                                            • Opcode ID: 9b58f5dabe3077509171e732bff81eb824458f57b6083445ac5ab056f66e97ef
                                            • Instruction ID: eb9610bd3511200ec6d90fa95a5c7e010e857ca5343351805dd7b5ce85707d63
                                            • Opcode Fuzzy Hash: 9b58f5dabe3077509171e732bff81eb824458f57b6083445ac5ab056f66e97ef
                                            • Instruction Fuzzy Hash: 1EC1F474D04249AFEF11DFA9D841BAFBBB0AF09314F14409AF814A7392C7798D42DB69
                                            Function 004796E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0045F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00479717
                                            • LoadStringW.USER32(00000000,?,0045F7F8,00000001), ref: 00479720
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0045F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00479742
                                            • LoadStringW.USER32(00000000,?,0045F7F8,00000001), ref: 00479745
                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00479866
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: HandleLoadModuleString$Message_wcslen
                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                            • API String ID: 747408836-2268648507
                                            • Opcode ID: 3ee9530a851cd0c7f38de4390686cf59642ea22bf7a459988ec1dc21611975c2
                                            • Instruction ID: 47649ed6707ce6315a6fb9766a92006ead74d56158a65ab5c8854d2702f008b9
                                            • Opcode Fuzzy Hash: 3ee9530a851cd0c7f38de4390686cf59642ea22bf7a459988ec1dc21611975c2
                                            • Instruction Fuzzy Hash: A1416572800119AADF04FBE1CD96DEE7778AF15744F50402BF60572192EB396F88CB69
                                            Function 004706DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00416B57: _wcslen.LIBCMT ref: 00416B6A
                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 004707A2
                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 004707BE
                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 004707DA
                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00470804
                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0047082C
                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00470837
                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0047083C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                            • API String ID: 323675364-22481851
                                            • Opcode ID: 2105aacdd6c737f33dc8ded460abfac6fe9d8952a66773c56c8a4bb317b591c2
                                            • Instruction ID: 971b3f1af4e9c7bad6bcaabeef2f6bc07191664b0645e154af9b29989f684920
                                            • Opcode Fuzzy Hash: 2105aacdd6c737f33dc8ded460abfac6fe9d8952a66773c56c8a4bb317b591c2
                                            • Instruction Fuzzy Hash: 0C413B71C11228EBCF15EFA4DC95CEEB778BF04354F15412AE905A3260EB38AE44CB94
                                            Function 00493C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VariantInit.OLEAUT32(?), ref: 00493C5C
                                            • CoInitialize.OLE32(00000000), ref: 00493C8A
                                            • CoUninitialize.OLE32 ref: 00493C94
                                            • _wcslen.LIBCMT ref: 00493D2D
                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 00493DB1
                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 00493ED5
                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00493F0E
                                            • CoGetObject.OLE32(?,00000000,004AFB98,?), ref: 00493F2D
                                            • SetErrorMode.KERNEL32(00000000), ref: 00493F40
                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00493FC4
                                            • VariantClear.OLEAUT32(?), ref: 00493FD8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                            • String ID:
                                            • API String ID: 429561992-0
                                            • Opcode ID: bd28a41bbed7338230c01f431dd6a8a5859c679330a8b047e730b4abd573d918
                                            • Instruction ID: f46ce77e6ea40ec39aeecf3c65ce7f6ba73e3857271a89658ab5552a3a1d6a17
                                            • Opcode Fuzzy Hash: bd28a41bbed7338230c01f431dd6a8a5859c679330a8b047e730b4abd573d918
                                            • Instruction Fuzzy Hash: 23C158716083059FCB00DF65C88496BBBE9FF8A749F00496EF98A9B210D734EE05CB56
                                            Function 00487A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CoInitialize.OLE32(00000000), ref: 00487AF3
                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00487B8F
                                            • SHGetDesktopFolder.SHELL32(?), ref: 00487BA3
                                            • CoCreateInstance.OLE32(004AFD08,00000000,00000001,004D6E6C,?), ref: 00487BEF
                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00487C74
                                            • CoTaskMemFree.OLE32(?,?), ref: 00487CCC
                                            • SHBrowseForFolderW.SHELL32(?), ref: 00487D57
                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00487D7A
                                            • CoTaskMemFree.OLE32(00000000), ref: 00487D81
                                            • CoTaskMemFree.OLE32(00000000), ref: 00487DD6
                                            • CoUninitialize.OLE32 ref: 00487DDC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                            • String ID:
                                            • API String ID: 2762341140-0
                                            • Opcode ID: efcc640d957c25b3a10b525922995246019e9a07ca1142fec73a4f09533f244c
                                            • Instruction ID: 88d8fb7e9a5a88090902244ea6af08d937b7dc800ece08ee49cd5c22bb9600be
                                            • Opcode Fuzzy Hash: efcc640d957c25b3a10b525922995246019e9a07ca1142fec73a4f09533f244c
                                            • Instruction Fuzzy Hash: 73C13D75A04105AFCB14EFA4C894DAEBBF9FF48308B1484A9E81ADB361D734ED41CB94
                                            Function 004A541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 004A5504
                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004A5515
                                            • CharNextW.USER32(00000158), ref: 004A5544
                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 004A5585
                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 004A559B
                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004A55AC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$CharNext
                                            • String ID:
                                            • API String ID: 1350042424-0
                                            • Opcode ID: 2efb1f7c96c8081bb18d15c9847767f811f787cce9b19fadcfeee2f16e489ed0
                                            • Instruction ID: 886126b4b6221783a70d92fb59f16fe1a659533b40aeb0ed112194b5baff34cd
                                            • Opcode Fuzzy Hash: 2efb1f7c96c8081bb18d15c9847767f811f787cce9b19fadcfeee2f16e489ed0
                                            • Instruction Fuzzy Hash: F161BE71900608FBDF10DF54CD84AFF3BB9EB2B320F104156F925AA291D7388A81DB69
                                            Function 0046FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0046FAAF
                                            • SafeArrayAllocData.OLEAUT32(?), ref: 0046FB08
                                            • VariantInit.OLEAUT32(?), ref: 0046FB1A
                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 0046FB3A
                                            • VariantCopy.OLEAUT32(?,?), ref: 0046FB8D
                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 0046FBA1
                                            • VariantClear.OLEAUT32(?), ref: 0046FBB6
                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 0046FBC3
                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0046FBCC
                                            • VariantClear.OLEAUT32(?), ref: 0046FBDE
                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0046FBE9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                            • String ID:
                                            • API String ID: 2706829360-0
                                            • Opcode ID: c215a2eadedc096187399e35b036147ca007a2358cc53a2e26fafaf8e74fc690
                                            • Instruction ID: 69da9d415d22f4735617171077b00187f906dca4e4e7837b33ff6fada278e84d
                                            • Opcode Fuzzy Hash: c215a2eadedc096187399e35b036147ca007a2358cc53a2e26fafaf8e74fc690
                                            • Instruction Fuzzy Hash: E9417275A002199FCB00DF64D8949EEBFB9FF49344F00807AE945A7261DB34E945CF99
                                            Function 00479C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetKeyboardState.USER32(?), ref: 00479CA1
                                            • GetAsyncKeyState.USER32(000000A0), ref: 00479D22
                                            • GetKeyState.USER32(000000A0), ref: 00479D3D
                                            • GetAsyncKeyState.USER32(000000A1), ref: 00479D57
                                            • GetKeyState.USER32(000000A1), ref: 00479D6C
                                            • GetAsyncKeyState.USER32(00000011), ref: 00479D84
                                            • GetKeyState.USER32(00000011), ref: 00479D96
                                            • GetAsyncKeyState.USER32(00000012), ref: 00479DAE
                                            • GetKeyState.USER32(00000012), ref: 00479DC0
                                            • GetAsyncKeyState.USER32(0000005B), ref: 00479DD8
                                            • GetKeyState.USER32(0000005B), ref: 00479DEA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: State$Async$Keyboard
                                            • String ID:
                                            • API String ID: 541375521-0
                                            • Opcode ID: 7496078645f185c8b955c02ad3bdb58ae11c5035c34322887f17f5e42b53c589
                                            • Instruction ID: 105258d4d7e9098a205df19608756355a8728712edbacb0a07328e843bb98f96
                                            • Opcode Fuzzy Hash: 7496078645f185c8b955c02ad3bdb58ae11c5035c34322887f17f5e42b53c589
                                            • Instruction Fuzzy Hash: 9F41D8345047C96DFF71866484443F7BEA16B12344F08C05BDACA567C2EBAC9DC8C79A
                                            Function 0049055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WSAStartup.WSOCK32(00000101,?), ref: 004905BC
                                            • inet_addr.WSOCK32(?), ref: 0049061C
                                            • gethostbyname.WSOCK32(?), ref: 00490628
                                            • IcmpCreateFile.IPHLPAPI ref: 00490636
                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 004906C6
                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 004906E5
                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 004907B9
                                            • WSACleanup.WSOCK32 ref: 004907BF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                            • String ID: Ping
                                            • API String ID: 1028309954-2246546115
                                            • Opcode ID: 53f1adc4460936a8435b62b255cd9b17c6f6373eb999eeb781664c73fc01e50c
                                            • Instruction ID: d698bc833c7678b93aeb067f8947c4fc809515c985cc515df99e0be90776a55b
                                            • Opcode Fuzzy Hash: 53f1adc4460936a8435b62b255cd9b17c6f6373eb999eeb781664c73fc01e50c
                                            • Instruction Fuzzy Hash: 49917E35604201AFDB20DF15D488F1ABFE0AF44328F1585AAE4698B7A2C738ED85CF95
                                            Function 00498CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$BuffCharLower
                                            • String ID: cdecl$none$stdcall$winapi
                                            • API String ID: 707087890-567219261
                                            • Opcode ID: 2988b8d1db754f97fcb01959b2ec187e4289b9debbd9552d54519e9fb1cf070f
                                            • Instruction ID: f2321c66c4dea0c95bd39490f25074e66ef5b59c05288e109135086d3958da2f
                                            • Opcode Fuzzy Hash: 2988b8d1db754f97fcb01959b2ec187e4289b9debbd9552d54519e9fb1cf070f
                                            • Instruction Fuzzy Hash: 9F519071A001169BCF14DF6DC9609BEBBA5AF66324B21423FE426E7384DB39DD40C798
                                            Function 0049372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CoInitialize.OLE32 ref: 00493774
                                            • CoUninitialize.OLE32 ref: 0049377F
                                            • CoCreateInstance.OLE32(?,00000000,00000017,004AFB78,?), ref: 004937D9
                                            • IIDFromString.OLE32(?,?), ref: 0049384C
                                            • VariantInit.OLEAUT32(?), ref: 004938E4
                                            • VariantClear.OLEAUT32(?), ref: 00493936
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                            • API String ID: 636576611-1287834457
                                            • Opcode ID: 1e76311899763007a6a4355971e6b500c6099e01768a07ff98e4a84797a443ce
                                            • Instruction ID: c09ade78cfc8693cfbb62d65456be79016457365495fb0cb24c547c6a8c76256
                                            • Opcode Fuzzy Hash: 1e76311899763007a6a4355971e6b500c6099e01768a07ff98e4a84797a443ce
                                            • Instruction Fuzzy Hash: 6561B070608301AFD710EF55C888B6ABBE4EF4A705F10486FF58597291C778EE49CB9A
                                            Function 004A8B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00429BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00429BB2
                                              • Part of subcall function 0042912D: GetCursorPos.USER32(?), ref: 00429141
                                              • Part of subcall function 0042912D: ScreenToClient.USER32(00000000,?), ref: 0042915E
                                              • Part of subcall function 0042912D: GetAsyncKeyState.USER32(00000001), ref: 00429183
                                              • Part of subcall function 0042912D: GetAsyncKeyState.USER32(00000002), ref: 0042919D
                                            • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 004A8B6B
                                            • ImageList_EndDrag.COMCTL32 ref: 004A8B71
                                            • ReleaseCapture.USER32 ref: 004A8B77
                                            • SetWindowTextW.USER32(?,00000000), ref: 004A8C12
                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 004A8C25
                                            • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 004A8CFF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID$p#N
                                            • API String ID: 1924731296-3991093434
                                            • Opcode ID: 322615d0942eabc3864a1c1e2ae3c6127e373fcdfad9751ef11f115f88f5980e
                                            • Instruction ID: 47c12726a45359ca2c067fea2545401927e23d90b7c28c502135f77aac93ccd2
                                            • Opcode Fuzzy Hash: 322615d0942eabc3864a1c1e2ae3c6127e373fcdfad9751ef11f115f88f5980e
                                            • Instruction Fuzzy Hash: 33518B70204200AFD704EF15DC95FAA77E4FB89714F400A2EF996572E2DB789D44CB6A
                                            Function 00483388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 004833CF
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 004833F0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: LoadString$_wcslen
                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                            • API String ID: 4099089115-3080491070
                                            • Opcode ID: 1142c04a9c81701bb75aae4beb97b563b64bd2f7e18b9087fe87dddb4fc3f9c0
                                            • Instruction ID: 7695c21b8b36afe79131069c5ec5d0ca14b9c4d6ae953ec27149b8bd75fa862b
                                            • Opcode Fuzzy Hash: 1142c04a9c81701bb75aae4beb97b563b64bd2f7e18b9087fe87dddb4fc3f9c0
                                            • Instruction Fuzzy Hash: D051D471900209BADF14EBE1CD52EEEB778AF04744F20446BF50572162EB392F98DB68
                                            Function 0047B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$BuffCharUpper
                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                            • API String ID: 1256254125-769500911
                                            • Opcode ID: 05988ba4a17b9c84888d3bbc0106db6ad0fca6b2443a379f5b7f8fc0d0f0e533
                                            • Instruction ID: 414aed57adbb56d44630540c850783c453eb60b242e3bbd21be030ebb81c53ac
                                            • Opcode Fuzzy Hash: 05988ba4a17b9c84888d3bbc0106db6ad0fca6b2443a379f5b7f8fc0d0f0e533
                                            • Instruction Fuzzy Hash: 31412A32A001269ACB106F7D88906FF77A1EFA0758B24812BE629D7384E73DCD81C3D5
                                            Function 00485393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNEL32(00000001), ref: 004853A0
                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00485416
                                            • GetLastError.KERNEL32 ref: 00485420
                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 004854A7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Error$Mode$DiskFreeLastSpace
                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                            • API String ID: 4194297153-14809454
                                            • Opcode ID: 8dafa5648ace807a1cbe3412b834b70b3b72cad942207dffd6dc4ceda2610241
                                            • Instruction ID: cbe64af34b405703c3480dd1aee301c646ac5b5423df9dc3eb6c89aac84d6b26
                                            • Opcode Fuzzy Hash: 8dafa5648ace807a1cbe3412b834b70b3b72cad942207dffd6dc4ceda2610241
                                            • Instruction Fuzzy Hash: 0231CE35A002049FDB10EF68C484BAEBBB4EF45709F14846BE405CB392DB79DD82CB95
                                            Function 004A3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateMenu.USER32 ref: 004A3C79
                                            • SetMenu.USER32(?,00000000), ref: 004A3C88
                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 004A3D10
                                            • IsMenu.USER32(?), ref: 004A3D24
                                            • CreatePopupMenu.USER32 ref: 004A3D2E
                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 004A3D5B
                                            • DrawMenuBar.USER32 ref: 004A3D63
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                            • String ID: 0$F
                                            • API String ID: 161812096-3044882817
                                            • Opcode ID: 61bf1a0c13cbfdcf9b5887dc7343f0fc2790829543ca24696400371479a97c1a
                                            • Instruction ID: 88367d0572a9587ccdce4249f6a151579d92679bdd64667a54bb18dfb3d73e06
                                            • Opcode Fuzzy Hash: 61bf1a0c13cbfdcf9b5887dc7343f0fc2790829543ca24696400371479a97c1a
                                            • Instruction Fuzzy Hash: 28417EB5A01209EFDB14CF64D884ADA7BB5FF5A351F14002AF946A7360E734AA10CF58
                                            Function 00471EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                              • Part of subcall function 00473CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00473CCA
                                            • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00471F64
                                            • GetDlgCtrlID.USER32 ref: 00471F6F
                                            • GetParent.USER32 ref: 00471F8B
                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00471F8E
                                            • GetDlgCtrlID.USER32(?), ref: 00471F97
                                            • GetParent.USER32(?), ref: 00471FAB
                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00471FAE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                            • String ID: ComboBox$ListBox
                                            • API String ID: 711023334-1403004172
                                            • Opcode ID: 2482581fa915c43a01fffc99b3093fe117c9891835abd700e5ce3564698c1547
                                            • Instruction ID: 911ac598e1d5e5cae51a6700bafdf9c31b3e101bcb7c18fb55eda3b226416f2b
                                            • Opcode Fuzzy Hash: 2482581fa915c43a01fffc99b3093fe117c9891835abd700e5ce3564698c1547
                                            • Instruction Fuzzy Hash: CE21C271900214BBCF15EFA4CC95EEEBBB8EF06354B10411BF965672A1DB385904DB68
                                            Function 004A3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 004A3A9D
                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 004A3AA0
                                            • GetWindowLongW.USER32(?,000000F0), ref: 004A3AC7
                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004A3AEA
                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 004A3B62
                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 004A3BAC
                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004A3BC7
                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 004A3BE2
                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 004A3BF6
                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 004A3C13
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$LongWindow
                                            • String ID:
                                            • API String ID: 312131281-0
                                            • Opcode ID: 8750fad242930c77f0ba0a5b7088109129fc0be0950115208b9d46647844f1c6
                                            • Instruction ID: 9b9b1362c474cf40edbbecfd28caa1ac6b822cdd5dbcf18cdb8d3d0f30ad3c48
                                            • Opcode Fuzzy Hash: 8750fad242930c77f0ba0a5b7088109129fc0be0950115208b9d46647844f1c6
                                            • Instruction Fuzzy Hash: 04619F75900248AFDB10DF64CC81EEE77F8EB19314F1000AAFA05A73A2D774AE45DB54
                                            Function 0047B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentThreadId.KERNEL32 ref: 0047B151
                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0047A1E1,?,00000001), ref: 0047B165
                                            • GetWindowThreadProcessId.USER32(00000000), ref: 0047B16C
                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0047A1E1,?,00000001), ref: 0047B17B
                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 0047B18D
                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0047A1E1,?,00000001), ref: 0047B1A6
                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0047A1E1,?,00000001), ref: 0047B1B8
                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0047A1E1,?,00000001), ref: 0047B1FD
                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0047A1E1,?,00000001), ref: 0047B212
                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0047A1E1,?,00000001), ref: 0047B21D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                            • String ID:
                                            • API String ID: 2156557900-0
                                            • Opcode ID: 83c3472da5634ea67357a083ed23f30d82bf44ddcd5c52161906f8a17ba07ca0
                                            • Instruction ID: 60138c64cf79c9cf67be6e330ec5055d278779b652c5cf4ab33331a845a62410
                                            • Opcode Fuzzy Hash: 83c3472da5634ea67357a083ed23f30d82bf44ddcd5c52161906f8a17ba07ca0
                                            • Instruction Fuzzy Hash: 8731A271540204AFDB119F64DC8CBAE7B69EB51356F108466FA08DB251D7789E008FAC
                                            Function 00442C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                            Download Yara Rule
                                            APIs
                                            • _free.LIBCMT ref: 00442C94
                                              • Part of subcall function 004429C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0044D7D1,00000000,00000000,00000000,00000000,?,0044D7F8,00000000,00000007,00000000,?,0044DBF5,00000000), ref: 004429DE
                                              • Part of subcall function 004429C8: GetLastError.KERNEL32(00000000,?,0044D7D1,00000000,00000000,00000000,00000000,?,0044D7F8,00000000,00000007,00000000,?,0044DBF5,00000000,00000000), ref: 004429F0
                                            • _free.LIBCMT ref: 00442CA0
                                            • _free.LIBCMT ref: 00442CAB
                                            • _free.LIBCMT ref: 00442CB6
                                            • _free.LIBCMT ref: 00442CC1
                                            • _free.LIBCMT ref: 00442CCC
                                            • _free.LIBCMT ref: 00442CD7
                                            • _free.LIBCMT ref: 00442CE2
                                            • _free.LIBCMT ref: 00442CED
                                            • _free.LIBCMT ref: 00442CFB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: baeddbe0655e94e118552a65794846ef528a4f51d5828953fe4ae3143878e0bf
                                            • Instruction ID: c4d3835c6e39c14024aa1b946a06c50d845e7d2803cfcb573c61ee3650419366
                                            • Opcode Fuzzy Hash: baeddbe0655e94e118552a65794846ef528a4f51d5828953fe4ae3143878e0bf
                                            • Instruction Fuzzy Hash: 6411FEB5200108BFEB02EF56DA42CDD3B65FF05354F81449AF9485F232D675EE509B54
                                            Function 00487DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00487FAD
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00487FC1
                                            • GetFileAttributesW.KERNEL32(?), ref: 00487FEB
                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00488005
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00488017
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00488060
                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 004880B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CurrentDirectory$AttributesFile
                                            • String ID: *.*
                                            • API String ID: 769691225-438819550
                                            • Opcode ID: 75ed41fe40df109effce1867840db597d0068e9624acc88efec2f2c0e749759e
                                            • Instruction ID: 60776df3a2aa20ebd64d375f27d7d87eae9c9b1fdb66f3cae49938412a292d9a
                                            • Opcode Fuzzy Hash: 75ed41fe40df109effce1867840db597d0068e9624acc88efec2f2c0e749759e
                                            • Instruction Fuzzy Hash: 8B8190725082019BCB20EF15C8949BFB7E8AF89314F644C5FF889D7250EB38DD458B5A
                                            Function 00415BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetWindowLongW.USER32(?,000000EB), ref: 00415C7A
                                              • Part of subcall function 00415D0A: GetClientRect.USER32(?,?), ref: 00415D30
                                              • Part of subcall function 00415D0A: GetWindowRect.USER32(?,?), ref: 00415D71
                                              • Part of subcall function 00415D0A: ScreenToClient.USER32(?,?), ref: 00415D99
                                            • GetDC.USER32 ref: 004546F5
                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00454708
                                            • SelectObject.GDI32(00000000,00000000), ref: 00454716
                                            • SelectObject.GDI32(00000000,00000000), ref: 0045472B
                                            • ReleaseDC.USER32(?,00000000), ref: 00454733
                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 004547C4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                            • String ID: U
                                            • API String ID: 4009187628-3372436214
                                            • Opcode ID: 35b70a7b7996833853d03c08335a8f43a9e06e71ff8c86c7ce4ac674f8b758aa
                                            • Instruction ID: 887fb8666af04f3ee60c595cc3ab95fc0868f9ada7a6041cbaf17a9e9da7969d
                                            • Opcode Fuzzy Hash: 35b70a7b7996833853d03c08335a8f43a9e06e71ff8c86c7ce4ac674f8b758aa
                                            • Instruction Fuzzy Hash: E171DE34400205DFCF218F64C984AEA3BB1FF8A32AF14426BED555E267D7388886DF58
                                            Function 0048359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 004835E4
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                            • LoadStringW.USER32(004E2390,?,00000FFF,?), ref: 0048360A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: LoadString$_wcslen
                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                            • API String ID: 4099089115-2391861430
                                            • Opcode ID: 6829c1961d2d7a976b95a72771c5281948a3b144cbd59cc3e9a777d504f96c59
                                            • Instruction ID: 4c2bca62849440ba06ab7cf45b7e745419e897b1c1e1e03a16b17439adab886e
                                            • Opcode Fuzzy Hash: 6829c1961d2d7a976b95a72771c5281948a3b144cbd59cc3e9a777d504f96c59
                                            • Instruction Fuzzy Hash: E5517071800209AADF14EFA1CC92EEEBB35AF04745F14452BF505721A1EB386AD9DF68
                                            Function 0048C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0048C272
                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0048C29A
                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0048C2CA
                                            • GetLastError.KERNEL32 ref: 0048C322
                                            • SetEvent.KERNEL32(?), ref: 0048C336
                                            • InternetCloseHandle.WININET(00000000), ref: 0048C341
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                            • String ID:
                                            • API String ID: 3113390036-3916222277
                                            • Opcode ID: 74b0636c93e256869bad559c5974195124dd36c9636d8b7d25542fd185a0c4db
                                            • Instruction ID: dcca571e5fa73f26138b9223ec9660c497b26d26be665a6c4ee5f2301c3f81ee
                                            • Opcode Fuzzy Hash: 74b0636c93e256869bad559c5974195124dd36c9636d8b7d25542fd185a0c4db
                                            • Instruction Fuzzy Hash: 6A316F71500604AFD721AF6598C4AAF7BFCEB49744B10892FF84692240DB38DD059B79
                                            Function 0047989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00453AAF,?,?,Bad directive syntax error,004ACC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 004798BC
                                            • LoadStringW.USER32(00000000,?,00453AAF,?), ref: 004798C3
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00479987
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: HandleLoadMessageModuleString_wcslen
                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                            • API String ID: 858772685-4153970271
                                            • Opcode ID: fa06d9b2b9ad3f3bd0e7f2c0e597206f5bd85a688edb2dc1f3b8ae400d4d489b
                                            • Instruction ID: 5e73d1bf454e12fe2114cdb077473c7e2ec109ca6bea76091fc6e4f3dc4d1393
                                            • Opcode Fuzzy Hash: fa06d9b2b9ad3f3bd0e7f2c0e597206f5bd85a688edb2dc1f3b8ae400d4d489b
                                            • Instruction Fuzzy Hash: BA21B47190021EBBDF11AF90CC16EEE7775FF14704F04442BF915621A2EB39AA68DB58
                                            Function 0047209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetParent.USER32 ref: 004720AB
                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 004720C0
                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0047214D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ClassMessageNameParentSend
                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                            • API String ID: 1290815626-3381328864
                                            • Opcode ID: 480a8efdf70b991f5fc79afe6b89803628bf79b93d37c7c71f2b55f650fe3af9
                                            • Instruction ID: 611cbf69ee29b9cdf684a2aa189dc85727efe1fc5bc048144b682bf17ae3cdaf
                                            • Opcode Fuzzy Hash: 480a8efdf70b991f5fc79afe6b89803628bf79b93d37c7c71f2b55f650fe3af9
                                            • Instruction Fuzzy Hash: 2B110676688707B9FA017621DD16DE7379CEB09328F60902BFB08B51D2EEAD7802565C
                                            Function 0044CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                            • String ID:
                                            • API String ID: 1282221369-0
                                            • Opcode ID: 0f6d594d9b792e19d64dba72ca68b34b4ada623c32d40a52b9590f8e37912daa
                                            • Instruction ID: 750c0a0e7a1f753b1cb60f520546c754aa0ddf1d1d4dabc90750fc9e587da608
                                            • Opcode Fuzzy Hash: 0f6d594d9b792e19d64dba72ca68b34b4ada623c32d40a52b9590f8e37912daa
                                            • Instruction Fuzzy Hash: 4D6138B1A05200ABFB21AFB59CC1A6A7B95EF05314F08416FF9409B3C2DB7D9D45876C
                                            Function 00428B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00466890
                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 004668A9
                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 004668B9
                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 004668D1
                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 004668F2
                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00428874,00000000,00000000,00000000,000000FF,00000000), ref: 00466901
                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0046691E
                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00428874,00000000,00000000,00000000,000000FF,00000000), ref: 0046692D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                            • String ID:
                                            • API String ID: 1268354404-0
                                            • Opcode ID: fa81703eb3a7b5ad67dffe79f50e50ce3408a4c78cab3e762331d8884ff2e4a0
                                            • Instruction ID: bd1738f8097e962daaaf6b2cb2eb0be89b6a46b8e53ad3f6cd96e8920b93ee01
                                            • Opcode Fuzzy Hash: fa81703eb3a7b5ad67dffe79f50e50ce3408a4c78cab3e762331d8884ff2e4a0
                                            • Instruction Fuzzy Hash: 9F518BB0601209EFDB20CF25DC95FAA7BB5FB48750F10452EF902972A0EB78E951DB58
                                            Function 0048C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0048C182
                                            • GetLastError.KERNEL32 ref: 0048C195
                                            • SetEvent.KERNEL32(?), ref: 0048C1A9
                                              • Part of subcall function 0048C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0048C272
                                              • Part of subcall function 0048C253: GetLastError.KERNEL32 ref: 0048C322
                                              • Part of subcall function 0048C253: SetEvent.KERNEL32(?), ref: 0048C336
                                              • Part of subcall function 0048C253: InternetCloseHandle.WININET(00000000), ref: 0048C341
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                            • String ID:
                                            • API String ID: 337547030-0
                                            • Opcode ID: b216da24480443753077756372bf9f2dc18e2b4ffd6eb7504d4b1429d7cdc380
                                            • Instruction ID: b03f585cd010f89a7b7b3a1440e4f4ff447f781d7afdfc5ace4c113a7b38417c
                                            • Opcode Fuzzy Hash: b216da24480443753077756372bf9f2dc18e2b4ffd6eb7504d4b1429d7cdc380
                                            • Instruction Fuzzy Hash: 40317071900601AFDB21AFA5DC84A6BBBE9FF15300B04496EF95682650DB39E8149FB8
                                            Function 004725A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00473A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00473A57
                                              • Part of subcall function 00473A3D: GetCurrentThreadId.KERNEL32 ref: 00473A5E
                                              • Part of subcall function 00473A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,004725B3), ref: 00473A65
                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 004725BD
                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 004725DB
                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 004725DF
                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 004725E9
                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00472601
                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00472605
                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 0047260F
                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00472623
                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00472627
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                            • String ID:
                                            • API String ID: 2014098862-0
                                            • Opcode ID: cc795c06aee6b687c30220c1268515723e3d365f9cec9b3b9c9fbbb93e9b046d
                                            • Instruction ID: 84133b2d2f81a885ff98e46ed22a8c0740ef85e32ad420e8fde034ecc074791b
                                            • Opcode Fuzzy Hash: cc795c06aee6b687c30220c1268515723e3d365f9cec9b3b9c9fbbb93e9b046d
                                            • Instruction Fuzzy Hash: 7C01D471390210BBFB106B699CCAF993F59DB4EB12F104016F318AE0D1C9E224459E6E
                                            Function 00471803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00471449,?,?,00000000), ref: 0047180C
                                            • HeapAlloc.KERNEL32(00000000,?,00471449,?,?,00000000), ref: 00471813
                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00471449,?,?,00000000), ref: 00471828
                                            • GetCurrentProcess.KERNEL32(?,00000000,?,00471449,?,?,00000000), ref: 00471830
                                            • DuplicateHandle.KERNEL32(00000000,?,00471449,?,?,00000000), ref: 00471833
                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00471449,?,?,00000000), ref: 00471843
                                            • GetCurrentProcess.KERNEL32(00471449,00000000,?,00471449,?,?,00000000), ref: 0047184B
                                            • DuplicateHandle.KERNEL32(00000000,?,00471449,?,?,00000000), ref: 0047184E
                                            • CreateThread.KERNEL32(00000000,00000000,00471874,00000000,00000000,00000000), ref: 00471868
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                            • String ID:
                                            • API String ID: 1957940570-0
                                            • Opcode ID: 99b6ec243ee29bfd6e9bdd53b6a3671cc3cdae3326ceb848c7fb3a9835a12599
                                            • Instruction ID: bfcffbb60fd692dca6b937531f55aaf4c7be63ec40b69a2cd0da393570e40acd
                                            • Opcode Fuzzy Hash: 99b6ec243ee29bfd6e9bdd53b6a3671cc3cdae3326ceb848c7fb3a9835a12599
                                            • Instruction Fuzzy Hash: 4101ACB5340304BFE650ABA5DC89F573BACEB8AB11F014421FA05DB1A1DA749C008F24
                                            Function 00443E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: __alldvrm$_strrchr
                                            • String ID: }}C$}}C$}}C
                                            • API String ID: 1036877536-3838356168
                                            • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                            • Instruction ID: 55d6bb21141281f8b76a98580d82eca2ee82b19744e9c2b012eb12fb0f4261ca
                                            • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                            • Instruction Fuzzy Hash: 98A14671E006869FFB25CE18C8817AABBE4EFA1354F14416FE5859B382C63C9946C758
                                            Function 0049A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0047D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0047D501
                                              • Part of subcall function 0047D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0047D50F
                                              • Part of subcall function 0047D4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 0047D5DC
                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0049A16D
                                            • GetLastError.KERNEL32 ref: 0049A180
                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0049A1B3
                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 0049A268
                                            • GetLastError.KERNEL32(00000000), ref: 0049A273
                                            • CloseHandle.KERNEL32(00000000), ref: 0049A2C4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                            • String ID: SeDebugPrivilege
                                            • API String ID: 1701285019-2896544425
                                            • Opcode ID: 562f8f691dd63b23c87d6ea90d1282525bd97f5838dee050914e66114e600629
                                            • Instruction ID: 36f2df698d255feddc6e8a26eca3dc0c4ee3e7c4f17fa9341202c8a72a231482
                                            • Opcode Fuzzy Hash: 562f8f691dd63b23c87d6ea90d1282525bd97f5838dee050914e66114e600629
                                            • Instruction Fuzzy Hash: B9616030204241AFDB10DF15C495F56BBE1AF44318F1484AEE46A4B7A3C77AED45CBDA
                                            Function 004A3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 004A3925
                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 004A393A
                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004A3954
                                            • _wcslen.LIBCMT ref: 004A3999
                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 004A39C6
                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 004A39F4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$Window_wcslen
                                            • String ID: SysListView32
                                            • API String ID: 2147712094-78025650
                                            • Opcode ID: e8de5c6cb76dbd63778f93a435e166ace9dae01d8fa2b12ffa6c3295429251fc
                                            • Instruction ID: ccd2430a9be2a533bf818e9775e89bebad9ccd98701324f406f60594f99308b5
                                            • Opcode Fuzzy Hash: e8de5c6cb76dbd63778f93a435e166ace9dae01d8fa2b12ffa6c3295429251fc
                                            • Instruction Fuzzy Hash: D941C571A00218ABEB21DF64CC45FEB7BA9EF19354F10012BF944E7291E7799D84CB98
                                            Function 0047BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0047BCFD
                                            • IsMenu.USER32(00000000), ref: 0047BD1D
                                            • CreatePopupMenu.USER32 ref: 0047BD53
                                            • GetMenuItemCount.USER32(00D755E0), ref: 0047BDA4
                                            • InsertMenuItemW.USER32(00D755E0,?,00000001,00000030), ref: 0047BDCC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                            • String ID: 0$2
                                            • API String ID: 93392585-3793063076
                                            • Opcode ID: 45650f18d7a7bbd6b64570c21c9fccb71755610dcfcb28475d05258f060b191a
                                            • Instruction ID: 06c1102c7ce32793cf09bb3edbd64f06b4a9908b57febe5af0d55aa46d925c25
                                            • Opcode Fuzzy Hash: 45650f18d7a7bbd6b64570c21c9fccb71755610dcfcb28475d05258f060b191a
                                            • Instruction Fuzzy Hash: 5A51AD70A00205AFDB21CFA9C8C4BEEBBF5EF45314F14C12AE45997390E7789945CB99
                                            Function 00432D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                            Download Yara Rule
                                            APIs
                                            • _ValidateLocalCookies.LIBCMT ref: 00432D4B
                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00432D53
                                            • _ValidateLocalCookies.LIBCMT ref: 00432DE1
                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00432E0C
                                            • _ValidateLocalCookies.LIBCMT ref: 00432E61
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                            • String ID: &HC$csm
                                            • API String ID: 1170836740-3574481041
                                            • Opcode ID: b052d583835687b0c5e66397fabd623dd367a59914160ab0b7e6a30e5a391072
                                            • Instruction ID: 61b2e7129eb97acbeca5891d267d3487f72a20dd187edbdd3b69602293c7d7d0
                                            • Opcode Fuzzy Hash: b052d583835687b0c5e66397fabd623dd367a59914160ab0b7e6a30e5a391072
                                            • Instruction Fuzzy Hash: 0741D834A00209EBCF10DF69C945A9FBBB5BF48329F14915BE8146B392D779DA01CBD4
                                            Function 0047C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadIconW.USER32(00000000,00007F03), ref: 0047C913
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: IconLoad
                                            • String ID: blank$info$question$stop$warning
                                            • API String ID: 2457776203-404129466
                                            • Opcode ID: da685e691a2a880c087cbae40ceeebdd519494af2af04ae57b12b6c89776ffce
                                            • Instruction ID: 21ff85fea1f5f2ea39103eacf143a7c1e73e2a95a43c3f2567d7c8d498d5142b
                                            • Opcode Fuzzy Hash: da685e691a2a880c087cbae40ceeebdd519494af2af04ae57b12b6c89776ffce
                                            • Instruction Fuzzy Hash: 12112BB178930ABAA7006B149CC2DEB679CDF15319B21402FF608A6382D76C6D0052AD
                                            Function 0047DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                            • String ID: 0.0.0.0
                                            • API String ID: 642191829-3771769585
                                            • Opcode ID: d122fac9fc834776c28bcfc8c312c2a673e806a43d62d973f577b9454777087e
                                            • Instruction ID: 0be74e1a5556144794af25f9413a68f80be1d4a0109a6e9c52a7da8c556888a8
                                            • Opcode Fuzzy Hash: d122fac9fc834776c28bcfc8c312c2a673e806a43d62d973f577b9454777087e
                                            • Instruction Fuzzy Hash: B0113671900115ABDB25BB319C4AEEF7BBCDF55325F00417FF0099A191EF789A818A58
                                            Function 0047ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$LocalTime
                                            • String ID:
                                            • API String ID: 952045576-0
                                            • Opcode ID: f9c3f9204ef27489f36bcdff7212644f5214deb91c4c0603e7f10be9e5b25576
                                            • Instruction ID: 1734efafe1a5bf421d02fbefdca4c9ddb8c3307d0966683f1d77b2dafadc82fe
                                            • Opcode Fuzzy Hash: f9c3f9204ef27489f36bcdff7212644f5214deb91c4c0603e7f10be9e5b25576
                                            • Instruction Fuzzy Hash: 9241B465C1011875DB11EBB6888AACF77A8AF4D310F0095A7F518E3161FB3CE255C3AE
                                            Function 0042F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                            Download Yara Rule
                                            APIs
                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0046682C,00000004,00000000,00000000), ref: 0042F953
                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0046682C,00000004,00000000,00000000), ref: 0046F3D1
                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0046682C,00000004,00000000,00000000), ref: 0046F454
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ShowWindow
                                            • String ID:
                                            • API String ID: 1268545403-0
                                            • Opcode ID: 2aa2447e6f49d28833af13ef0f09c1b97ba9820ccf9211e2db444395c33b0ed6
                                            • Instruction ID: f4f2621174da2dbcae1f2d9782b7a0e71618c96fab850a6fc96cd5e006374c0e
                                            • Opcode Fuzzy Hash: 2aa2447e6f49d28833af13ef0f09c1b97ba9820ccf9211e2db444395c33b0ed6
                                            • Instruction Fuzzy Hash: 97411BB1708690BAC7348B29B8C872B7BB1AB56314FD4403FE08756761D63D98C9CB1E
                                            Function 004A2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • DeleteObject.GDI32(00000000), ref: 004A2D1B
                                            • GetDC.USER32(00000000), ref: 004A2D23
                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004A2D2E
                                            • ReleaseDC.USER32(00000000,00000000), ref: 004A2D3A
                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 004A2D76
                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 004A2D87
                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,004A5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 004A2DC2
                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 004A2DE1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                            • String ID:
                                            • API String ID: 3864802216-0
                                            • Opcode ID: 7316aca04863058deed6b42e3504aef6f9b511fd35c6fe0b7ad1bdef8ef33d5e
                                            • Instruction ID: d856e670a8b8925bfa9cab915092b040a5f56776acca71eca82ad4298affb0a6
                                            • Opcode Fuzzy Hash: 7316aca04863058deed6b42e3504aef6f9b511fd35c6fe0b7ad1bdef8ef33d5e
                                            • Instruction Fuzzy Hash: 51318072201214BFEB518F54CC89FEB3FADEF1A755F044065FE089A291C6B59C51CBA8
                                            Function 00475622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _memcmp
                                            • String ID:
                                            • API String ID: 2931989736-0
                                            • Opcode ID: f09c90ec28bd79cc54175b72e46c1bc452d5c0fa430c68cb4f18d814f5f72214
                                            • Instruction ID: 6aaefbd7a7b5e915b4a7130ec7be96634651264fc8830a9f4e49c14756843ba7
                                            • Opcode Fuzzy Hash: f09c90ec28bd79cc54175b72e46c1bc452d5c0fa430c68cb4f18d814f5f72214
                                            • Instruction Fuzzy Hash: 5921FC61640A0977E21855128D82FFB335CAF35398F548027FD0C9EA41F7ADEE1581ED
                                            Function 00494FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: NULL Pointer assignment$Not an Object type
                                            • API String ID: 0-572801152
                                            • Opcode ID: 625ecde469d0aebf31cc9cb21451ff91407ec1e729ce57fc0fd9aec9206bf729
                                            • Instruction ID: 8dec7c5331494979e5d36cd6c230bcdb9564d4360288d4de5feeed0ef83ed8b7
                                            • Opcode Fuzzy Hash: 625ecde469d0aebf31cc9cb21451ff91407ec1e729ce57fc0fd9aec9206bf729
                                            • Instruction Fuzzy Hash: 7CD1B171A0060A9FDF11CFA8C881BAEBBB5BF48344F24807AE915AB381E774DD45CB54
                                            Function 00451522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,004517FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 004515CE
                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,004517FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00451651
                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,004517FB,?,004517FB,00000000,00000000,?,00000000,?,?,?,?), ref: 004516E4
                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,004517FB,00000000,00000000,?,00000000,?,?,?,?), ref: 004516FB
                                              • Part of subcall function 00443820: RtlAllocateHeap.NTDLL(00000000,?,004E1444,?,0042FDF5,?,?,0041A976,00000010,004E1440,004113FC,?,004113C6,?,00411129), ref: 00443852
                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,004517FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00451777
                                            • __freea.LIBCMT ref: 004517A2
                                            • __freea.LIBCMT ref: 004517AE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                            • String ID:
                                            • API String ID: 2829977744-0
                                            • Opcode ID: eb0e1b495fce95ff45c970d785a36241d9353bc7e2e12e693997e5d6c088e61a
                                            • Instruction ID: 2d9fc0e671a93cb11dd0f2ad9e35df09db9d30e9d6593efe0ad0e6388275eadb
                                            • Opcode Fuzzy Hash: eb0e1b495fce95ff45c970d785a36241d9353bc7e2e12e693997e5d6c088e61a
                                            • Instruction Fuzzy Hash: 5D919571E00219ABDB208E74C881FEF7BA59F49715F14455BEC01E7262E739DC49CB68
                                            Function 00494523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Variant$ClearInit
                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                            • API String ID: 2610073882-625585964
                                            • Opcode ID: 56d3e5f95c16846a92484d67ef824518773906798059239f05d7ad4505b67ce4
                                            • Instruction ID: 49d1327ca34a333b24b80c15ad50ea4de85957ccdb0ea6a9acfa31d50e2c941a
                                            • Opcode Fuzzy Hash: 56d3e5f95c16846a92484d67ef824518773906798059239f05d7ad4505b67ce4
                                            • Instruction Fuzzy Hash: 23917671A00219ABDF24CF95C844FAF7BB8EF85714F10856AF505AB280D7789946CF64
                                            Function 00481187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                            Download Yara Rule
                                            APIs
                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0048125C
                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00481284
                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 004812A8
                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 004812D8
                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0048135F
                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 004813C4
                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00481430
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                            • String ID:
                                            • API String ID: 2550207440-0
                                            • Opcode ID: aa3eda03435ff02b68a6298a0d2d0bf7c0eab2391e4981e4a85742165c0bc13a
                                            • Instruction ID: 64fc30596eb504eb7ab17840d15f4c53607af06c0435327a91be93ebc5de8b8f
                                            • Opcode Fuzzy Hash: aa3eda03435ff02b68a6298a0d2d0bf7c0eab2391e4981e4a85742165c0bc13a
                                            • Instruction Fuzzy Hash: 29910371A002189FDB00EF95C884BBE77B9FF49715F10486BE901E72A1D77CA946CB98
                                            Function 0042948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ObjectSelect$BeginCreatePath
                                            • String ID:
                                            • API String ID: 3225163088-0
                                            • Opcode ID: 56b786534807ed635d9a112595599399987c437eff24ff106a30e51f28f5438f
                                            • Instruction ID: 05ca2aec769e6b47f8c426d4addd1e26013a7838f5e39a7bcea2991a43360470
                                            • Opcode Fuzzy Hash: 56b786534807ed635d9a112595599399987c437eff24ff106a30e51f28f5438f
                                            • Instruction Fuzzy Hash: A1913971A04219EFCB10CFA9D884AEEBBB8FF49324F54405AE515B7251D3789D82CB64
                                            Function 00493947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                            Download Yara Rule
                                            APIs
                                            • VariantInit.OLEAUT32(?), ref: 0049396B
                                            • CharUpperBuffW.USER32(?,?), ref: 00493A7A
                                            • _wcslen.LIBCMT ref: 00493A8A
                                            • VariantClear.OLEAUT32(?), ref: 00493C1F
                                              • Part of subcall function 00480CDF: VariantInit.OLEAUT32(00000000), ref: 00480D1F
                                              • Part of subcall function 00480CDF: VariantCopy.OLEAUT32(?,?), ref: 00480D28
                                              • Part of subcall function 00480CDF: VariantClear.OLEAUT32(?), ref: 00480D34
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                            • API String ID: 4137639002-1221869570
                                            • Opcode ID: 18a323709df1a08a91d14f6770db883bf4267b3a705f769677533a0f88554c87
                                            • Instruction ID: 7abff49528f9ca478c0ed716ea95a9677b8116d4d684bb9f2884dc78bc125727
                                            • Opcode Fuzzy Hash: 18a323709df1a08a91d14f6770db883bf4267b3a705f769677533a0f88554c87
                                            • Instruction Fuzzy Hash: C6918F756083019FCB00DF25C49096ABBE5FF89319F14886EF88997351DB38EE45CB9A
                                            Function 00494BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0047000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0046FF41,80070057,?,?,?,0047035E), ref: 0047002B
                                              • Part of subcall function 0047000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0046FF41,80070057,?,?), ref: 00470046
                                              • Part of subcall function 0047000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0046FF41,80070057,?,?), ref: 00470054
                                              • Part of subcall function 0047000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0046FF41,80070057,?), ref: 00470064
                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00494C51
                                            • _wcslen.LIBCMT ref: 00494D59
                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00494DCF
                                            • CoTaskMemFree.OLE32(?), ref: 00494DDA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                            • String ID: NULL Pointer assignment
                                            • API String ID: 614568839-2785691316
                                            • Opcode ID: 034c0e50423b88157db3d55f6448d277a0f12507a72737709af303e6f75eee3d
                                            • Instruction ID: fb1e49d811127fe42ed8b59ade19fa264a589f5667d7a5bcdfb86709c6736fd3
                                            • Opcode Fuzzy Hash: 034c0e50423b88157db3d55f6448d277a0f12507a72737709af303e6f75eee3d
                                            • Instruction Fuzzy Hash: F6912871D0021DAFDF14DFA5C890EEEBBB8BF48314F10856AE919A7241DB389A45CF64
                                            Function 004A20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetMenu.USER32(?), ref: 004A2183
                                            • GetMenuItemCount.USER32(00000000), ref: 004A21B5
                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 004A21DD
                                            • _wcslen.LIBCMT ref: 004A2213
                                            • GetMenuItemID.USER32(?,?), ref: 004A224D
                                            • GetSubMenu.USER32(?,?), ref: 004A225B
                                              • Part of subcall function 00473A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00473A57
                                              • Part of subcall function 00473A3D: GetCurrentThreadId.KERNEL32 ref: 00473A5E
                                              • Part of subcall function 00473A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,004725B3), ref: 00473A65
                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 004A22E3
                                              • Part of subcall function 0047E97B: Sleep.KERNEL32 ref: 0047E9F3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                            • String ID:
                                            • API String ID: 4196846111-0
                                            • Opcode ID: 08d6742e072839b6fc84c95c6f1785cd9a9d46a944a009cad71f84b2a1ab5ee9
                                            • Instruction ID: 3ef26ecbc2bf3be259ad124bdf7b76e12a09e14050462215450b4c8d5e6bd8a2
                                            • Opcode Fuzzy Hash: 08d6742e072839b6fc84c95c6f1785cd9a9d46a944a009cad71f84b2a1ab5ee9
                                            • Instruction Fuzzy Hash: A271E476E00205AFCB00DF69C981AAEB7F1EF59314F1084AAE816EB341D778ED419B94
                                            Function 004A7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • IsWindow.USER32(00D757C0), ref: 004A7F37
                                            • IsWindowEnabled.USER32(00D757C0), ref: 004A7F43
                                            • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 004A801E
                                            • SendMessageW.USER32(00D757C0,000000B0,?,?), ref: 004A8051
                                            • IsDlgButtonChecked.USER32(?,?), ref: 004A8089
                                            • GetWindowLongW.USER32(00D757C0,000000EC), ref: 004A80AB
                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 004A80C3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                            • String ID:
                                            • API String ID: 4072528602-0
                                            • Opcode ID: ac810aa56579d711bffd5727c59aecd5d78ea40529efed37e7bb4a2455f98a37
                                            • Instruction ID: 9be6b24c02e54c8a316599344a4f6b112b7ea9401317f06a464e82e076ad4b32
                                            • Opcode Fuzzy Hash: ac810aa56579d711bffd5727c59aecd5d78ea40529efed37e7bb4a2455f98a37
                                            • Instruction Fuzzy Hash: 3A718C74608204AFEB319F54CC94FAB7BB5EF2B300F14405AF945973A1CB39A955DB18
                                            Function 0047AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetParent.USER32(?), ref: 0047AEF9
                                            • GetKeyboardState.USER32(?), ref: 0047AF0E
                                            • SetKeyboardState.USER32(?), ref: 0047AF6F
                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 0047AF9D
                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 0047AFBC
                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 0047AFFD
                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0047B020
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessagePost$KeyboardState$Parent
                                            • String ID:
                                            • API String ID: 87235514-0
                                            • Opcode ID: 40ee27a15ad657b69e9c20263c7dba566f63bcabc90887c08775352c3cadb2c5
                                            • Instruction ID: d7e5f11b83c820724254a0923878970e609ff0f53a82abb492559a88144b401a
                                            • Opcode Fuzzy Hash: 40ee27a15ad657b69e9c20263c7dba566f63bcabc90887c08775352c3cadb2c5
                                            • Instruction Fuzzy Hash: A251C1A06087D53DFB3682348849BFB7EA99B46304F08C58AE1DD955C2C39CA894D79A
                                            Function 0047ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetParent.USER32(00000000), ref: 0047AD19
                                            • GetKeyboardState.USER32(?), ref: 0047AD2E
                                            • SetKeyboardState.USER32(?), ref: 0047AD8F
                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0047ADBB
                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0047ADD8
                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0047AE17
                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0047AE38
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessagePost$KeyboardState$Parent
                                            • String ID:
                                            • API String ID: 87235514-0
                                            • Opcode ID: 6c3b504252f4563d54bb1c869af65293ee7305c5de8bb617e74c4d8021c1d268
                                            • Instruction ID: 0bbb919b1a8013fc562e5559fa36ea9a63a4bb6e9823816ce019a46bd98018ea
                                            • Opcode Fuzzy Hash: 6c3b504252f4563d54bb1c869af65293ee7305c5de8bb617e74c4d8021c1d268
                                            • Instruction Fuzzy Hash: A951E6A15447D13DFB3283248C45BFF7E995B86300F08C88AE0DD469C2C298ECA8D75A
                                            Function 0044542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetConsoleCP.KERNEL32(00453CD6,?,?,?,?,?,?,?,?,00445BA3,?,?,00453CD6,?,?), ref: 00445470
                                            • __fassign.LIBCMT ref: 004454EB
                                            • __fassign.LIBCMT ref: 00445506
                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00453CD6,00000005,00000000,00000000), ref: 0044552C
                                            • WriteFile.KERNEL32(?,00453CD6,00000000,00445BA3,00000000,?,?,?,?,?,?,?,?,?,00445BA3,?), ref: 0044554B
                                            • WriteFile.KERNEL32(?,?,00000001,00445BA3,00000000,?,?,?,?,?,?,?,?,?,00445BA3,?), ref: 00445584
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                            • String ID:
                                            • API String ID: 1324828854-0
                                            • Opcode ID: 7be974b27e3db8dce4288a28fe535950d8195cfebf89370f4fd5ac15572036ee
                                            • Instruction ID: 3a8be8e9041603259f37193ebde6c42580a139486c5335926ac659f1848a661e
                                            • Opcode Fuzzy Hash: 7be974b27e3db8dce4288a28fe535950d8195cfebf89370f4fd5ac15572036ee
                                            • Instruction Fuzzy Hash: 3751E770A00649AFEF11CFA8D885AEEBBF5EF09300F14412BF555E7292D7749A41CB68
                                            Function 004910B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0049304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0049307A
                                              • Part of subcall function 0049304E: _wcslen.LIBCMT ref: 0049309B
                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00491112
                                            • WSAGetLastError.WSOCK32 ref: 00491121
                                            • WSAGetLastError.WSOCK32 ref: 004911C9
                                            • closesocket.WSOCK32(00000000), ref: 004911F9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                            • String ID:
                                            • API String ID: 2675159561-0
                                            • Opcode ID: b7f5be6981453c93e9ec974bea7938a17b159b6a8a173b8e965b638d6c3ddd39
                                            • Instruction ID: 9765d20cc8d782846dd36171b63127cfe19ab6084df616b64c42d05d81aaa42c
                                            • Opcode Fuzzy Hash: b7f5be6981453c93e9ec974bea7938a17b159b6a8a173b8e965b638d6c3ddd39
                                            • Instruction Fuzzy Hash: 2341F731600105AFDB109F14C885BAABFE9FF45358F14806AF9159B3A1C778ED81CBE9
                                            Function 0047CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0047DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0047CF22,?), ref: 0047DDFD
                                              • Part of subcall function 0047DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0047CF22,?), ref: 0047DE16
                                            • lstrcmpiW.KERNEL32(?,?), ref: 0047CF45
                                            • MoveFileW.KERNEL32(?,?), ref: 0047CF7F
                                            • _wcslen.LIBCMT ref: 0047D005
                                            • _wcslen.LIBCMT ref: 0047D01B
                                            • SHFileOperationW.SHELL32(?), ref: 0047D061
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                            • String ID: \*.*
                                            • API String ID: 3164238972-1173974218
                                            • Opcode ID: 62f6b3a1e6a5787324d0ee43f90a1785a2ab35238f2a3adaca4e7c80b1e0c04d
                                            • Instruction ID: 0a0c3ffc89610867f98d1ace412faacb9624685888a867e35375af47558ba2bc
                                            • Opcode Fuzzy Hash: 62f6b3a1e6a5787324d0ee43f90a1785a2ab35238f2a3adaca4e7c80b1e0c04d
                                            • Instruction Fuzzy Hash: 8F415771D451185EDF12EFA5C9C1BDE77B8AF09384F1040EBE509EB141EA38A644CB58
                                            Function 004A2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 004A2E1C
                                            • GetWindowLongW.USER32(?,000000F0), ref: 004A2E4F
                                            • GetWindowLongW.USER32(?,000000F0), ref: 004A2E84
                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 004A2EB6
                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 004A2EE0
                                            • GetWindowLongW.USER32(?,000000F0), ref: 004A2EF1
                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004A2F0B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: LongWindow$MessageSend
                                            • String ID:
                                            • API String ID: 2178440468-0
                                            • Opcode ID: afcbe08b7f12ab77c33aea948100070413457703b78f4eda8510633d1e4fc66f
                                            • Instruction ID: 09217e66e949798d80aafdba6fd8cf359fa017d9f37003bb1065f243eb873d51
                                            • Opcode Fuzzy Hash: afcbe08b7f12ab77c33aea948100070413457703b78f4eda8510633d1e4fc66f
                                            • Instruction Fuzzy Hash: 9131F430645150AFDB21CF5CDDC4F6637E1EB6A710F150166F9048F2B2CBB5A880EB49
                                            Function 00477726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00477769
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0047778F
                                            • SysAllocString.OLEAUT32(00000000), ref: 00477792
                                            • SysAllocString.OLEAUT32(?), ref: 004777B0
                                            • SysFreeString.OLEAUT32(?), ref: 004777B9
                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 004777DE
                                            • SysAllocString.OLEAUT32(?), ref: 004777EC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                            • String ID:
                                            • API String ID: 3761583154-0
                                            • Opcode ID: 83240a98b3e69b1526b6bd042d9c5da8ac0e3d95892b04ca316aa8bbbe3bd8d8
                                            • Instruction ID: 1907a6c854d28df787dbcbc206c865ff6f7debe4ef7c476506690dd4b1d39068
                                            • Opcode Fuzzy Hash: 83240a98b3e69b1526b6bd042d9c5da8ac0e3d95892b04ca316aa8bbbe3bd8d8
                                            • Instruction Fuzzy Hash: 6221B276604219AFDB14DFA8DC88CFB77ECEB093647408436F908DB250D674EC468B68
                                            Function 004777FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00477842
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00477868
                                            • SysAllocString.OLEAUT32(00000000), ref: 0047786B
                                            • SysAllocString.OLEAUT32 ref: 0047788C
                                            • SysFreeString.OLEAUT32 ref: 00477895
                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 004778AF
                                            • SysAllocString.OLEAUT32(?), ref: 004778BD
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                            • String ID:
                                            • API String ID: 3761583154-0
                                            • Opcode ID: 7bcf964172853c5a5a62533e6e3a5df28a26defec9e6eeebeea7b0747338653b
                                            • Instruction ID: 7b05e49c742221ac8033265a869f9c6274cf91dd368ec5728a39e532596ed145
                                            • Opcode Fuzzy Hash: 7bcf964172853c5a5a62533e6e3a5df28a26defec9e6eeebeea7b0747338653b
                                            • Instruction Fuzzy Hash: 6D216231604114AFDB10AFA8DC88DBB7BECEB097607518126F919CB2A1D678DC45CB6D
                                            Function 004804D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetStdHandle.KERNEL32(0000000C), ref: 004804F2
                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0048052E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CreateHandlePipe
                                            • String ID: nul
                                            • API String ID: 1424370930-2873401336
                                            • Opcode ID: 75f099e1712beaf22993d6797736cfda6e356f7bed940b78d76a406d5909e4f5
                                            • Instruction ID: 9a48228d481c7bd7bb189645c54176b79ad7b283bab6f5613cb5bd11d2649014
                                            • Opcode Fuzzy Hash: 75f099e1712beaf22993d6797736cfda6e356f7bed940b78d76a406d5909e4f5
                                            • Instruction Fuzzy Hash: 95216D75610305AFDB60EF29DC44A9E7BE4AF45724F204E2AF8A1D62E0D7749948CF38
                                            Function 004805A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetStdHandle.KERNEL32(000000F6), ref: 004805C6
                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00480601
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CreateHandlePipe
                                            • String ID: nul
                                            • API String ID: 1424370930-2873401336
                                            • Opcode ID: b2f9696a9f57c13ff0eea99611995276ab9cdec46da63bd1386f26d5c8e4c062
                                            • Instruction ID: d726e9dae3363738ef992d0155cfbe510bd649dfe070012dba31d1431b556c8d
                                            • Opcode Fuzzy Hash: b2f9696a9f57c13ff0eea99611995276ab9cdec46da63bd1386f26d5c8e4c062
                                            • Instruction Fuzzy Hash: 39219135510305AFDB60AF698C44A5F77E4AF85720F200F2AE8A1E33E0E7749864CB28
                                            Function 004A40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0041600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0041604C
                                              • Part of subcall function 0041600E: GetStockObject.GDI32(00000011), ref: 00416060
                                              • Part of subcall function 0041600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0041606A
                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 004A4112
                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 004A411F
                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 004A412A
                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 004A4139
                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 004A4145
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$CreateObjectStockWindow
                                            • String ID: Msctls_Progress32
                                            • API String ID: 1025951953-3636473452
                                            • Opcode ID: eb2e48e241f30cabd6ad8765c96a960efee5f0007c069f28fc0c94112b3dec4a
                                            • Instruction ID: c9d7ba6ed7162725d3ced616448d1b5bbf84ed62faece9bae52646308c077414
                                            • Opcode Fuzzy Hash: eb2e48e241f30cabd6ad8765c96a960efee5f0007c069f28fc0c94112b3dec4a
                                            • Instruction Fuzzy Hash: 3311E6B11401197EEF108F64CC85EEB7F5DEF59398F004111B618A6150C776DC61DBA8
                                            Function 0044D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0044D7A3: _free.LIBCMT ref: 0044D7CC
                                            • _free.LIBCMT ref: 0044D82D
                                              • Part of subcall function 004429C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0044D7D1,00000000,00000000,00000000,00000000,?,0044D7F8,00000000,00000007,00000000,?,0044DBF5,00000000), ref: 004429DE
                                              • Part of subcall function 004429C8: GetLastError.KERNEL32(00000000,?,0044D7D1,00000000,00000000,00000000,00000000,?,0044D7F8,00000000,00000007,00000000,?,0044DBF5,00000000,00000000), ref: 004429F0
                                            • _free.LIBCMT ref: 0044D838
                                            • _free.LIBCMT ref: 0044D843
                                            • _free.LIBCMT ref: 0044D897
                                            • _free.LIBCMT ref: 0044D8A2
                                            • _free.LIBCMT ref: 0044D8AD
                                            • _free.LIBCMT ref: 0044D8B8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                            • Instruction ID: c377767b27301cc4aad4fa5b422dd55e7ddbb0a192f5bf0fcbcedc779b9b7479
                                            • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                            • Instruction Fuzzy Hash: 671121B1A40B04ABF921BFB2CC47FCB7BDC6F04704F80482EB299A6692DA7DB5054654
                                            Function 0047DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0047DA74
                                            • LoadStringW.USER32(00000000), ref: 0047DA7B
                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0047DA91
                                            • LoadStringW.USER32(00000000), ref: 0047DA98
                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0047DADC
                                            Strings
                                            • %s (%d) : ==> %s: %s %s, xrefs: 0047DAB9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: HandleLoadModuleString$Message
                                            • String ID: %s (%d) : ==> %s: %s %s
                                            • API String ID: 4072794657-3128320259
                                            • Opcode ID: 9ae9e66c017f939920714558eb0fecf04ebc3d6516ba418c19b3f3a1a321dd28
                                            • Instruction ID: a1da462aa9e4c506d35bab5c7eaf66fe5d3b49265c8d1cd150d4c48e4bf2559b
                                            • Opcode Fuzzy Hash: 9ae9e66c017f939920714558eb0fecf04ebc3d6516ba418c19b3f3a1a321dd28
                                            • Instruction Fuzzy Hash: 1B0186F69002087FE750DBA09DC9EE7376CEB09301F4044A6F70AE2041EA749E844F78
                                            Function 0048096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InterlockedExchange.KERNEL32(00D6E010,00D6E010), ref: 0048097B
                                            • EnterCriticalSection.KERNEL32(00D6DFF0,00000000), ref: 0048098D
                                            • TerminateThread.KERNEL32(?,000001F6), ref: 0048099B
                                            • WaitForSingleObject.KERNEL32(?,000003E8), ref: 004809A9
                                            • CloseHandle.KERNEL32(?), ref: 004809B8
                                            • InterlockedExchange.KERNEL32(00D6E010,000001F6), ref: 004809C8
                                            • LeaveCriticalSection.KERNEL32(00D6DFF0), ref: 004809CF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                            • String ID:
                                            • API String ID: 3495660284-0
                                            • Opcode ID: 90215555e3ef42918418173c8ab6f3141c7f7e97d37f10a1312a54bc034fafd1
                                            • Instruction ID: 79c4584fa51b4a0e3771378881f3d9c5bd24afcb0b8ee26a218ab75ad849665e
                                            • Opcode Fuzzy Hash: 90215555e3ef42918418173c8ab6f3141c7f7e97d37f10a1312a54bc034fafd1
                                            • Instruction Fuzzy Hash: EEF03172542502BBD7815F94EECCBDA7F35FF02702F401026F101508A0CB749465CF98
                                            Function 00491C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00491DC0
                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00491DE1
                                            • WSAGetLastError.WSOCK32 ref: 00491DF2
                                            • htons.WSOCK32(?,?,?,?,?), ref: 00491EDB
                                            • inet_ntoa.WSOCK32(?), ref: 00491E8C
                                              • Part of subcall function 004739E8: _strlen.LIBCMT ref: 004739F2
                                              • Part of subcall function 00493224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0048EC0C), ref: 00493240
                                            • _strlen.LIBCMT ref: 00491F35
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                            • String ID:
                                            • API String ID: 3203458085-0
                                            • Opcode ID: 9af0ef669895fa5c6d5b9485c930c7671cca548b8c536cb4bf39df729dcfcfdb
                                            • Instruction ID: 3f16cbace0477e478eccabfe3b91f0a5ccb8d7982bd02e61bfee587c1a98ea02
                                            • Opcode Fuzzy Hash: 9af0ef669895fa5c6d5b9485c930c7671cca548b8c536cb4bf39df729dcfcfdb
                                            • Instruction Fuzzy Hash: 14B1F231204301AFC724EF25C885E6A7BE5AF84318F54856EF4564B3E2DB39ED42CB95
                                            Function 00415D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetClientRect.USER32(?,?), ref: 00415D30
                                            • GetWindowRect.USER32(?,?), ref: 00415D71
                                            • ScreenToClient.USER32(?,?), ref: 00415D99
                                            • GetClientRect.USER32(?,?), ref: 00415ED7
                                            • GetWindowRect.USER32(?,?), ref: 00415EF8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Rect$Client$Window$Screen
                                            • String ID:
                                            • API String ID: 1296646539-0
                                            • Opcode ID: 9a7bbd2ee61cc26cc93447fe43f975dc4a29f2f7d440b0fa1e3f85092c77c0b6
                                            • Instruction ID: 58ba3854c76b15d91ee6a1e7bd697758bdfb85b9c9fc66b20e6df40114c91a6d
                                            • Opcode Fuzzy Hash: 9a7bbd2ee61cc26cc93447fe43f975dc4a29f2f7d440b0fa1e3f85092c77c0b6
                                            • Instruction Fuzzy Hash: B7B17B78A0074ADBDB10DFA9C4807EEB7F1FF94310F14841AE8A9D7250D738AA91DB59
                                            Function 004401B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                            Download Yara Rule
                                            APIs
                                            • __allrem.LIBCMT ref: 004400BA
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004400D6
                                            • __allrem.LIBCMT ref: 004400ED
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0044010B
                                            • __allrem.LIBCMT ref: 00440122
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00440140
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                            • String ID:
                                            • API String ID: 1992179935-0
                                            • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                            • Instruction ID: a7bc3b624c1f6bf048d3cb5a78ab0417a2618118eb77044d913ecf2298be7943
                                            • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                            • Instruction Fuzzy Hash: 3681F572A007069BF720AE2ACC41B6B73E8AF55328F24453FF951D7781E779D9048B98
                                            Function 004461FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,004382D9,004382D9,?,?,?,0044644F,00000001,00000001,8BE85006), ref: 00446258
                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0044644F,00000001,00000001,8BE85006,?,?,?), ref: 004462DE
                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 004463D8
                                            • __freea.LIBCMT ref: 004463E5
                                              • Part of subcall function 00443820: RtlAllocateHeap.NTDLL(00000000,?,004E1444,?,0042FDF5,?,?,0041A976,00000010,004E1440,004113FC,?,004113C6,?,00411129), ref: 00443852
                                            • __freea.LIBCMT ref: 004463EE
                                            • __freea.LIBCMT ref: 00446413
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                            • String ID:
                                            • API String ID: 1414292761-0
                                            • Opcode ID: 32a539a2e8659de3411d454d0271453b1558fa1f381ee0f743e755c2849ab4b9
                                            • Instruction ID: 08792b7ba3183a3762053034266875ea390e27941e422d4b1903377c80dd72d7
                                            • Opcode Fuzzy Hash: 32a539a2e8659de3411d454d0271453b1558fa1f381ee0f743e755c2849ab4b9
                                            • Instruction Fuzzy Hash: 48512472600256ABFB259F64CC81EAF7BA9EF46710F16426BFC05D6240DB3CDC40C66A
                                            Function 0049BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                              • Part of subcall function 0049C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0049B6AE,?,?), ref: 0049C9B5
                                              • Part of subcall function 0049C998: _wcslen.LIBCMT ref: 0049C9F1
                                              • Part of subcall function 0049C998: _wcslen.LIBCMT ref: 0049CA68
                                              • Part of subcall function 0049C998: _wcslen.LIBCMT ref: 0049CA9E
                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0049BCCA
                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0049BD25
                                            • RegCloseKey.ADVAPI32(00000000), ref: 0049BD6A
                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0049BD99
                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0049BDF3
                                            • RegCloseKey.ADVAPI32(?), ref: 0049BDFF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                            • String ID:
                                            • API String ID: 1120388591-0
                                            • Opcode ID: 8be1182b7bbd8fc0105bfc20d218b5b4ee507f2cf9ed675315232a7a0c470f57
                                            • Instruction ID: be57c2d582a13b8435e86927679a46912f523a4374cf047bf12102d224957fb4
                                            • Opcode Fuzzy Hash: 8be1182b7bbd8fc0105bfc20d218b5b4ee507f2cf9ed675315232a7a0c470f57
                                            • Instruction Fuzzy Hash: 8381DD30208200AFCB14DF20D884E6ABBE5FF84308F14896EF4594B2A2DB35ED45CB96
                                            Function 0046F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VariantInit.OLEAUT32(00000035), ref: 0046F7B9
                                            • SysAllocString.OLEAUT32(00000001), ref: 0046F860
                                            • VariantCopy.OLEAUT32(0046FA64,00000000), ref: 0046F889
                                            • VariantClear.OLEAUT32(0046FA64), ref: 0046F8AD
                                            • VariantCopy.OLEAUT32(0046FA64,00000000), ref: 0046F8B1
                                            • VariantClear.OLEAUT32(?), ref: 0046F8BB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Variant$ClearCopy$AllocInitString
                                            • String ID:
                                            • API String ID: 3859894641-0
                                            • Opcode ID: 4808cb304ed7bdbbece158bd611d0ed39eeae6a7c303c3986544d899015ef101
                                            • Instruction ID: 39739ae8b2f115f53030ea3b63a812cd6793bdd48726e099c0b1ea6ef1983e18
                                            • Opcode Fuzzy Hash: 4808cb304ed7bdbbece158bd611d0ed39eeae6a7c303c3986544d899015ef101
                                            • Instruction Fuzzy Hash: EC51E971610310BACF10AB66E895B29B3A4EF45314F20447BE946DF291FB789C49C79F
                                            Function 0048910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00417620: _wcslen.LIBCMT ref: 00417625
                                              • Part of subcall function 00416B57: _wcslen.LIBCMT ref: 00416B6A
                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 004894E5
                                            • _wcslen.LIBCMT ref: 00489506
                                            • _wcslen.LIBCMT ref: 0048952D
                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 00489585
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$FileName$OpenSave
                                            • String ID: X
                                            • API String ID: 83654149-3081909835
                                            • Opcode ID: 8e6ea14b1a1260e5c8ed106d069bf79ed2359283ebd8409566e394ab0065df29
                                            • Instruction ID: f7a77bbc4ea995dcc8ce3c6660a8f1fb99c9f336fc6429c5337dcca31ac4c31c
                                            • Opcode Fuzzy Hash: 8e6ea14b1a1260e5c8ed106d069bf79ed2359283ebd8409566e394ab0065df29
                                            • Instruction Fuzzy Hash: 29E1B6315047009FD714EF25C881AAEB7E1BF85318F08896EF8999B391DB34DD45CB99
                                            Function 0042920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00429BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00429BB2
                                            • BeginPaint.USER32(?,?,?), ref: 00429241
                                            • GetWindowRect.USER32(?,?), ref: 004292A5
                                            • ScreenToClient.USER32(?,?), ref: 004292C2
                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 004292D3
                                            • EndPaint.USER32(?,?,?,?,?), ref: 00429321
                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 004671EA
                                              • Part of subcall function 00429339: BeginPath.GDI32(00000000), ref: 00429357
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                            • String ID:
                                            • API String ID: 3050599898-0
                                            • Opcode ID: 72cad3d36e04ed09d64d74d7880cf55430a2b78e874b7f329a77fe2d10a71600
                                            • Instruction ID: 6034aaa4e55575bdf0aa3a0fa7d2e1413272dd3e658d1a97844b9e5c3fc0697a
                                            • Opcode Fuzzy Hash: 72cad3d36e04ed09d64d74d7880cf55430a2b78e874b7f329a77fe2d10a71600
                                            • Instruction Fuzzy Hash: 8141A170204210AFD710DF25DCC4FBA7BA8EF4A724F04066AF9548B2B2D7389C45DB6A
                                            Function 004807EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 0048080C
                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00480847
                                            • EnterCriticalSection.KERNEL32(?), ref: 00480863
                                            • LeaveCriticalSection.KERNEL32(?), ref: 004808DC
                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 004808F3
                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00480921
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                            • String ID:
                                            • API String ID: 3368777196-0
                                            • Opcode ID: 12b07155a323574a1548aef652b72a14250e1c47949668c78dbac90bce5a79a6
                                            • Instruction ID: 23546aaab79aade105d2a92eb994ff35ddc13e6bf4c3c2ecd305efc941eeff80
                                            • Opcode Fuzzy Hash: 12b07155a323574a1548aef652b72a14250e1c47949668c78dbac90bce5a79a6
                                            • Instruction Fuzzy Hash: A0418B71A00205EBDF15AF54DC85AAA7778FF04304F5044BAED00AA297DB34DE68DBA8
                                            Function 004A81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0046F3AB,00000000,?,?,00000000,?,0046682C,00000004,00000000,00000000), ref: 004A824C
                                            • EnableWindow.USER32(?,00000000), ref: 004A8272
                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 004A82D1
                                            • ShowWindow.USER32(?,00000004), ref: 004A82E5
                                            • EnableWindow.USER32(?,00000001), ref: 004A830B
                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 004A832F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$Show$Enable$MessageSend
                                            • String ID:
                                            • API String ID: 642888154-0
                                            • Opcode ID: b5dc2a36551623c901a162104724f3f712abc3599ad27a2d8ce1f4f42292cd60
                                            • Instruction ID: 4885e7855455d33656b92683b48d2dc7f613daad38af60fa9af44eff188f5a09
                                            • Opcode Fuzzy Hash: b5dc2a36551623c901a162104724f3f712abc3599ad27a2d8ce1f4f42292cd60
                                            • Instruction Fuzzy Hash: 5D418C75601644AFDF21CF15D8D9BA57BE0FB1B714F1801AAEA484F2B3CB36A841CB48
                                            Function 00474C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • IsWindowVisible.USER32(?), ref: 00474C95
                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00474CB2
                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00474CEA
                                            • _wcslen.LIBCMT ref: 00474D08
                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00474D10
                                            • _wcsstr.LIBVCRUNTIME ref: 00474D1A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                            • String ID:
                                            • API String ID: 72514467-0
                                            • Opcode ID: 34f3ae10632cf3f90c47e9250b7337e2b53d38de7289203f19255bdaabbeb96d
                                            • Instruction ID: 41177ba51f8c10e7beae0a095ce292d86f1b12f90b2af649872799cd8941021b
                                            • Opcode Fuzzy Hash: 34f3ae10632cf3f90c47e9250b7337e2b53d38de7289203f19255bdaabbeb96d
                                            • Instruction Fuzzy Hash: CC21FF712041107BE7259B35AD45EBB7F9CDF85750F11807FF809CA151DF69DC0196A4
                                            Function 0048581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00413AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00413A97,?,?,00412E7F,?,?,?,00000000), ref: 00413AC2
                                            • _wcslen.LIBCMT ref: 0048587B
                                            • CoInitialize.OLE32(00000000), ref: 00485995
                                            • CoCreateInstance.OLE32(004AFCF8,00000000,00000001,004AFB68,?), ref: 004859AE
                                            • CoUninitialize.OLE32 ref: 004859CC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                            • String ID: .lnk
                                            • API String ID: 3172280962-24824748
                                            • Opcode ID: 02f5273dad3f3599585c3c68b88e11e0e4d097715929a94f3ea41ee0264f97f7
                                            • Instruction ID: 1f241cee7ad67021fafe78226c8e2e1a15611d7450086d2c0c520245b3ce15a1
                                            • Opcode Fuzzy Hash: 02f5273dad3f3599585c3c68b88e11e0e4d097715929a94f3ea41ee0264f97f7
                                            • Instruction Fuzzy Hash: CFD144716046019FC714EF25C480A6EBBE2FF89718F14885EF8899B361D739EC45CB9A
                                            Function 0047175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00470FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00470FCA
                                              • Part of subcall function 00470FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00470FD6
                                              • Part of subcall function 00470FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00470FE5
                                              • Part of subcall function 00470FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00470FEC
                                              • Part of subcall function 00470FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00471002
                                            • GetLengthSid.ADVAPI32(?,00000000,00471335), ref: 004717AE
                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 004717BA
                                            • HeapAlloc.KERNEL32(00000000), ref: 004717C1
                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 004717DA
                                            • GetProcessHeap.KERNEL32(00000000,00000000,00471335), ref: 004717EE
                                            • HeapFree.KERNEL32(00000000), ref: 004717F5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                            • String ID:
                                            • API String ID: 3008561057-0
                                            • Opcode ID: 713752c9510535fc862bbcb1e67439a462adb0fa9335662028b91e6e4304af82
                                            • Instruction ID: 39f37885331c193b6c0bd358c72011c24584806004971767b5060491a8fac03d
                                            • Opcode Fuzzy Hash: 713752c9510535fc862bbcb1e67439a462adb0fa9335662028b91e6e4304af82
                                            • Instruction Fuzzy Hash: 8D118E71601205FFDB189FA8CC89BEFBBA9EB46355F10802AF44597220D739A944CF68
                                            Function 004714CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 004714FF
                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00471506
                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00471515
                                            • CloseHandle.KERNEL32(00000004), ref: 00471520
                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0047154F
                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 00471563
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                            • String ID:
                                            • API String ID: 1413079979-0
                                            • Opcode ID: 0d09d6919cd0f005675ec209c84f50e23e76bc35b7ae51b336fd4fb1b33fd804
                                            • Instruction ID: 2f1594f55a7c8cb2294521a8c34156db9a8aa7a81e0dec2a4c56a20469988dd3
                                            • Opcode Fuzzy Hash: 0d09d6919cd0f005675ec209c84f50e23e76bc35b7ae51b336fd4fb1b33fd804
                                            • Instruction Fuzzy Hash: 9011267650020ABBDF118FA8DE89BDF7BA9EF49744F048025FA09A2160C3758E65DB64
                                            Function 00433382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,00433379,00432FE5), ref: 00433390
                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0043339E
                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 004333B7
                                            • SetLastError.KERNEL32(00000000,?,00433379,00432FE5), ref: 00433409
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLastValue___vcrt_
                                            • String ID:
                                            • API String ID: 3852720340-0
                                            • Opcode ID: 469ef4a56577646f07dc347ed40af544db939259e64b68e6f90b7660ca2eb47b
                                            • Instruction ID: ee87cfb10787d4b11fea635c66c6473afc9bf668c8963e6ba6ff383981fa8817
                                            • Opcode Fuzzy Hash: 469ef4a56577646f07dc347ed40af544db939259e64b68e6f90b7660ca2eb47b
                                            • Instruction Fuzzy Hash: 7A01F53220A312BEAA252FB66CC66576B54DB1D77BF20923FF810812F1EF194D01914C
                                            Function 00442D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,00445686,00453CD6,?,00000000,?,00445B6A,?,?,?,?,?,0043E6D1,?,004D8A48), ref: 00442D78
                                            • _free.LIBCMT ref: 00442DAB
                                            • _free.LIBCMT ref: 00442DD3
                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0043E6D1,?,004D8A48,00000010,00414F4A,?,?,00000000,00453CD6), ref: 00442DE0
                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0043E6D1,?,004D8A48,00000010,00414F4A,?,?,00000000,00453CD6), ref: 00442DEC
                                            • _abort.LIBCMT ref: 00442DF2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast$_free$_abort
                                            • String ID:
                                            • API String ID: 3160817290-0
                                            • Opcode ID: 87b26909f72037bad5c5d086486b1020b940d93f18a23cd448839f0232acdda1
                                            • Instruction ID: da92441ee169492da4535394740f22c8a52c034306245e407036841f70511c34
                                            • Opcode Fuzzy Hash: 87b26909f72037bad5c5d086486b1020b940d93f18a23cd448839f0232acdda1
                                            • Instruction Fuzzy Hash: AEF02DB194590137F65237367E46F5F2A55AFC2765F64002FF824922D2DEFC8801426C
                                            Function 004A8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00429639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00429693
                                              • Part of subcall function 00429639: SelectObject.GDI32(?,00000000), ref: 004296A2
                                              • Part of subcall function 00429639: BeginPath.GDI32(?), ref: 004296B9
                                              • Part of subcall function 00429639: SelectObject.GDI32(?,00000000), ref: 004296E2
                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 004A8A4E
                                            • LineTo.GDI32(?,00000003,00000000), ref: 004A8A62
                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 004A8A70
                                            • LineTo.GDI32(?,00000000,00000003), ref: 004A8A80
                                            • EndPath.GDI32(?), ref: 004A8A90
                                            • StrokePath.GDI32(?), ref: 004A8AA0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                            • String ID:
                                            • API String ID: 43455801-0
                                            • Opcode ID: b6c18d542ec193f35e011439873e7249bcde06685e767de20389c9ba3aade09f
                                            • Instruction ID: 2763b2413425744688e43200f531a1f45c9e2f9b88bac5330b09e51f8288fde3
                                            • Opcode Fuzzy Hash: b6c18d542ec193f35e011439873e7249bcde06685e767de20389c9ba3aade09f
                                            • Instruction Fuzzy Hash: B611177604414CFFEF129F90DC88EAA7FACEB09354F008026BA199A1A1C7719D55DFA4
                                            Function 004751FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDC.USER32(00000000), ref: 00475218
                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00475229
                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00475230
                                            • ReleaseDC.USER32(00000000,00000000), ref: 00475238
                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0047524F
                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00475261
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CapsDevice$Release
                                            • String ID:
                                            • API String ID: 1035833867-0
                                            • Opcode ID: 56a657c657abbaf1ae1b2fa63b866ad810472cae7daa1520dd3baeb040bf8ccd
                                            • Instruction ID: b478207ead9bded2994e5a75cdca39e5f22044c99e0cd918db43bcb14021a8ec
                                            • Opcode Fuzzy Hash: 56a657c657abbaf1ae1b2fa63b866ad810472cae7daa1520dd3baeb040bf8ccd
                                            • Instruction Fuzzy Hash: AF014475A00714BBEB109BA59C49A9EBFB9EB45751F044066FA04AB381D6709C01CFA4
                                            Function 00411BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00411BF4
                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00411BFC
                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00411C07
                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00411C12
                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00411C1A
                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00411C22
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Virtual
                                            • String ID:
                                            • API String ID: 4278518827-0
                                            • Opcode ID: b82c27ef77be373fb79d768c11b49100e3c2383e9df10edc1a26d8b66baebb76
                                            • Instruction ID: d493e9c988888cf1d66a9505dcfddd78373853669c9bcba617f077a56dc52d90
                                            • Opcode Fuzzy Hash: b82c27ef77be373fb79d768c11b49100e3c2383e9df10edc1a26d8b66baebb76
                                            • Instruction Fuzzy Hash: 880167B0902B5ABDE3008F6A8C85B52FFE8FF19354F04411BA15C4BA42C7F5A864CBE5
                                            Function 0047EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0047EB30
                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0047EB46
                                            • GetWindowThreadProcessId.USER32(?,?), ref: 0047EB55
                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0047EB64
                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0047EB6E
                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0047EB75
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                            • String ID:
                                            • API String ID: 839392675-0
                                            • Opcode ID: 9833bf06cacfe7257034509a113eb5214938d23b96800fcfedc48189a40a840d
                                            • Instruction ID: 9e055b19992bea128c1e96962202570f0e47ffc8bf24a53ce0b8b7c318cd5711
                                            • Opcode Fuzzy Hash: 9833bf06cacfe7257034509a113eb5214938d23b96800fcfedc48189a40a840d
                                            • Instruction Fuzzy Hash: 3FF05472240158BBE7619B529C4DEEF3E7CEFCBB11F004169F601D1191DBA05A01CAB9
                                            Function 00467439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetClientRect.USER32(?), ref: 00467452
                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00467469
                                            • GetWindowDC.USER32(?), ref: 00467475
                                            • GetPixel.GDI32(00000000,?,?), ref: 00467484
                                            • ReleaseDC.USER32(?,00000000), ref: 00467496
                                            • GetSysColor.USER32(00000005), ref: 004674B0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                            • String ID:
                                            • API String ID: 272304278-0
                                            • Opcode ID: 93c9250fc3b27b4d275d6063ab14f121d8382c43f99ff1df49e7e13a0a3fb3de
                                            • Instruction ID: 37d12297833d4d9562e8c5ae27ae2f72ad7d91c848f1b1e770cf022df2df1e3b
                                            • Opcode Fuzzy Hash: 93c9250fc3b27b4d275d6063ab14f121d8382c43f99ff1df49e7e13a0a3fb3de
                                            • Instruction Fuzzy Hash: 6A018B31500215FFEB909F64DD48BAA7FB5FB05311F500071F915A21A1CF311E42AB59
                                            Function 00471874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0047187F
                                            • UnloadUserProfile.USERENV(?,?), ref: 0047188B
                                            • CloseHandle.KERNEL32(?), ref: 00471894
                                            • CloseHandle.KERNEL32(?), ref: 0047189C
                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 004718A5
                                            • HeapFree.KERNEL32(00000000), ref: 004718AC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                            • String ID:
                                            • API String ID: 146765662-0
                                            • Opcode ID: 9bf72216978b42fe2df08dc3f184cd041d70c36a5b0b1ebf7cab93073d43d17f
                                            • Instruction ID: a6468c14aaad85d95ab4b43a71100f0c1fd1e9a74cc05d3d72b1e6cbacef8e77
                                            • Opcode Fuzzy Hash: 9bf72216978b42fe2df08dc3f184cd041d70c36a5b0b1ebf7cab93073d43d17f
                                            • Instruction Fuzzy Hash: 04E0E576204101BBDB416FA1ED4C90ABF79FF4AB22B108230F22581070CB329421DF58
                                            Function 0041BBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                            Download Yara Rule
                                            APIs
                                            • __Init_thread_footer.LIBCMT ref: 0041BEB3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Init_thread_footer
                                            • String ID: D%N$D%N$D%N$D%ND%N
                                            • API String ID: 1385522511-2848982604
                                            • Opcode ID: 778719f60a104dcf0ccd177bdf84589ea30439dbf6684f63a5fdf9524693df48
                                            • Instruction ID: 6ea5914dde4d3614734cc7f24822dc5fde11845d43a37a4303ff65ac5b2307f6
                                            • Opcode Fuzzy Hash: 778719f60a104dcf0ccd177bdf84589ea30439dbf6684f63a5fdf9524693df48
                                            • Instruction Fuzzy Hash: 57916875A0020ADFCB18CF59C1906EAB7F1FF59310B24816ED941AB350E779AD81CBD8
                                            Function 00497B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00430242: EnterCriticalSection.KERNEL32(004E070C,004E1884,?,?,0042198B,004E2518,?,?,?,004112F9,00000000), ref: 0043024D
                                              • Part of subcall function 00430242: LeaveCriticalSection.KERNEL32(004E070C,?,0042198B,004E2518,?,?,?,004112F9,00000000), ref: 0043028A
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                              • Part of subcall function 004300A3: __onexit.LIBCMT ref: 004300A9
                                            • __Init_thread_footer.LIBCMT ref: 00497BFB
                                              • Part of subcall function 004301F8: EnterCriticalSection.KERNEL32(004E070C,?,?,00428747,004E2514), ref: 00430202
                                              • Part of subcall function 004301F8: LeaveCriticalSection.KERNEL32(004E070C,?,00428747,004E2514), ref: 00430235
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                            • String ID: +TF$5$G$Variable must be of type 'Object'.
                                            • API String ID: 535116098-4280218163
                                            • Opcode ID: b6d8efa8905106221902597ef0eaaeefed5cb1bfa6f5d123edd822d3e39249c1
                                            • Instruction ID: dc8afd1bf4116c1208d511a716ebc4e0fe3f2365de9aa8903e19c7bac440db70
                                            • Opcode Fuzzy Hash: b6d8efa8905106221902597ef0eaaeefed5cb1bfa6f5d123edd822d3e39249c1
                                            • Instruction Fuzzy Hash: 6C91AD70A14208EFCF04EF55D8919AEBBB1BF49304F14816EF8065B392DB79AE41CB59
                                            Function 0047C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00417620: _wcslen.LIBCMT ref: 00417625
                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0047C6EE
                                            • _wcslen.LIBCMT ref: 0047C735
                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0047C79C
                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0047C7CA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ItemMenu$Info_wcslen$Default
                                            • String ID: 0
                                            • API String ID: 1227352736-4108050209
                                            • Opcode ID: 759573d8ccad750ef7fd1847409c51174f690e78b5dd32654e578ef044ae3914
                                            • Instruction ID: 036c8139172a9f7fd1662064223204c19d98b54ff38c2ffca6a104d234804fbf
                                            • Opcode Fuzzy Hash: 759573d8ccad750ef7fd1847409c51174f690e78b5dd32654e578ef044ae3914
                                            • Instruction Fuzzy Hash: 4251E3716043019BD7189F29C8C5BEB77E4AF49314F04892FF999D32A1DB78D904CB5A
                                            Function 0047719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00477206
                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0047723C
                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0047724D
                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 004772CF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                            • String ID: DllGetClassObject
                                            • API String ID: 753597075-1075368562
                                            • Opcode ID: 84df3b845cbf5adf0a617163e0c43572df966713748ba81f1eda258850e5e808
                                            • Instruction ID: 78e40fe605dddce31242282e7b0a38f9ab9f1a9eb59d5bfeefa87fa2826868c2
                                            • Opcode Fuzzy Hash: 84df3b845cbf5adf0a617163e0c43572df966713748ba81f1eda258850e5e808
                                            • Instruction Fuzzy Hash: 1A419D71A04204AFDB15CF54C884ADA7BA9EF44314F60C0AEFD099F20AD7B8D944CBA4
                                            Function 004A3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 004A3E35
                                            • IsMenu.USER32(?), ref: 004A3E4A
                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 004A3E92
                                            • DrawMenuBar.USER32 ref: 004A3EA5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Menu$Item$DrawInfoInsert
                                            • String ID: 0
                                            • API String ID: 3076010158-4108050209
                                            • Opcode ID: be11eda8e55823a4c5dd314aef5c7d7854119da3bd2d32cddc10917f40bcded8
                                            • Instruction ID: 358611fc54028fd19411c81743056fbcd683b987c2e189c7972843d632d761f0
                                            • Opcode Fuzzy Hash: be11eda8e55823a4c5dd314aef5c7d7854119da3bd2d32cddc10917f40bcded8
                                            • Instruction Fuzzy Hash: 81415975A01209EFDB10DF50D884AABBBB5FF5A356F04412AF9059B350E734AE41CF54
                                            Function 00471DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                              • Part of subcall function 00473CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00473CCA
                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00471E66
                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00471E79
                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 00471EA9
                                              • Part of subcall function 00416B57: _wcslen.LIBCMT ref: 00416B6A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$_wcslen$ClassName
                                            • String ID: ComboBox$ListBox
                                            • API String ID: 2081771294-1403004172
                                            • Opcode ID: fc377903e933195cae92388fec7bddda1b8a3e692c86a345df57bf311445555e
                                            • Instruction ID: 76072e64cfff2d64756e7fc843cbb86739bdd03fa2d33123d0401edc891935ab
                                            • Opcode Fuzzy Hash: fc377903e933195cae92388fec7bddda1b8a3e692c86a345df57bf311445555e
                                            • Instruction Fuzzy Hash: 6B213771A00104BEDB14AB69DC56DFFB7B8DF42354B10812FF859A32E0DB3C4D4A8628
                                            Function 004A2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 004A2F8D
                                            • LoadLibraryW.KERNEL32(?), ref: 004A2F94
                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 004A2FA9
                                            • DestroyWindow.USER32(?), ref: 004A2FB1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                            • String ID: SysAnimate32
                                            • API String ID: 3529120543-1011021900
                                            • Opcode ID: 5a059ece18695e012411c228c778116c19e0e175ffa8178757ede497c9db3c28
                                            • Instruction ID: 1b84eb1fdade81f0549b63b0f3455e8ea16a86318cb4c701d95909bb8856eeed
                                            • Opcode Fuzzy Hash: 5a059ece18695e012411c228c778116c19e0e175ffa8178757ede497c9db3c28
                                            • Instruction Fuzzy Hash: 5521C371200205AFEB108F68DD80FBB37BDEB6A368F10422AF950D6290D7B5DC51B768
                                            Function 00434D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00434D1E,004428E9,?,00434CBE,004428E9,004D88B8,0000000C,00434E15,004428E9,00000002), ref: 00434D8D
                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00434DA0
                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00434D1E,004428E9,?,00434CBE,004428E9,004D88B8,0000000C,00434E15,004428E9,00000002,00000000), ref: 00434DC3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: AddressFreeHandleLibraryModuleProc
                                            • String ID: CorExitProcess$mscoree.dll
                                            • API String ID: 4061214504-1276376045
                                            • Opcode ID: 17d6c6ef9b1753d6ba9eb775796148d862211fa9ea9ac1400f165082f0fac582
                                            • Instruction ID: 4a44dd46e48559abad93e14b117633f573e7f023cd2bac84df3a9d42d1da2fbb
                                            • Opcode Fuzzy Hash: 17d6c6ef9b1753d6ba9eb775796148d862211fa9ea9ac1400f165082f0fac582
                                            • Instruction Fuzzy Hash: E8F03134640208ABDB515F94DC49BDEBFE5EB48752F0001AAE805A2250CB745940DE98
                                            Function 00414E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00414EDD,?,004E1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00414E9C
                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00414EAE
                                            • FreeLibrary.KERNEL32(00000000,?,?,00414EDD,?,004E1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00414EC0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Library$AddressFreeLoadProc
                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                            • API String ID: 145871493-3689287502
                                            • Opcode ID: 2fcb139f9e97e8b65accf9693ffe75c06bc64cadc27bfd00ff72ecb099ccb975
                                            • Instruction ID: 9388f1a29be9f88115b5940574dbe45d4e4491b1a4eb700cbc59b58498d1ec89
                                            • Opcode Fuzzy Hash: 2fcb139f9e97e8b65accf9693ffe75c06bc64cadc27bfd00ff72ecb099ccb975
                                            • Instruction Fuzzy Hash: E8E0CD35B017229BD2711B257C58B9F6954AFC3F637050127FC04D2304DB68DD4148BD
                                            Function 00414E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00453CDE,?,004E1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00414E62
                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00414E74
                                            • FreeLibrary.KERNEL32(00000000,?,?,00453CDE,?,004E1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00414E87
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Library$AddressFreeLoadProc
                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                            • API String ID: 145871493-1355242751
                                            • Opcode ID: dc3b485f2ac8406f4e6247426b62578b71c011e96e7fac995004df403e123362
                                            • Instruction ID: 989c52f1e93b047bff59084ed21e506efb34e8f80c4f378a66b6b0d8b510ba05
                                            • Opcode Fuzzy Hash: dc3b485f2ac8406f4e6247426b62578b71c011e96e7fac995004df403e123362
                                            • Instruction Fuzzy Hash: ADD0C2356427226746621B247C18ECB2E18AFC3B213050223F800A2214CF29CD42C9EC
                                            Function 00482947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00482C05
                                            • DeleteFileW.KERNEL32(?), ref: 00482C87
                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00482C9D
                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00482CAE
                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00482CC0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: File$Delete$Copy
                                            • String ID:
                                            • API String ID: 3226157194-0
                                            • Opcode ID: 0c39b6cc66c6eab43d7e1448910b989a73e18c70e3b6b81ced5cb9efabea10e6
                                            • Instruction ID: 5cf82a61d61d2dfd5d181f94456cb88ce852856a03885391282a198eab559881
                                            • Opcode Fuzzy Hash: 0c39b6cc66c6eab43d7e1448910b989a73e18c70e3b6b81ced5cb9efabea10e6
                                            • Instruction Fuzzy Hash: 4DB17E72D01119ABDF11EFA5CD85EEEBB7CEF48304F0044ABF509A6141EB789A448F69
                                            Function 0049A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentProcessId.KERNEL32 ref: 0049A427
                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0049A435
                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0049A468
                                            • CloseHandle.KERNEL32(?), ref: 0049A63D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                            • String ID:
                                            • API String ID: 3488606520-0
                                            • Opcode ID: 877afe03b3f44d3bd7935d721423133d296b347392f1fb85ba45a9707894c6b2
                                            • Instruction ID: 9082ec479254e114fbc28b0797779e1aeb1a99a403012a6b58db033f1b30d769
                                            • Opcode Fuzzy Hash: 877afe03b3f44d3bd7935d721423133d296b347392f1fb85ba45a9707894c6b2
                                            • Instruction Fuzzy Hash: 50A19371604300AFDB20DF15D885F2ABBE5AF44718F14882EF9999B3D2D7B4EC418B96
                                            Function 0044BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,004B3700), ref: 0044BB91
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,004E121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0044BC09
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,004E1270,000000FF,?,0000003F,00000000,?), ref: 0044BC36
                                            • _free.LIBCMT ref: 0044BB7F
                                              • Part of subcall function 004429C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0044D7D1,00000000,00000000,00000000,00000000,?,0044D7F8,00000000,00000007,00000000,?,0044DBF5,00000000), ref: 004429DE
                                              • Part of subcall function 004429C8: GetLastError.KERNEL32(00000000,?,0044D7D1,00000000,00000000,00000000,00000000,?,0044D7F8,00000000,00000007,00000000,?,0044DBF5,00000000,00000000), ref: 004429F0
                                            • _free.LIBCMT ref: 0044BD4B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                            • String ID:
                                            • API String ID: 1286116820-0
                                            • Opcode ID: 89655aef374f3786b320aa648b706b31e08314b5e144f8f6834667acac800707
                                            • Instruction ID: 0a4b96cad64463c0c510b95a757c983b12f7399a9e43482ed5795104e8fce694
                                            • Opcode Fuzzy Hash: 89655aef374f3786b320aa648b706b31e08314b5e144f8f6834667acac800707
                                            • Instruction Fuzzy Hash: 4F51D871D00209AFEB10EF669CC19AEB7B8EF45314B1042AFE554E72A1EB74DD418BD8
                                            Function 0047E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0047DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0047CF22,?), ref: 0047DDFD
                                              • Part of subcall function 0047DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0047CF22,?), ref: 0047DE16
                                              • Part of subcall function 0047E199: GetFileAttributesW.KERNEL32(?,0047CF95), ref: 0047E19A
                                            • lstrcmpiW.KERNEL32(?,?), ref: 0047E473
                                            • MoveFileW.KERNEL32(?,?), ref: 0047E4AC
                                            • _wcslen.LIBCMT ref: 0047E5EB
                                            • _wcslen.LIBCMT ref: 0047E603
                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0047E650
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                            • String ID:
                                            • API String ID: 3183298772-0
                                            • Opcode ID: 2520168432b8b636160a162f24862c93690ecb6fc3b4ebb1331a84ccce1f6cf5
                                            • Instruction ID: 4a7e949fc09f8578df0285f7f958b2dc41a442f31998295e87a4b7bfad6995a5
                                            • Opcode Fuzzy Hash: 2520168432b8b636160a162f24862c93690ecb6fc3b4ebb1331a84ccce1f6cf5
                                            • Instruction Fuzzy Hash: 8C516FB24083455BC724EBA1DC819DB73ECAF89344F004A6FE689D3151EF78A588876E
                                            Function 0049B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                              • Part of subcall function 0049C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0049B6AE,?,?), ref: 0049C9B5
                                              • Part of subcall function 0049C998: _wcslen.LIBCMT ref: 0049C9F1
                                              • Part of subcall function 0049C998: _wcslen.LIBCMT ref: 0049CA68
                                              • Part of subcall function 0049C998: _wcslen.LIBCMT ref: 0049CA9E
                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0049BAA5
                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0049BB00
                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0049BB63
                                            • RegCloseKey.ADVAPI32(?,?), ref: 0049BBA6
                                            • RegCloseKey.ADVAPI32(00000000), ref: 0049BBB3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                            • String ID:
                                            • API String ID: 826366716-0
                                            • Opcode ID: bafa64b433be41009be818a03790b9a1c939d27772ad57c9136980c2edc90191
                                            • Instruction ID: 5041afaf4b4e0da743bf7ef48ad0b16c2d0bc52f8bb74cfb1fbad5ef4f0e9427
                                            • Opcode Fuzzy Hash: bafa64b433be41009be818a03790b9a1c939d27772ad57c9136980c2edc90191
                                            • Instruction Fuzzy Hash: B161D131208201AFC714DF14C990E6BBBE5FF84308F14896EF4998B2A2DB35ED45CB96
                                            Function 00478BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                            Download Yara Rule
                                            APIs
                                            • VariantInit.OLEAUT32(?), ref: 00478BCD
                                            • VariantClear.OLEAUT32 ref: 00478C3E
                                            • VariantClear.OLEAUT32 ref: 00478C9D
                                            • VariantClear.OLEAUT32(?), ref: 00478D10
                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00478D3B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Variant$Clear$ChangeInitType
                                            • String ID:
                                            • API String ID: 4136290138-0
                                            • Opcode ID: 694fcbc8b9cf9751aef9645ff0760a301874e197b115279830d1c5d8bc83d813
                                            • Instruction ID: 70ca067523b154fdbb5e6de94d7b85697061bc555aadc03d714f56de2c1ba891
                                            • Opcode Fuzzy Hash: 694fcbc8b9cf9751aef9645ff0760a301874e197b115279830d1c5d8bc83d813
                                            • Instruction Fuzzy Hash: FC516DB5A00219DFCB10CF58D894AAABBF4FF8D314B15855AE909DB350D734E911CF94
                                            Function 00488AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00488BAE
                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00488BDA
                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00488C32
                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00488C57
                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00488C5F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: PrivateProfile$SectionWrite$String
                                            • String ID:
                                            • API String ID: 2832842796-0
                                            • Opcode ID: fc2ae4d37408085cea6a8625f818b4e9ab27600a06a5367ae8cffa6d986b67de
                                            • Instruction ID: a829c9f05553940ea5e42b33936484159c4767965be1b7d4bd357bd9017903e4
                                            • Opcode Fuzzy Hash: fc2ae4d37408085cea6a8625f818b4e9ab27600a06a5367ae8cffa6d986b67de
                                            • Instruction Fuzzy Hash: 6D515F35A00214AFCB01DF65C881AAEBBF5FF49318F08845DE849AB362DB35ED41CB94
                                            Function 00498EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00498F40
                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00498FD0
                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00498FEC
                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00499032
                                            • FreeLibrary.KERNEL32(00000000), ref: 00499052
                                              • Part of subcall function 0042F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00481043,?,7529E610), ref: 0042F6E6
                                              • Part of subcall function 0042F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0046FA64,00000000,00000000,?,?,00481043,?,7529E610,?,0046FA64), ref: 0042F70D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                            • String ID:
                                            • API String ID: 666041331-0
                                            • Opcode ID: f1dfa2a8af92c6f2fa23fa31397c99e199f4062d0487f0e37f120e8f4857c860
                                            • Instruction ID: ba985ac36e7d70186bcf075020540c50bf7674d1c3f7e011078ac1edfa6f5ef5
                                            • Opcode Fuzzy Hash: f1dfa2a8af92c6f2fa23fa31397c99e199f4062d0487f0e37f120e8f4857c860
                                            • Instruction Fuzzy Hash: 22512935600205DFCB11DF59C4948AEBBF1FF49358B0480AEE8169B362DB35ED86CB95
                                            Function 004A6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 004A6C33
                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 004A6C4A
                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 004A6C73
                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0048AB79,00000000,00000000), ref: 004A6C98
                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 004A6CC7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$Long$MessageSendShow
                                            • String ID:
                                            • API String ID: 3688381893-0
                                            • Opcode ID: e4dfb80d215fe2f0abfa13afd2ae1b7df0d614a54378e2a4d9d2adce287eb267
                                            • Instruction ID: 3b4f8a48d1fb26aceece9514bb38876a1b8233be03b8539f99eeaf058a13b111
                                            • Opcode Fuzzy Hash: e4dfb80d215fe2f0abfa13afd2ae1b7df0d614a54378e2a4d9d2adce287eb267
                                            • Instruction Fuzzy Hash: 2841F635600114AFD724CF28CC84FA67FA5EB1B360F0A022AF955AB3E1C779ED41CA58
                                            Function 00442051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _free
                                            • String ID:
                                            • API String ID: 269201875-0
                                            • Opcode ID: daf33a5b8842fb7a8a440f6bb4683ce336f28dd3ef03a246876850ab670c2d30
                                            • Instruction ID: dbe4b12d1b5ef9a76a7b268ee01cd29a6b7b1667680eef61006dd1f4afb043e6
                                            • Opcode Fuzzy Hash: daf33a5b8842fb7a8a440f6bb4683ce336f28dd3ef03a246876850ab670c2d30
                                            • Instruction Fuzzy Hash: 56410472A002009FEB20DF79C981A5EB3F1EF88314F95416AF605EB352D6B5AD01CB84
                                            Function 0042912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCursorPos.USER32(?), ref: 00429141
                                            • ScreenToClient.USER32(00000000,?), ref: 0042915E
                                            • GetAsyncKeyState.USER32(00000001), ref: 00429183
                                            • GetAsyncKeyState.USER32(00000002), ref: 0042919D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: AsyncState$ClientCursorScreen
                                            • String ID:
                                            • API String ID: 4210589936-0
                                            • Opcode ID: 23f58be605c12e13882f6a621315a3a09da15055e6934ad91cd90781d33d268a
                                            • Instruction ID: d07b7fb9b1cc10956d52b5274f51739ca756b7f87ede036128ea1593edfdff20
                                            • Opcode Fuzzy Hash: 23f58be605c12e13882f6a621315a3a09da15055e6934ad91cd90781d33d268a
                                            • Instruction Fuzzy Hash: DB417D31A0821AAADB059F69D844AFEB774FB06324F20822BE425A23D0D7785D50CB96
                                            Function 00483874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetInputState.USER32 ref: 004838CB
                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00483922
                                            • TranslateMessage.USER32(?), ref: 0048394B
                                            • DispatchMessageW.USER32(?), ref: 00483955
                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00483966
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                            • String ID:
                                            • API String ID: 2256411358-0
                                            • Opcode ID: e6b956bf743025c86a323533d8fb16062911f204e1dfbd9e1c3a221e0b9aef96
                                            • Instruction ID: cfab3a0175811c045164ca863a3fe19fea1ccd759c791dfe665831cb9672692f
                                            • Opcode Fuzzy Hash: e6b956bf743025c86a323533d8fb16062911f204e1dfbd9e1c3a221e0b9aef96
                                            • Instruction Fuzzy Hash: 4B31DAB09443819EEB35EF34D888B7B3BE8AB05B05F040D7BE452862A1D3FC9585CB19
                                            Function 0048CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0048CF38
                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 0048CF6F
                                            • GetLastError.KERNEL32(?,00000000,?,?,?,0048C21E,00000000), ref: 0048CFB4
                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0048C21E,00000000), ref: 0048CFC8
                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0048C21E,00000000), ref: 0048CFF2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                            • String ID:
                                            • API String ID: 3191363074-0
                                            • Opcode ID: bee51a0db6bdbecd63e97519aef1ac9f44bc8bd40e85a715adb97ebaeb279ff1
                                            • Instruction ID: 876457f0adcaf2424fbabab0cef010281955103ad9a08f2b8f0f95e5a748d9fa
                                            • Opcode Fuzzy Hash: bee51a0db6bdbecd63e97519aef1ac9f44bc8bd40e85a715adb97ebaeb279ff1
                                            • Instruction Fuzzy Hash: 5C314171504205AFEB20EFA5D8C49AF7BF9EB15354B10486FF606D2280DB38AD459B68
                                            Function 00471901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowRect.USER32(?,?), ref: 00471915
                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 004719C1
                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 004719C9
                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 004719DA
                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 004719E2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessagePostSleep$RectWindow
                                            • String ID:
                                            • API String ID: 3382505437-0
                                            • Opcode ID: 085d660e6e7fb3195bc34f4fdc3be1d84c6fc89de580f156c20b6a24d221a68d
                                            • Instruction ID: b81f49960a7c1050747a43b0eeea243e6d0626db0cd380daa65a4b8b37457e6a
                                            • Opcode Fuzzy Hash: 085d660e6e7fb3195bc34f4fdc3be1d84c6fc89de580f156c20b6a24d221a68d
                                            • Instruction Fuzzy Hash: C931F6B1A00219EFCB10CFACCD98ADE3BB5EB05314F008226FA25A72E0C3749D45CB94
                                            Function 004A5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 004A5745
                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 004A579D
                                            • _wcslen.LIBCMT ref: 004A57AF
                                            • _wcslen.LIBCMT ref: 004A57BA
                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 004A5816
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$_wcslen
                                            • String ID:
                                            • API String ID: 763830540-0
                                            • Opcode ID: e69d7c13cfee4c0b5b5f4270a619e052e1bff7d024229b3e3a9b4c17043470eb
                                            • Instruction ID: a68b5054da3947af00bb4884a75f7ad8ccd26a7aca2bd31704d276795f5bfeb5
                                            • Opcode Fuzzy Hash: e69d7c13cfee4c0b5b5f4270a619e052e1bff7d024229b3e3a9b4c17043470eb
                                            • Instruction Fuzzy Hash: 7C21D775900608DADB20DF60CD84AEE7B7CFF16324F104117F919EA280D7789985CF59
                                            Function 00490930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • IsWindow.USER32(00000000), ref: 00490951
                                            • GetForegroundWindow.USER32 ref: 00490968
                                            • GetDC.USER32(00000000), ref: 004909A4
                                            • GetPixel.GDI32(00000000,?,00000003), ref: 004909B0
                                            • ReleaseDC.USER32(00000000,00000003), ref: 004909E8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$ForegroundPixelRelease
                                            • String ID:
                                            • API String ID: 4156661090-0
                                            • Opcode ID: 6f66b99f1474ac2ce5f3f7d840feaef23cf7908b7fcf019991c7a53eafa980e0
                                            • Instruction ID: e348afaf92aaf7ff8b2808d734d348c12d10c30eb487fb869ddea32893235637
                                            • Opcode Fuzzy Hash: 6f66b99f1474ac2ce5f3f7d840feaef23cf7908b7fcf019991c7a53eafa980e0
                                            • Instruction Fuzzy Hash: B421A175600204AFD704EF65C984AAEBBE9EF49704F00843EE84AA7362DB34AC45CB94
                                            Function 0044CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentStringsW.KERNEL32 ref: 0044CDC6
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0044CDE9
                                              • Part of subcall function 00443820: RtlAllocateHeap.NTDLL(00000000,?,004E1444,?,0042FDF5,?,?,0041A976,00000010,004E1440,004113FC,?,004113C6,?,00411129), ref: 00443852
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0044CE0F
                                            • _free.LIBCMT ref: 0044CE22
                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0044CE31
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                            • String ID:
                                            • API String ID: 336800556-0
                                            • Opcode ID: 08e1ae7251d896a1960962ce4e7754ec2ea01e1cf9f5a629c3fc0d4c9517cf23
                                            • Instruction ID: e5c4b19c28e31fe9e747232f6dac4d4b5fa34164c6cd0ee705155136c413902d
                                            • Opcode Fuzzy Hash: 08e1ae7251d896a1960962ce4e7754ec2ea01e1cf9f5a629c3fc0d4c9517cf23
                                            • Instruction Fuzzy Hash: DB0175726026157F376116B76CC8D7BAD6DDAC7BA1329012AFD05C6201DF698D0291B8
                                            Function 00429639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                            Download Yara Rule
                                            APIs
                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00429693
                                            • SelectObject.GDI32(?,00000000), ref: 004296A2
                                            • BeginPath.GDI32(?), ref: 004296B9
                                            • SelectObject.GDI32(?,00000000), ref: 004296E2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ObjectSelect$BeginCreatePath
                                            • String ID:
                                            • API String ID: 3225163088-0
                                            • Opcode ID: 4853d94e95593719ae1833e5db8daf04a16c977158f633886e731729882d6b15
                                            • Instruction ID: 1dc2e6510d7a8b3376017f75bc0bbea1bcce5f88e2b3ab9b9b44a86e2b92b094
                                            • Opcode Fuzzy Hash: 4853d94e95593719ae1833e5db8daf04a16c977158f633886e731729882d6b15
                                            • Instruction Fuzzy Hash: 1921A1B0A42355EBDB118F64EC88BAA3BA4BF11355F500236F4109A2B2D3785C81CF9C
                                            Function 00475711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _memcmp
                                            • String ID:
                                            • API String ID: 2931989736-0
                                            • Opcode ID: 7af7611d85b753bd4b00e5a3d71d25766f0c44141e088f0aad73b1a16dcb494e
                                            • Instruction ID: 95fe706676b1af874f0c5f7b09a68588c1f1f1fbdab0b9d9e0dbd6ae1940ddaf
                                            • Opcode Fuzzy Hash: 7af7611d85b753bd4b00e5a3d71d25766f0c44141e088f0aad73b1a16dcb494e
                                            • Instruction Fuzzy Hash: 200192A1641A09BAA20C55129D82FFB635C9B253A8F108037FD089EA41F7ADED1582AD
                                            Function 00442DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,?,0043F2DE,00443863,004E1444,?,0042FDF5,?,?,0041A976,00000010,004E1440,004113FC,?,004113C6), ref: 00442DFD
                                            • _free.LIBCMT ref: 00442E32
                                            • _free.LIBCMT ref: 00442E59
                                            • SetLastError.KERNEL32(00000000,00411129), ref: 00442E66
                                            • SetLastError.KERNEL32(00000000,00411129), ref: 00442E6F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast$_free
                                            • String ID:
                                            • API String ID: 3170660625-0
                                            • Opcode ID: 18d39f4f35d788565a69eccbb32a4c16798351e5bd8cd9fe340a28c4741db5af
                                            • Instruction ID: 2a8e50c9df9d9ed104c4451fdea57554a7bd7abfa23c90cdcfea427223f98d00
                                            • Opcode Fuzzy Hash: 18d39f4f35d788565a69eccbb32a4c16798351e5bd8cd9fe340a28c4741db5af
                                            • Instruction Fuzzy Hash: 7A01F97224560167F61267366E85D2F2659ABD27A97F5003FF825E2293EEFCCC01412C
                                            Function 0047000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0046FF41,80070057,?,?,?,0047035E), ref: 0047002B
                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0046FF41,80070057,?,?), ref: 00470046
                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0046FF41,80070057,?,?), ref: 00470054
                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0046FF41,80070057,?), ref: 00470064
                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0046FF41,80070057,?,?), ref: 00470070
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                            • String ID:
                                            • API String ID: 3897988419-0
                                            • Opcode ID: e89e9185c9af94200255ca9a4afe8ad41df043aa060daf5fe0e1f4606f23c83a
                                            • Instruction ID: 23021f586f535801a659cad62ed450542fa43cbbbcdb01b6b7b344be3df9142e
                                            • Opcode Fuzzy Hash: e89e9185c9af94200255ca9a4afe8ad41df043aa060daf5fe0e1f4606f23c83a
                                            • Instruction Fuzzy Hash: D901A272601204FFDB505F68EC44BEA7EEDEF44762F148129F909D6210D779DD409BA4
                                            Function 0047E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0047E997
                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 0047E9A5
                                            • Sleep.KERNEL32(00000000), ref: 0047E9AD
                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0047E9B7
                                            • Sleep.KERNEL32 ref: 0047E9F3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                            • String ID:
                                            • API String ID: 2833360925-0
                                            • Opcode ID: 2179a7372f7dbf06ae8ae120ef0d17ef4bee33749576cdcef1aed6ef2d0e4017
                                            • Instruction ID: f2088184f57336d844a909f770ddc2b3d6f329e7bd0d8ac59f20cd0a270141e8
                                            • Opcode Fuzzy Hash: 2179a7372f7dbf06ae8ae120ef0d17ef4bee33749576cdcef1aed6ef2d0e4017
                                            • Instruction Fuzzy Hash: BA01A1B2D01529DBCF409FE6DD886DDBB78FF0E300F004296D601B2241CB384551CB69
                                            Function 004710F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00471114
                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,00470B9B,?,?,?), ref: 00471120
                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00470B9B,?,?,?), ref: 0047112F
                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00470B9B,?,?,?), ref: 00471136
                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0047114D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                            • String ID:
                                            • API String ID: 842720411-0
                                            • Opcode ID: 7f78811814a72b0c02fdbb5afd4f8e47da716614da87759c790437b700499d45
                                            • Instruction ID: 3f38b739c9eebb035901a3d6181a786c075046380bdc294c554717718219e434
                                            • Opcode Fuzzy Hash: 7f78811814a72b0c02fdbb5afd4f8e47da716614da87759c790437b700499d45
                                            • Instruction Fuzzy Hash: CC011D79200205BFDB514FA9DC89AAB3F6EEF8A360B504425FA46D7360DA31DD009E64
                                            Function 00470FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00470FCA
                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00470FD6
                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00470FE5
                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00470FEC
                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00471002
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                            • String ID:
                                            • API String ID: 44706859-0
                                            • Opcode ID: 2c84c71b5a7be7f69b4e30d5384410c2d2d18b4f021ee88ab878231e16aa690e
                                            • Instruction ID: b8981c4fdc8285d3277d01006d97029e100e31809b1bdea7f56964640f9af566
                                            • Opcode Fuzzy Hash: 2c84c71b5a7be7f69b4e30d5384410c2d2d18b4f021ee88ab878231e16aa690e
                                            • Instruction Fuzzy Hash: F2F0A975200301ABDB210FA89C89F973FADEF8A762F104825FA09D6260DE70DC408A64
                                            Function 00471014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0047102A
                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00471036
                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00471045
                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0047104C
                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00471062
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                            • String ID:
                                            • API String ID: 44706859-0
                                            • Opcode ID: e20494f3a47d287b625f89700a330764807d549aeea3c630d1e7064eb03ff2b7
                                            • Instruction ID: 40e34e9eae8a88c544268f3db91f3f00edc97a0506d78080eabd363fde28ffe1
                                            • Opcode Fuzzy Hash: e20494f3a47d287b625f89700a330764807d549aeea3c630d1e7064eb03ff2b7
                                            • Instruction Fuzzy Hash: 0DF0A975200301ABDB211FA8EC88F973FADEF8A761F104425FA09E6260DE70D8408A64
                                            Function 0048030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                            Download Yara Rule
                                            APIs
                                            • CloseHandle.KERNEL32(?,?,?,?,0048017D,?,004832FC,?,00000001,00452592,?), ref: 00480324
                                            • CloseHandle.KERNEL32(?,?,?,?,0048017D,?,004832FC,?,00000001,00452592,?), ref: 00480331
                                            • CloseHandle.KERNEL32(?,?,?,?,0048017D,?,004832FC,?,00000001,00452592,?), ref: 0048033E
                                            • CloseHandle.KERNEL32(?,?,?,?,0048017D,?,004832FC,?,00000001,00452592,?), ref: 0048034B
                                            • CloseHandle.KERNEL32(?,?,?,?,0048017D,?,004832FC,?,00000001,00452592,?), ref: 00480358
                                            • CloseHandle.KERNEL32(?,?,?,?,0048017D,?,004832FC,?,00000001,00452592,?), ref: 00480365
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID:
                                            • API String ID: 2962429428-0
                                            • Opcode ID: f34691dd8f73bd4e4db5348961348b5a9e62097038b719dd2a7259ee131cb3a4
                                            • Instruction ID: c32c7e71f5cdd539bc6d4072fb9e5749306e480631bf004e3a27d4ae3b5c44a9
                                            • Opcode Fuzzy Hash: f34691dd8f73bd4e4db5348961348b5a9e62097038b719dd2a7259ee131cb3a4
                                            • Instruction Fuzzy Hash: 1101DC72800B019FCB30AF66D88080BFBF9BE602053058E3FD19252A30C3B4A948CF84
                                            Function 0044D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _free.LIBCMT ref: 0044D752
                                              • Part of subcall function 004429C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0044D7D1,00000000,00000000,00000000,00000000,?,0044D7F8,00000000,00000007,00000000,?,0044DBF5,00000000), ref: 004429DE
                                              • Part of subcall function 004429C8: GetLastError.KERNEL32(00000000,?,0044D7D1,00000000,00000000,00000000,00000000,?,0044D7F8,00000000,00000007,00000000,?,0044DBF5,00000000,00000000), ref: 004429F0
                                            • _free.LIBCMT ref: 0044D764
                                            • _free.LIBCMT ref: 0044D776
                                            • _free.LIBCMT ref: 0044D788
                                            • _free.LIBCMT ref: 0044D79A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: 143f466ed7a907e6981e3a3d70175cf5e3502c2cea1d21b49757def193a6f240
                                            • Instruction ID: 14dbad4606ffe41d2f073dcaad61d9b2f57bc155d9c8a2c59d83fd0eab05b2ef
                                            • Opcode Fuzzy Hash: 143f466ed7a907e6981e3a3d70175cf5e3502c2cea1d21b49757def193a6f240
                                            • Instruction Fuzzy Hash: 16F012B2A45205ABA621FB66FAC5C177BDDBB44715BD40C1BF048D7601C778FC80866C
                                            Function 00475C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,000003E9), ref: 00475C58
                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 00475C6F
                                            • MessageBeep.USER32(00000000), ref: 00475C87
                                            • KillTimer.USER32(?,0000040A), ref: 00475CA3
                                            • EndDialog.USER32(?,00000001), ref: 00475CBD
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                            • String ID:
                                            • API String ID: 3741023627-0
                                            • Opcode ID: bb59ec5287a00e61e4ab1e5b9356a4277eba31e13a9486c6b36868533097a465
                                            • Instruction ID: 9a317d90fb9fe38d13e78c233653d40680c15c65805b64baaf6f06db39f602f6
                                            • Opcode Fuzzy Hash: bb59ec5287a00e61e4ab1e5b9356a4277eba31e13a9486c6b36868533097a465
                                            • Instruction Fuzzy Hash: F3018630500B04AFFB215B10DD8EFE67BB8BB01B05F04456AA587A50E1DBF4A9898A99
                                            Function 004422A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                            Download Yara Rule
                                            APIs
                                            • _free.LIBCMT ref: 004422BE
                                              • Part of subcall function 004429C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0044D7D1,00000000,00000000,00000000,00000000,?,0044D7F8,00000000,00000007,00000000,?,0044DBF5,00000000), ref: 004429DE
                                              • Part of subcall function 004429C8: GetLastError.KERNEL32(00000000,?,0044D7D1,00000000,00000000,00000000,00000000,?,0044D7F8,00000000,00000007,00000000,?,0044DBF5,00000000,00000000), ref: 004429F0
                                            • _free.LIBCMT ref: 004422D0
                                            • _free.LIBCMT ref: 004422E3
                                            • _free.LIBCMT ref: 004422F4
                                            • _free.LIBCMT ref: 00442305
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: bd1493f46af5fbeff70f7d3d265acb9415c9f2c44b8aa34cf693d3a80b904407
                                            • Instruction ID: ded007adef903f19d41836a550c5a512f8eca7a9e8d7194f03c9851f85b970ad
                                            • Opcode Fuzzy Hash: bd1493f46af5fbeff70f7d3d265acb9415c9f2c44b8aa34cf693d3a80b904407
                                            • Instruction Fuzzy Hash: DCF054F45411919BAA12BF56BDC180D3B64F718761780056BF410EA372C7F91452EFEC
                                            Function 004295C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                            Download Yara Rule
                                            APIs
                                            • EndPath.GDI32(?), ref: 004295D4
                                            • StrokeAndFillPath.GDI32(?,?,004671F7,00000000,?,?,?), ref: 004295F0
                                            • SelectObject.GDI32(?,00000000), ref: 00429603
                                            • DeleteObject.GDI32 ref: 00429616
                                            • StrokePath.GDI32(?), ref: 00429631
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                            • String ID:
                                            • API String ID: 2625713937-0
                                            • Opcode ID: 431a56af6126d74fb934f5478809107661f17544e590573119585be63491499a
                                            • Instruction ID: 95a409aef37bcee009baea42993923f6b71e8e16e567864d5747744f86aa7a26
                                            • Opcode Fuzzy Hash: 431a56af6126d74fb934f5478809107661f17544e590573119585be63491499a
                                            • Instruction Fuzzy Hash: 08F0AF7114A244EBDB164FA4ED8C7653FA1BB02322F408234F425591F3CB388991CF2C
                                            Function 00440F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: __freea$_free
                                            • String ID: a/p$am/pm
                                            • API String ID: 3432400110-3206640213
                                            • Opcode ID: ac29a15a75f5bae84f4bf38eaca9e3f7c03b467563d47b9fea527550e3e37074
                                            • Instruction ID: 0ceb46b2ee8850823f06aeb7929aa029d6cc207dcfd13acb96d393fe0527b033
                                            • Opcode Fuzzy Hash: ac29a15a75f5bae84f4bf38eaca9e3f7c03b467563d47b9fea527550e3e37074
                                            • Instruction Fuzzy Hash: 9BD1DE31A002069AFB249F68C845ABBB7B0FF05700F28415BE911ABB61D37D9DC1CB99
                                            Function 004961D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00430242: EnterCriticalSection.KERNEL32(004E070C,004E1884,?,?,0042198B,004E2518,?,?,?,004112F9,00000000), ref: 0043024D
                                              • Part of subcall function 00430242: LeaveCriticalSection.KERNEL32(004E070C,?,0042198B,004E2518,?,?,?,004112F9,00000000), ref: 0043028A
                                              • Part of subcall function 004300A3: __onexit.LIBCMT ref: 004300A9
                                            • __Init_thread_footer.LIBCMT ref: 00496238
                                              • Part of subcall function 004301F8: EnterCriticalSection.KERNEL32(004E070C,?,?,00428747,004E2514), ref: 00430202
                                              • Part of subcall function 004301F8: LeaveCriticalSection.KERNEL32(004E070C,?,00428747,004E2514), ref: 00430235
                                              • Part of subcall function 0048359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 004835E4
                                              • Part of subcall function 0048359C: LoadStringW.USER32(004E2390,?,00000FFF,?), ref: 0048360A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                            • String ID: x#N$x#N$x#N
                                            • API String ID: 1072379062-56826683
                                            • Opcode ID: 39147560ad18f31416446e838bdff74776310c3d71ce3773bbb55d3b3734d6f4
                                            • Instruction ID: c9ba9791fd84f5f4aa6aa16194e221c61a93dfe8eef98ed134441fb040390de9
                                            • Opcode Fuzzy Hash: 39147560ad18f31416446e838bdff74776310c3d71ce3773bbb55d3b3734d6f4
                                            • Instruction Fuzzy Hash: C3C17F71A00105AFCF14EF99D890EBEBBB9EF48314F12806EE9059B251D778ED45CB98
                                            Function 00445AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: JOA
                                            • API String ID: 0-4101436360
                                            • Opcode ID: 87deaf03650484b5bfb456725a0e376c9996693db3396a84479cb781f0a7f70a
                                            • Instruction ID: 81db98df509d698b7c7209a264c5ff66790e7bc3a0b2e1f92e08d4c7083a60d6
                                            • Opcode Fuzzy Hash: 87deaf03650484b5bfb456725a0e376c9996693db3396a84479cb781f0a7f70a
                                            • Instruction Fuzzy Hash: 4151C171D006099FEF209FA5C885FAFBBB4EF09314F14005BF405A7293D6799902CB6A
                                            Function 00448A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00448B6E
                                            • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00448B7A
                                            • __dosmaperr.LIBCMT ref: 00448B81
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                            • String ID: .C
                                            • API String ID: 2434981716-1181961956
                                            • Opcode ID: b4b5be51b042283190a2174b5a85a689248d549f55c904eed8fcce7da5501a6a
                                            • Instruction ID: 876e3e89d12ec28d3a816206eda3b7418d01e9375f873fec0301dd9fe1d29aae
                                            • Opcode Fuzzy Hash: b4b5be51b042283190a2174b5a85a689248d549f55c904eed8fcce7da5501a6a
                                            • Instruction Fuzzy Hash: A5418E70604085AFFB249F24CC81A7E7FA5DB86304F2841AFF85497242DE799C53979C
                                            Function 00472716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0047B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,004721D0,?,?,00000034,00000800,?,00000034), ref: 0047B42D
                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00472760
                                              • Part of subcall function 0047B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,004721FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0047B3F8
                                              • Part of subcall function 0047B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0047B355
                                              • Part of subcall function 0047B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00472194,00000034,?,?,00001004,00000000,00000000), ref: 0047B365
                                              • Part of subcall function 0047B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00472194,00000034,?,?,00001004,00000000,00000000), ref: 0047B37B
                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 004727CD
                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0047281A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                            • String ID: @
                                            • API String ID: 4150878124-2766056989
                                            • Opcode ID: e75cdcd01f02b8d1c994f5de6ad2e6fb2f374daa85f874f4d6fa5a51d1b83f7d
                                            • Instruction ID: ece7c4acca13ec0c699f4aa41f657afa398bf470d499fc4f00e7c5bbaa8e9516
                                            • Opcode Fuzzy Hash: e75cdcd01f02b8d1c994f5de6ad2e6fb2f374daa85f874f4d6fa5a51d1b83f7d
                                            • Instruction Fuzzy Hash: AB413072900218AFDB10DFA4CD41BDEBBB8EF05304F00819AFA59B7181DB756E85CB95
                                            Function 0044172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00441769
                                            • _free.LIBCMT ref: 00441834
                                            • _free.LIBCMT ref: 0044183E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _free$FileModuleName
                                            • String ID: C:\Users\user\Desktop\file.exe
                                            • API String ID: 2506810119-517116171
                                            • Opcode ID: b4561e3ece174b7b87abf092e99de7caf8d94870fbd739fdd3e471e05f8cf732
                                            • Instruction ID: e6daf98204c1486b4033c53dace1f45ae52d7552e79a54cd432265da8d768396
                                            • Opcode Fuzzy Hash: b4561e3ece174b7b87abf092e99de7caf8d94870fbd739fdd3e471e05f8cf732
                                            • Instruction Fuzzy Hash: 4C318371A40258ABEB21DB9A9C81D9FBBFCEB85310B1441ABF504A7221D6744A80CB98
                                            Function 0047C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0047C306
                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 0047C34C
                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,004E1990,00D755E0), ref: 0047C395
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Menu$Delete$InfoItem
                                            • String ID: 0
                                            • API String ID: 135850232-4108050209
                                            • Opcode ID: 861342acafa3479daa35de97740a82bca3f1f25c9ee3e0d31f31d9a706338fd6
                                            • Instruction ID: ca7b83f462996cfa4db5589584a919406778e3f4ac46951a50779401c90e84e1
                                            • Opcode Fuzzy Hash: 861342acafa3479daa35de97740a82bca3f1f25c9ee3e0d31f31d9a706338fd6
                                            • Instruction Fuzzy Hash: 2E418F712043019FD720DF25D884B9ABBE8AB85324F14C61EFDA9972D1D778A904CB6A
                                            Function 004A4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,004ACC08,00000000,?,?,?,?), ref: 004A44AA
                                            • GetWindowLongW.USER32 ref: 004A44C7
                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004A44D7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$Long
                                            • String ID: SysTreeView32
                                            • API String ID: 847901565-1698111956
                                            • Opcode ID: 880e6787fa4053b923dd72c85b75bc62b710673df055dd979284f2a8ff52493d
                                            • Instruction ID: e45ae8497fde00ea699975e0baa6b1a08c5326ba50c8acc82a69c4faa1a0856d
                                            • Opcode Fuzzy Hash: 880e6787fa4053b923dd72c85b75bc62b710673df055dd979284f2a8ff52493d
                                            • Instruction Fuzzy Hash: A831B231200205AFDB208F78DC45BDB7BA9EB9A338F20472AF975922D0D7B8EC509754
                                            Function 00476E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SysReAllocString.OLEAUT32(?,?), ref: 00476EED
                                            • VariantCopyInd.OLEAUT32(?,?), ref: 00476F08
                                            • VariantClear.OLEAUT32(?), ref: 00476F12
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Variant$AllocClearCopyString
                                            • String ID: *jG
                                            • API String ID: 2173805711-3174124858
                                            • Opcode ID: 532eaa85fe75b0e4e21517a9be614e7ddc8613fb8b063b750d59b156a4094bf4
                                            • Instruction ID: ca92d3ab91f30acc51170f67dcaca04aec4c3d6986c15e87d1a0a1d2b614d77a
                                            • Opcode Fuzzy Hash: 532eaa85fe75b0e4e21517a9be614e7ddc8613fb8b063b750d59b156a4094bf4
                                            • Instruction Fuzzy Hash: 8F319071704606DBCB04AF65E8909FE3777EF45308B1144AAF90A4B2A1C7389952DBDD
                                            Function 0049304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0049335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00493077,?,?), ref: 00493378
                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0049307A
                                            • _wcslen.LIBCMT ref: 0049309B
                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 00493106
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                            • String ID: 255.255.255.255
                                            • API String ID: 946324512-2422070025
                                            • Opcode ID: b846ea03849b7cf3a037420d21f80fadcfd4415dea69e6d5f869bc7357fa7a48
                                            • Instruction ID: 2309739ad176778b1fbb4edccff78af1228bb4c28be928dd8ee4c6289cc451b6
                                            • Opcode Fuzzy Hash: b846ea03849b7cf3a037420d21f80fadcfd4415dea69e6d5f869bc7357fa7a48
                                            • Instruction Fuzzy Hash: A331D5352002019FCF20DF69C486EAA7FE0EF56319F24806AE9158B3A2D779EE45C765
                                            Function 004A3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 004A3F40
                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 004A3F54
                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 004A3F78
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$Window
                                            • String ID: SysMonthCal32
                                            • API String ID: 2326795674-1439706946
                                            • Opcode ID: 5ce5a7e0d90ce360cf40dd9a95a963fecf472e7aa1dcf475faa53c24349a72d0
                                            • Instruction ID: 1d04877282e424b2f2418c07cb5da05b41c57b7560179ae080c6b809e1507347
                                            • Opcode Fuzzy Hash: 5ce5a7e0d90ce360cf40dd9a95a963fecf472e7aa1dcf475faa53c24349a72d0
                                            • Instruction Fuzzy Hash: DA21BF32610219BFDF21CF50CC86FEB3B75EB59718F11021AFA156B1D0E6B9AC508B94
                                            Function 004A4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 004A4705
                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 004A4713
                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004A471A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$DestroyWindow
                                            • String ID: msctls_updown32
                                            • API String ID: 4014797782-2298589950
                                            • Opcode ID: d4944e9b556eb0b9e5f146698d3d0f3c0d53e2fd79fa4ba854c3605969a50de7
                                            • Instruction ID: 342302416842dbe5e8a820cf96fba1abf55ab34af325e8514b308ddfa1708659
                                            • Opcode Fuzzy Hash: d4944e9b556eb0b9e5f146698d3d0f3c0d53e2fd79fa4ba854c3605969a50de7
                                            • Instruction Fuzzy Hash: CD2162B5601244AFDB10DF68DCC1DBB37ADEB9B398B04005AFA009B361DB74EC51CA64
                                            Function 004795AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen
                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                            • API String ID: 176396367-2734436370
                                            • Opcode ID: 8fda8bfcda246549439bc663df46d0ee3ec3b9c3dd6abf6e47e3dfcfc35c12ee
                                            • Instruction ID: aa405bb422afbe7927a0bb2e7d602d9b8112f0a1fb63b39fa494f1d455cd9b62
                                            • Opcode Fuzzy Hash: 8fda8bfcda246549439bc663df46d0ee3ec3b9c3dd6abf6e47e3dfcfc35c12ee
                                            • Instruction Fuzzy Hash: 06212E7210462166D331AB269C02FF773E89F65314F54802FF94D97241EB5DAD45C29D
                                            Function 004A37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 004A3840
                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 004A3850
                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 004A3876
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$MoveWindow
                                            • String ID: Listbox
                                            • API String ID: 3315199576-2633736733
                                            • Opcode ID: 4774221057044af95b8dc44b54bbd4d565a11c2dd4b0e2acd17bb3da107af83f
                                            • Instruction ID: bdf332832c4d3c633d1f203710be3d44e1e59fcd21e73d3262a835f34456e84d
                                            • Opcode Fuzzy Hash: 4774221057044af95b8dc44b54bbd4d565a11c2dd4b0e2acd17bb3da107af83f
                                            • Instruction Fuzzy Hash: 862107726001187BEF11DF54CC80FBB376EEF9A754F10812AF9009B290D679DC518794
                                            Function 004849F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNEL32(00000001), ref: 00484A08
                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00484A5C
                                            • SetErrorMode.KERNEL32(00000000,?,?,004ACC08), ref: 00484AD0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ErrorMode$InformationVolume
                                            • String ID: %lu
                                            • API String ID: 2507767853-685833217
                                            • Opcode ID: fa5d26eb0e0566b1e5d05ecefd26c460b1112efcd8688c8e78f352778cbdedf0
                                            • Instruction ID: c4e3ee8dfc34bc2c52ffc4d8305aea6d59b9c2d21503e4231c32b609fe6cbba1
                                            • Opcode Fuzzy Hash: fa5d26eb0e0566b1e5d05ecefd26c460b1112efcd8688c8e78f352778cbdedf0
                                            • Instruction Fuzzy Hash: 0D318075A00109AFD710DF54C885EAE7BF8EF49308F1480AAE809DB352DB75ED45CB65
                                            Function 004A41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 004A424F
                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 004A4264
                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 004A4271
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID: msctls_trackbar32
                                            • API String ID: 3850602802-1010561917
                                            • Opcode ID: 803734ff345fb930105773d849f1d0ed670929e1412b7aff903d1749a56e7ad4
                                            • Instruction ID: d34ff235fa9ffbdd703f64f95d5d4ad6ceb2d31c266f3ebcbd5deaee30c8d840
                                            • Opcode Fuzzy Hash: 803734ff345fb930105773d849f1d0ed670929e1412b7aff903d1749a56e7ad4
                                            • Instruction Fuzzy Hash: 6A113A322402087EEF205F25CC45FAB3BACEFD6764F010126FA40E6190D2B5DC518B18
                                            Function 00472F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00416B57: _wcslen.LIBCMT ref: 00416B6A
                                              • Part of subcall function 00472DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00472DC5
                                              • Part of subcall function 00472DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00472DD6
                                              • Part of subcall function 00472DA7: GetCurrentThreadId.KERNEL32 ref: 00472DDD
                                              • Part of subcall function 00472DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00472DE4
                                            • GetFocus.USER32 ref: 00472F78
                                              • Part of subcall function 00472DEE: GetParent.USER32(00000000), ref: 00472DF9
                                            • GetClassNameW.USER32(?,?,00000100), ref: 00472FC3
                                            • EnumChildWindows.USER32(?,0047303B), ref: 00472FEB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                            • String ID: %s%d
                                            • API String ID: 1272988791-1110647743
                                            • Opcode ID: 938b035bf15ce9bc11b5fdff85247d92f06d5eca47bf9eac341b8ee427d3f23e
                                            • Instruction ID: 7cba6459d84f60ebceb6e958ef49e9b8f75ae700e1641ecb818d52fbb0678e4f
                                            • Opcode Fuzzy Hash: 938b035bf15ce9bc11b5fdff85247d92f06d5eca47bf9eac341b8ee427d3f23e
                                            • Instruction Fuzzy Hash: 0911E4B16002056BCF50BF718CC5FEE376AAF84308F04807BF90D9B252DE7899499B68
                                            Function 004A5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 004A58C1
                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 004A58EE
                                            • DrawMenuBar.USER32(?), ref: 004A58FD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Menu$InfoItem$Draw
                                            • String ID: 0
                                            • API String ID: 3227129158-4108050209
                                            • Opcode ID: 519690b9972db1424db28f326ed6e0868154bf624a17a3eea4951474a5933cc5
                                            • Instruction ID: 6cce3f63e860bbd74be7087d248058969e21914c936b1b22677b24cb85b8bc67
                                            • Opcode Fuzzy Hash: 519690b9972db1424db28f326ed6e0868154bf624a17a3eea4951474a5933cc5
                                            • Instruction Fuzzy Hash: 68018471500218EFDB519F11EC44BAFBBB8FF46360F1080AAF849DA251DB348A84DF25
                                            Function 0046D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0046D3BF
                                            • FreeLibrary.KERNEL32 ref: 0046D3E5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: AddressFreeLibraryProc
                                            • String ID: GetSystemWow64DirectoryW$X64
                                            • API String ID: 3013587201-2590602151
                                            • Opcode ID: f1f536a6f2a6af520e501bc44b8f85bf0ddf890d1d1d9cf08b3cb1e71b5a83b9
                                            • Instruction ID: eb3fd32eb4a23ec234452eacef63ff6ae43b5d4cafe3d40ef5ada43a0b1292ec
                                            • Opcode Fuzzy Hash: f1f536a6f2a6af520e501bc44b8f85bf0ddf890d1d1d9cf08b3cb1e71b5a83b9
                                            • Instruction Fuzzy Hash: C3F055B1F05A208BD7B102115CB4AAA3720AF11702B98C1A7EC02E9308F72CCC818ADF
                                            Function 0047007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b4e7a76b08c311a0456e80ac93ce77fd7f81d2607a6960046681a79c580d8619
                                            • Instruction ID: 30904cbb3f1f7f3b0e0d26bc88f3c04b36d29190e2af97f3209cc02610a4562d
                                            • Opcode Fuzzy Hash: b4e7a76b08c311a0456e80ac93ce77fd7f81d2607a6960046681a79c580d8619
                                            • Instruction Fuzzy Hash: 64C16C75A0120AEFDB14CFA4C894EAEB7B5FF48304F208599E909EB251D735ED42CB94
                                            Function 0049342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Variant$ClearInitInitializeUninitialize
                                            • String ID:
                                            • API String ID: 1998397398-0
                                            • Opcode ID: 3983d4b5174a8f8509d461ca3e6607f8c9bae26427699d4236e4aa1a94cb39a0
                                            • Instruction ID: 35e2ece6c6adc5468c17c6a0e55e15e1f88f114d03215012f1905c35e75a5f7d
                                            • Opcode Fuzzy Hash: 3983d4b5174a8f8509d461ca3e6607f8c9bae26427699d4236e4aa1a94cb39a0
                                            • Instruction Fuzzy Hash: 4DA16E75204300AFCB10DF25C485A5ABBE5FF89719F04885EF94A9B362DB38ED41CB5A
                                            Function 00470436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                            Download Yara Rule
                                            APIs
                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,004AFC08,?), ref: 004705F0
                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,004AFC08,?), ref: 00470608
                                            • CLSIDFromProgID.OLE32(?,?,00000000,004ACC40,000000FF,?,00000000,00000800,00000000,?,004AFC08,?), ref: 0047062D
                                            • _memcmp.LIBVCRUNTIME ref: 0047064E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: FromProg$FreeTask_memcmp
                                            • String ID:
                                            • API String ID: 314563124-0
                                            • Opcode ID: 49d480c9e0232dd85253fb5e1a619da80e2ee7ae5ab4adc54cd0f5f3244fd1b8
                                            • Instruction ID: 6666d4d76a5eabef93e750efca45d4cb71ebea393a0ee7ec06c185f2e6e5e93f
                                            • Opcode Fuzzy Hash: 49d480c9e0232dd85253fb5e1a619da80e2ee7ae5ab4adc54cd0f5f3244fd1b8
                                            • Instruction Fuzzy Hash: CB813971A00109EFCB04DF94C984EEEB7B9FF89315F208159F506AB250DB75AE06CB64
                                            Function 0049A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0049A6AC
                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0049A6BA
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                            • Process32NextW.KERNEL32(00000000,?), ref: 0049A79C
                                            • CloseHandle.KERNEL32(00000000), ref: 0049A7AB
                                              • Part of subcall function 0042CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00453303,?), ref: 0042CE8A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                            • String ID:
                                            • API String ID: 1991900642-0
                                            • Opcode ID: 9e8d8b4824c00285c48d9d3d2250dab6933684c06a020ad0ec2661b0e89a1d23
                                            • Instruction ID: df926239ac5d77136032d197bdc39203963052ccd754074aa1f0b18be269c5cb
                                            • Opcode Fuzzy Hash: 9e8d8b4824c00285c48d9d3d2250dab6933684c06a020ad0ec2661b0e89a1d23
                                            • Instruction Fuzzy Hash: 0A518171508300AFC710EF25C886A5BBBF8FF89758F40492EF58597251EB34E944CB96
                                            Function 00451391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _free
                                            • String ID:
                                            • API String ID: 269201875-0
                                            • Opcode ID: 8d07611b345f147778ec4bee98ff6eab5d28410972cbdfc56c99cc14b695cf94
                                            • Instruction ID: 9b124a8551b40aada1c48fc126a7b84a76fc1153a0df3f8410306c87279c5abc
                                            • Opcode Fuzzy Hash: 8d07611b345f147778ec4bee98ff6eab5d28410972cbdfc56c99cc14b695cf94
                                            • Instruction Fuzzy Hash: 52414131900100A7EB256BBA8C45B6F3AA4EF47379F14126BFC14D62F3E67C48495269
                                            Function 004A6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowRect.USER32(?,?), ref: 004A62E2
                                            • ScreenToClient.USER32(?,?), ref: 004A6315
                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 004A6382
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$ClientMoveRectScreen
                                            • String ID:
                                            • API String ID: 3880355969-0
                                            • Opcode ID: 4825c11e2167e88004f225f39307592f56ba0d89aacb7d7a96589b554e058f78
                                            • Instruction ID: 11bd6ad433e23e12338e730dfdeedd3a83641ac58d97fca0e4aa8655945ee193
                                            • Opcode Fuzzy Hash: 4825c11e2167e88004f225f39307592f56ba0d89aacb7d7a96589b554e058f78
                                            • Instruction Fuzzy Hash: 77515C75A00209EFCF10DF68D880AAE7BB5EB66360F15816AF8159B3A1D734ED81CB54
                                            Function 00491AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 00491AFD
                                            • WSAGetLastError.WSOCK32 ref: 00491B0B
                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00491B8A
                                            • WSAGetLastError.WSOCK32 ref: 00491B94
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast$socket
                                            • String ID:
                                            • API String ID: 1881357543-0
                                            • Opcode ID: 42d8a671c9e0dea82dfdaa88628f17149bc70e7fda7e18c5f1127a4de40f3cb9
                                            • Instruction ID: 5838e8bb0a7c4d6a5d4fc4d59643e5c8a4caa6b83900d64a435e38f72263d2ed
                                            • Opcode Fuzzy Hash: 42d8a671c9e0dea82dfdaa88628f17149bc70e7fda7e18c5f1127a4de40f3cb9
                                            • Instruction Fuzzy Hash: B041E334600201AFDB20AF25C886F667BE5AB44708F54C45DF91A8F3D3D77AED828B94
                                            Function 0044B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 827480882dd9c1f8c197c620b9e981d251778628a1b402f35e200e47cb506d8b
                                            • Instruction ID: dd47dff0d69632b1fc069f2b275dbdf994a5d5a1e7ba879f1174c8a7cf57d6d5
                                            • Opcode Fuzzy Hash: 827480882dd9c1f8c197c620b9e981d251778628a1b402f35e200e47cb506d8b
                                            • Instruction Fuzzy Hash: 21411571A00704BFE7249F39CC42BAABBA9EB88714F10852FF555DB292D379E90187D4
                                            Function 004856D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00485783
                                            • GetLastError.KERNEL32(?,00000000), ref: 004857A9
                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 004857CE
                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 004857FA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                            • String ID:
                                            • API String ID: 3321077145-0
                                            • Opcode ID: 5f0f4c100b1a50d0fc1f14d23f28f5df87dd9aa909db56d5ac9ec0e2c783b0c0
                                            • Instruction ID: 1e1c1169006bbf6b6143515db2d0c20cab159cc2f3de8a0992a1fa34eb0b59a9
                                            • Opcode Fuzzy Hash: 5f0f4c100b1a50d0fc1f14d23f28f5df87dd9aa909db56d5ac9ec0e2c783b0c0
                                            • Instruction Fuzzy Hash: 15414135600610DFCB11EF15C484A5EBBF2EF49318B18C89AE84A5B361CB38FD41CB95
                                            Function 0044D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,00436D71,00000000,00000000,004382D9,?,004382D9,?,00000001,00436D71,?,00000001,004382D9,004382D9), ref: 0044D910
                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0044D999
                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0044D9AB
                                            • __freea.LIBCMT ref: 0044D9B4
                                              • Part of subcall function 00443820: RtlAllocateHeap.NTDLL(00000000,?,004E1444,?,0042FDF5,?,?,0041A976,00000010,004E1440,004113FC,?,004113C6,?,00411129), ref: 00443852
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                            • String ID:
                                            • API String ID: 2652629310-0
                                            • Opcode ID: db6fc114a5125d9c4aeb1be850741bfce174e58f50b987c98a5e3acc735e1d1d
                                            • Instruction ID: e8bde2569c75b5926976a0984e8d8c2a6f801f9ae542add750c0619c37f1fac0
                                            • Opcode Fuzzy Hash: db6fc114a5125d9c4aeb1be850741bfce174e58f50b987c98a5e3acc735e1d1d
                                            • Instruction Fuzzy Hash: 9231CDB2A0020AABEF249F65DC81EAF7BA5EF41710F05016AFC04D6290EB39CD50CB94
                                            Function 004A52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 004A5352
                                            • GetWindowLongW.USER32(?,000000F0), ref: 004A5375
                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004A5382
                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 004A53A8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: LongWindow$InvalidateMessageRectSend
                                            • String ID:
                                            • API String ID: 3340791633-0
                                            • Opcode ID: cac88b56cb4744f60406c7bb9657527409bd96b5b70ef398f1faf8076d212c98
                                            • Instruction ID: 5e8ae4d23a4f02b47f2ee34d72c6edb614801b4ce34adc7abb237c8f3a33946b
                                            • Opcode Fuzzy Hash: cac88b56cb4744f60406c7bb9657527409bd96b5b70ef398f1faf8076d212c98
                                            • Instruction Fuzzy Hash: F231E430A55A08FFEF309E14DE45BEA3761ABA6390F584113FE11962E1C7B89D40DB4A
                                            Function 0047AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 0047ABF1
                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 0047AC0D
                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 0047AC74
                                            • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 0047ACC6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: KeyboardState$InputMessagePostSend
                                            • String ID:
                                            • API String ID: 432972143-0
                                            • Opcode ID: 2e85973924a3b6836fea5be79c1db061b3275b2a578a557089be282fa5378c83
                                            • Instruction ID: 9b7cd69b858423b3bd1728dbb7ac65d4c7f4aa9068d8a61e12e4371e9a0aec77
                                            • Opcode Fuzzy Hash: 2e85973924a3b6836fea5be79c1db061b3275b2a578a557089be282fa5378c83
                                            • Instruction Fuzzy Hash: E031F830A006187FEF36CB658809BFF7BA5ABC5310F04C21BE489522D1C37D89A5879B
                                            Function 004A7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ClientToScreen.USER32(?,?), ref: 004A769A
                                            • GetWindowRect.USER32(?,?), ref: 004A7710
                                            • PtInRect.USER32(?,?,004A8B89), ref: 004A7720
                                            • MessageBeep.USER32(00000000), ref: 004A778C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Rect$BeepClientMessageScreenWindow
                                            • String ID:
                                            • API String ID: 1352109105-0
                                            • Opcode ID: ad9f01b04d0407ebe58d1bd6a8efa648627726e7214698e0dfb4ece4a22d255d
                                            • Instruction ID: 281c847e5ef4d4bb3d3a3a44e00c7075ba0e0596c4a0cda96c2079c6931409f3
                                            • Opcode Fuzzy Hash: ad9f01b04d0407ebe58d1bd6a8efa648627726e7214698e0dfb4ece4a22d255d
                                            • Instruction Fuzzy Hash: 0D419F78605254DFCB21CF58CC94EAA77F4BB5A314F1541AAE4149B362C738B941CF98
                                            Function 004A16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetForegroundWindow.USER32 ref: 004A16EB
                                              • Part of subcall function 00473A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00473A57
                                              • Part of subcall function 00473A3D: GetCurrentThreadId.KERNEL32 ref: 00473A5E
                                              • Part of subcall function 00473A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,004725B3), ref: 00473A65
                                            • GetCaretPos.USER32(?), ref: 004A16FF
                                            • ClientToScreen.USER32(00000000,?), ref: 004A174C
                                            • GetForegroundWindow.USER32 ref: 004A1752
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                            • String ID:
                                            • API String ID: 2759813231-0
                                            • Opcode ID: c1dc95facfe6ee1440833f223fb5cfa58ea6465fa3fc6fbec1d51d8f98b5bfc7
                                            • Instruction ID: 7f96c364aa62962e8546d8dc61a75a9c9848e96c4e7ba32d5638bef45d9228bd
                                            • Opcode Fuzzy Hash: c1dc95facfe6ee1440833f223fb5cfa58ea6465fa3fc6fbec1d51d8f98b5bfc7
                                            • Instruction Fuzzy Hash: 73313D75D00249AFC700EFAAC8C18EEBBF9EF49308B5080AAE415E7251D635DE45CBA4
                                            Function 004A8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00429BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00429BB2
                                            • GetCursorPos.USER32(?), ref: 004A9001
                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00467711,?,?,?,?,?), ref: 004A9016
                                            • GetCursorPos.USER32(?), ref: 004A905E
                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00467711,?,?,?), ref: 004A9094
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                            • String ID:
                                            • API String ID: 2864067406-0
                                            • Opcode ID: 92e249b46de13416d1d93ccc39a885b4193c78241ceac73206379186a51af7de
                                            • Instruction ID: 935d4800c79c01b11d80747103308528a3e2cbb5f504a3cd88e748a6b9cab65d
                                            • Opcode Fuzzy Hash: 92e249b46de13416d1d93ccc39a885b4193c78241ceac73206379186a51af7de
                                            • Instruction Fuzzy Hash: 4B219F35604018FFCB258F94D898EEB7BB9EB4A390F14806AF9054B262C3399D90DB64
                                            Function 0047D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFileAttributesW.KERNEL32(?,004ACB68), ref: 0047D2FB
                                            • GetLastError.KERNEL32 ref: 0047D30A
                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 0047D319
                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,004ACB68), ref: 0047D376
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                            • String ID:
                                            • API String ID: 2267087916-0
                                            • Opcode ID: 2cbf998efb7b84d7c9b93faf74577725f69a0ba50cd196103bfbaaf45d0c1633
                                            • Instruction ID: a93264fde7d96f01c7be7b17843a0f24cf62a776a4c71e9b68568ef6115461f8
                                            • Opcode Fuzzy Hash: 2cbf998efb7b84d7c9b93faf74577725f69a0ba50cd196103bfbaaf45d0c1633
                                            • Instruction Fuzzy Hash: E72194709142019F8700DF24C8814EB77F4AE56368F108A1FF899C72A1DB35DD46CB9B
                                            Function 00471571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00471014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0047102A
                                              • Part of subcall function 00471014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00471036
                                              • Part of subcall function 00471014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00471045
                                              • Part of subcall function 00471014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0047104C
                                              • Part of subcall function 00471014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00471062
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 004715BE
                                            • _memcmp.LIBVCRUNTIME ref: 004715E1
                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00471617
                                            • HeapFree.KERNEL32(00000000), ref: 0047161E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                            • String ID:
                                            • API String ID: 1592001646-0
                                            • Opcode ID: 67ddbd88e4e5af09870c64dc9d6605923ecca63a1c17edca9303cd8587e4c3c5
                                            • Instruction ID: d9dfff3dabab45ceb8714f1668bca5812e270d89e350ba0174a533abbe99d602
                                            • Opcode Fuzzy Hash: 67ddbd88e4e5af09870c64dc9d6605923ecca63a1c17edca9303cd8587e4c3c5
                                            • Instruction Fuzzy Hash: 2921AE71E00108EFDF04DFA8C944BEFB7B8EF45344F18845AE445AB250E734AA04DB94
                                            Function 004A2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowLongW.USER32(?,000000EC), ref: 004A280A
                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004A2824
                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004A2832
                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 004A2840
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$Long$AttributesLayered
                                            • String ID:
                                            • API String ID: 2169480361-0
                                            • Opcode ID: dcb0d5f4f394f52609b3c722c7e2f4a3a52b9a94eaec35136a340e08ae2d89c5
                                            • Instruction ID: db56252bdc6e01d2df789c08ab52efa053a809606eb9348d55a1efcbf3e682fd
                                            • Opcode Fuzzy Hash: dcb0d5f4f394f52609b3c722c7e2f4a3a52b9a94eaec35136a340e08ae2d89c5
                                            • Instruction Fuzzy Hash: 6A212735204510BFD7149B18C944FAA7B95EF56328F14421EF4268B2D2C7B9FC82C7D4
                                            Function 004778F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00478D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0047790A,?,000000FF,?,00478754,00000000,?,0000001C,?,?), ref: 00478D8C
                                              • Part of subcall function 00478D7D: lstrcpyW.KERNEL32(00000000,?), ref: 00478DB2
                                              • Part of subcall function 00478D7D: lstrcmpiW.KERNEL32(00000000,?,0047790A,?,000000FF,?,00478754,00000000,?,0000001C,?,?), ref: 00478DE3
                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00478754,00000000,?,0000001C,?,?,00000000), ref: 00477923
                                            • lstrcpyW.KERNEL32(00000000,?), ref: 00477949
                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,00478754,00000000,?,0000001C,?,?,00000000), ref: 00477984
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: lstrcmpilstrcpylstrlen
                                            • String ID: cdecl
                                            • API String ID: 4031866154-3896280584
                                            • Opcode ID: eec3c1369b2eaa1cdcf15c873701770248133f00f6e00a2638632d0b5a6c38bb
                                            • Instruction ID: f817beb4e83c21496eaef826c97270e96265de037aa7a0ba54ec5e5f834742d1
                                            • Opcode Fuzzy Hash: eec3c1369b2eaa1cdcf15c873701770248133f00f6e00a2638632d0b5a6c38bb
                                            • Instruction Fuzzy Hash: 961106BA201201ABDB259F35D844EBB77A9FF95354B90802FF90AC7364EB359801C799
                                            Function 004A7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowLongW.USER32(?,000000F0), ref: 004A7D0B
                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 004A7D2A
                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 004A7D42
                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0048B7AD,00000000), ref: 004A7D6B
                                              • Part of subcall function 00429BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00429BB2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$Long
                                            • String ID:
                                            • API String ID: 847901565-0
                                            • Opcode ID: 4d116b3a2b0ef00409dc8062ed860a11a21c4d6f944aa111f0220a360637a86c
                                            • Instruction ID: 2ff3fdd6f282687191af6c6a1e9b2827e79318cc6051e5ebe701b8a412397121
                                            • Opcode Fuzzy Hash: 4d116b3a2b0ef00409dc8062ed860a11a21c4d6f944aa111f0220a360637a86c
                                            • Instruction Fuzzy Hash: 2711D271604664AFCB209F28CC44EAA3BA4BF46360B154325F835CB2F0D7349D11CB48
                                            Function 004A5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 004A56BB
                                            • _wcslen.LIBCMT ref: 004A56CD
                                            • _wcslen.LIBCMT ref: 004A56D8
                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 004A5816
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend_wcslen
                                            • String ID:
                                            • API String ID: 455545452-0
                                            • Opcode ID: 40fbca56e91c3880ad024139c5cd30f0f34810fba1066e50c22e1c13d253272d
                                            • Instruction ID: 93121e1a561321c9f23ce53c36f06316e67adc567e77f579c6c7e89628b9b1c7
                                            • Opcode Fuzzy Hash: 40fbca56e91c3880ad024139c5cd30f0f34810fba1066e50c22e1c13d253272d
                                            • Instruction Fuzzy Hash: 8111E47160060496DB20DF618D81AEF377CBF26364F10402BF905D6181EB789984CB69
                                            Function 00441D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 693c1b9348d53e0b407e5a73963cad68b971c5e093a46b6d6118ecbda7eda00f
                                            • Instruction ID: 9c390f9af195b6f70818d3e09ce3d1c66d0ad593979d0d7e4b33f55b196544e3
                                            • Opcode Fuzzy Hash: 693c1b9348d53e0b407e5a73963cad68b971c5e093a46b6d6118ecbda7eda00f
                                            • Instruction Fuzzy Hash: C101A2F2B056163EF62116796CC0F27661DDF423B8B34032BF531512E2DB78AC814178
                                            Function 00471A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00471A47
                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00471A59
                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00471A6F
                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00471A8A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID:
                                            • API String ID: 3850602802-0
                                            • Opcode ID: 7644f6fb94bcaf4e820bbc0acd5abd0986869e14feafce7cfe9c983fb9f9b38c
                                            • Instruction ID: c9cefd1887674e26659ef604a5fb5134bf2a5a4f64c1251a1edf0bb595c37f8d
                                            • Opcode Fuzzy Hash: 7644f6fb94bcaf4e820bbc0acd5abd0986869e14feafce7cfe9c983fb9f9b38c
                                            • Instruction Fuzzy Hash: 51113C3AD01219FFEB10DBA9CD85FEDBB78EB04750F204092E604B7290D6716E50DB98
                                            Function 0047E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentThreadId.KERNEL32 ref: 0047E1FD
                                            • MessageBoxW.USER32(?,?,?,?), ref: 0047E230
                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0047E246
                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0047E24D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                            • String ID:
                                            • API String ID: 2880819207-0
                                            • Opcode ID: c104f3af63004dd52515a7bc3390fe84f3dc41de93c5742a118a384d4a9fb2ca
                                            • Instruction ID: b6a6a592197608a640e563703b85459fdc524964f18a76730567629e4bcabd6a
                                            • Opcode Fuzzy Hash: c104f3af63004dd52515a7bc3390fe84f3dc41de93c5742a118a384d4a9fb2ca
                                            • Instruction Fuzzy Hash: 9C110876A04254BBD7019BA99C45ADF7FAC9B49310F1083A6F818E7292D6748D008BA8
                                            Function 0043D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateThread.KERNEL32(00000000,?,0043CFF9,00000000,00000004,00000000), ref: 0043D218
                                            • GetLastError.KERNEL32 ref: 0043D224
                                            • __dosmaperr.LIBCMT ref: 0043D22B
                                            • ResumeThread.KERNEL32(00000000), ref: 0043D249
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                            • String ID:
                                            • API String ID: 173952441-0
                                            • Opcode ID: 52d39bbaf73147edf9d085802b1177c033876b141600fdaad03e42d67c866e35
                                            • Instruction ID: 51834051b16dd18420ce9ff13f306668a1988137b665389d80b9f0c1e11753a7
                                            • Opcode Fuzzy Hash: 52d39bbaf73147edf9d085802b1177c033876b141600fdaad03e42d67c866e35
                                            • Instruction Fuzzy Hash: 94012632C04104BBDB105BA6EC05BAF7E68DF8A334F20126AF824921D0CF75C805C7A9
                                            Function 004A9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00429BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00429BB2
                                            • GetClientRect.USER32(?,?), ref: 004A9F31
                                            • GetCursorPos.USER32(?), ref: 004A9F3B
                                            • ScreenToClient.USER32(?,?), ref: 004A9F46
                                            • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 004A9F7A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Client$CursorLongProcRectScreenWindow
                                            • String ID:
                                            • API String ID: 4127811313-0
                                            • Opcode ID: b2dec96a9606d0f0bf73f7233cd8aa875d21695e8f204e159abdd8693184b314
                                            • Instruction ID: 98fec1e1e37514280c8ac5d622cc9169f06ebb00828e5fc2c4889cfb7e3194a3
                                            • Opcode Fuzzy Hash: b2dec96a9606d0f0bf73f7233cd8aa875d21695e8f204e159abdd8693184b314
                                            • Instruction Fuzzy Hash: D6113632A0015AAFDF14DF69D8859EE7BB8FB0A315F000466F901E7151D338BE81CBA9
                                            Function 0041600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0041604C
                                            • GetStockObject.GDI32(00000011), ref: 00416060
                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 0041606A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CreateMessageObjectSendStockWindow
                                            • String ID:
                                            • API String ID: 3970641297-0
                                            • Opcode ID: a74eaccfdf4773ea6a60f566481b17940b87a479eb4b1f57cbe54407961b4cc1
                                            • Instruction ID: ba29f56646e72325f0e0a788eb15f6c67daab6a637d514e49be6388f97691490
                                            • Opcode Fuzzy Hash: a74eaccfdf4773ea6a60f566481b17940b87a479eb4b1f57cbe54407961b4cc1
                                            • Instruction Fuzzy Hash: DE116172501549BFEF528FA49C84EEB7F69EF0D354F050116FA1456110D736DCA0DBA4
                                            Function 00433B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 00433B56
                                              • Part of subcall function 00433AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00433AD2
                                              • Part of subcall function 00433AA3: ___AdjustPointer.LIBCMT ref: 00433AED
                                            • _UnwindNestedFrames.LIBCMT ref: 00433B6B
                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00433B7C
                                            • CallCatchBlock.LIBVCRUNTIME ref: 00433BA4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                            • String ID:
                                            • API String ID: 737400349-0
                                            • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                            • Instruction ID: 68d22ebf473e438da906f1ad14b5d256cb04ca95e965f870ed07a3eb120ae729
                                            • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                            • Instruction Fuzzy Hash: 85012932100148BBDF126E96CC42EEB7B79EF9C759F04501AFE4866121C73AE961DBA4
                                            Function 00443073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,004113C6,00000000,00000000,?,0044301A,004113C6,00000000,00000000,00000000,?,0044328B,00000006,FlsSetValue), ref: 004430A5
                                            • GetLastError.KERNEL32(?,0044301A,004113C6,00000000,00000000,00000000,?,0044328B,00000006,FlsSetValue,004B2290,FlsSetValue,00000000,00000364,?,00442E46), ref: 004430B1
                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0044301A,004113C6,00000000,00000000,00000000,?,0044328B,00000006,FlsSetValue,004B2290,FlsSetValue,00000000), ref: 004430BF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: LibraryLoad$ErrorLast
                                            • String ID:
                                            • API String ID: 3177248105-0
                                            • Opcode ID: 85e838e7c8c9946ee77f27aec168ce9842e41902318da09ad6c22b4c183db6d9
                                            • Instruction ID: 20370f9e5c0777ce75d17edaff14bb9f75e7d6c47a18ce68a7c3708be8396776
                                            • Opcode Fuzzy Hash: 85e838e7c8c9946ee77f27aec168ce9842e41902318da09ad6c22b4c183db6d9
                                            • Instruction Fuzzy Hash: 29012B32741222ABEB314F789C84A577F98AF06F62B200731F906E7244C725D901C6E8
                                            Function 00477464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0047747F
                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00477497
                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 004774AC
                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 004774CA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Type$Register$FileLoadModuleNameUser
                                            • String ID:
                                            • API String ID: 1352324309-0
                                            • Opcode ID: 82e96085e238b30f4895549be0b81f59032c72a1c61f9501471e776f2b5b00dc
                                            • Instruction ID: 5d4b0b2c14d54208af231344c9bde40a44e53b31e1d546870ab09c4f8815ee54
                                            • Opcode Fuzzy Hash: 82e96085e238b30f4895549be0b81f59032c72a1c61f9501471e776f2b5b00dc
                                            • Instruction Fuzzy Hash: 5111ADB1209310ABE7208F24DD48FE27FFCEB04B00F50C56AE61AD6191D7B4E904DBA9
                                            Function 0047B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0047ACD3,?,00008000), ref: 0047B0C4
                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0047ACD3,?,00008000), ref: 0047B0E9
                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0047ACD3,?,00008000), ref: 0047B0F3
                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0047ACD3,?,00008000), ref: 0047B126
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CounterPerformanceQuerySleep
                                            • String ID:
                                            • API String ID: 2875609808-0
                                            • Opcode ID: 79138d6bb3f5784e058b7eb508b89335c1e2aed42c0ca19fde1b66e9572b415d
                                            • Instruction ID: 48d7e74df17b6057cc97bd64d346efdc4ee027ff9fb537a47fbbac906ef5a239
                                            • Opcode Fuzzy Hash: 79138d6bb3f5784e058b7eb508b89335c1e2aed42c0ca19fde1b66e9572b415d
                                            • Instruction Fuzzy Hash: 86117C30E01528D7CF00AFA4EAA87EEBF78FF0A311F408096D945B2241CB3445518B99
                                            Function 004A7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowRect.USER32(?,?), ref: 004A7E33
                                            • ScreenToClient.USER32(?,?), ref: 004A7E4B
                                            • ScreenToClient.USER32(?,?), ref: 004A7E6F
                                            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004A7E8A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ClientRectScreen$InvalidateWindow
                                            • String ID:
                                            • API String ID: 357397906-0
                                            • Opcode ID: f4560ed03012a49d04bd550790c41d4b3ef3fa89bbf29b696fb577c13db41c4e
                                            • Instruction ID: 61f820cc36747897e45c3b5af39981a38d50400be079b78ae5df7258617dea20
                                            • Opcode Fuzzy Hash: f4560ed03012a49d04bd550790c41d4b3ef3fa89bbf29b696fb577c13db41c4e
                                            • Instruction Fuzzy Hash: 2A1153B9D0020AAFDB51CF98C884AEEBBF9FF19310F509066E915E3210D735AA54CF94
                                            Function 00472DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00472DC5
                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00472DD6
                                            • GetCurrentThreadId.KERNEL32 ref: 00472DDD
                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00472DE4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                            • String ID:
                                            • API String ID: 2710830443-0
                                            • Opcode ID: 1961b794c472422b4c0de5b98f74789b9ee487e4c7e277c354c126e401f34e1a
                                            • Instruction ID: b87f01c5f10060a412492a9b1b870ec1c2e0f909fe0a99c32d192a9ea3c82a0e
                                            • Opcode Fuzzy Hash: 1961b794c472422b4c0de5b98f74789b9ee487e4c7e277c354c126e401f34e1a
                                            • Instruction Fuzzy Hash: 3AE092B16412247BD7705B729C4DFEB3E6CEF43BA1F004026F109D10809AE4C841C6B4
                                            Function 004A8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00429639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00429693
                                              • Part of subcall function 00429639: SelectObject.GDI32(?,00000000), ref: 004296A2
                                              • Part of subcall function 00429639: BeginPath.GDI32(?), ref: 004296B9
                                              • Part of subcall function 00429639: SelectObject.GDI32(?,00000000), ref: 004296E2
                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 004A8887
                                            • LineTo.GDI32(?,?,?), ref: 004A8894
                                            • EndPath.GDI32(?), ref: 004A88A4
                                            • StrokePath.GDI32(?), ref: 004A88B2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                            • String ID:
                                            • API String ID: 1539411459-0
                                            • Opcode ID: eea3409c18f287947b44ebd05b5ab5a1801d7610fb28201d391157bbadf28e96
                                            • Instruction ID: 9556261b7eb524f335d09c0165836ef93800bf7b0f5930650f5c2abbaad27742
                                            • Opcode Fuzzy Hash: eea3409c18f287947b44ebd05b5ab5a1801d7610fb28201d391157bbadf28e96
                                            • Instruction Fuzzy Hash: 7CF09A36045258FADB122F94AC4DFCE3F59AF16310F408015FA01650E2CB780511CFAD
                                            Function 004298B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSysColor.USER32(00000008), ref: 004298CC
                                            • SetTextColor.GDI32(?,?), ref: 004298D6
                                            • SetBkMode.GDI32(?,00000001), ref: 004298E9
                                            • GetStockObject.GDI32(00000005), ref: 004298F1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Color$ModeObjectStockText
                                            • String ID:
                                            • API String ID: 4037423528-0
                                            • Opcode ID: f7eb25c1e1786a791e1d19045a287f18faec2516a04ed175f5ca662420be32dc
                                            • Instruction ID: ba928036872f7c2ef7d45635bf9db5963d2cb7e7167ecdbaa58ff43519a9b47b
                                            • Opcode Fuzzy Hash: f7eb25c1e1786a791e1d19045a287f18faec2516a04ed175f5ca662420be32dc
                                            • Instruction Fuzzy Hash: 2BE06D31344280BADB615B74BC49BE93F60EB1333AF04822AF6FA581E1C77646809F15
                                            Function 0047162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentThread.KERNEL32 ref: 00471634
                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,004711D9), ref: 0047163B
                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,004711D9), ref: 00471648
                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,004711D9), ref: 0047164F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CurrentOpenProcessThreadToken
                                            • String ID:
                                            • API String ID: 3974789173-0
                                            • Opcode ID: 3455ba413995880fce21473448f674a75f37527053fdd77434d96a189192f8ac
                                            • Instruction ID: fc1552233b3613aa2d6fdab28cc4cfd17764255a119102564ca2bce572a92ddd
                                            • Opcode Fuzzy Hash: 3455ba413995880fce21473448f674a75f37527053fdd77434d96a189192f8ac
                                            • Instruction Fuzzy Hash: E9E08632601211DBD7601FE49D4DBC73F7CAF56791F148829F646D9090D6384540C798
                                            Function 0046D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDesktopWindow.USER32 ref: 0046D858
                                            • GetDC.USER32(00000000), ref: 0046D862
                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0046D882
                                            • ReleaseDC.USER32(?), ref: 0046D8A3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CapsDesktopDeviceReleaseWindow
                                            • String ID:
                                            • API String ID: 2889604237-0
                                            • Opcode ID: 206cc2fc030c076f2b7c3619b743b9ddd9b82a3a9a72c99e9cdd2e31203dea83
                                            • Instruction ID: 5cd352858558942da78eaa85d93ec0daa9dc37f8ad9d541f3266bd3bf05a2fe0
                                            • Opcode Fuzzy Hash: 206cc2fc030c076f2b7c3619b743b9ddd9b82a3a9a72c99e9cdd2e31203dea83
                                            • Instruction Fuzzy Hash: A9E01270D00204DFCB819FA1D84C6ADBFB1FB09310F108019E806E7350C73885429F49
                                            Function 0046D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDesktopWindow.USER32 ref: 0046D86C
                                            • GetDC.USER32(00000000), ref: 0046D876
                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0046D882
                                            • ReleaseDC.USER32(?), ref: 0046D8A3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CapsDesktopDeviceReleaseWindow
                                            • String ID:
                                            • API String ID: 2889604237-0
                                            • Opcode ID: c0d85b0cddf737debb096954d77e914dde948dd14f08f53024f61bdc02d8737b
                                            • Instruction ID: 825e38040d51ddbf8777e13db2eadb6bd739364f02a09a82e73b8fb59e16a5ab
                                            • Opcode Fuzzy Hash: c0d85b0cddf737debb096954d77e914dde948dd14f08f53024f61bdc02d8737b
                                            • Instruction Fuzzy Hash: 04E01A70C00204DFCB819FA0D8886ADBFB1BB08310B108019E80AE7350CB3899029F48
                                            Function 00484D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00417620: _wcslen.LIBCMT ref: 00417625
                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00484ED4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Connection_wcslen
                                            • String ID: *$LPT
                                            • API String ID: 1725874428-3443410124
                                            • Opcode ID: 1175b07ce2bf35db666979e3d756da1145977b5aeccc0d2800b57875def878c7
                                            • Instruction ID: 1d94090c200c6dc0b7fed4ee2d11222909032772910f6fb92928970a3701b455
                                            • Opcode Fuzzy Hash: 1175b07ce2bf35db666979e3d756da1145977b5aeccc0d2800b57875def878c7
                                            • Instruction Fuzzy Hash: 46916075A002059FCB14EF58C484EAEBBF1AF84308F15849EE90A9F352D739ED85CB95
                                            Function 0043E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                            Download Yara Rule
                                            APIs
                                            • __startOneArgErrorHandling.LIBCMT ref: 0043E30D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ErrorHandling__start
                                            • String ID: pow
                                            • API String ID: 3213639722-2276729525
                                            • Opcode ID: c541477f9eae421b223ac337b0553308c7fd5bd5869586c5af4cc5cd1a3c9164
                                            • Instruction ID: c04d28ee5ea6f7961f791f7f5e75919c2dd3efe30ca746397c05a6efdeb3ef80
                                            • Opcode Fuzzy Hash: c541477f9eae421b223ac337b0553308c7fd5bd5869586c5af4cc5cd1a3c9164
                                            • Instruction Fuzzy Hash: 0B518D61E1D10297EB117726C9413BB3B94EB14740F309AABE495423E9DB3C8C839A4E
                                            Function 00497771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                            Download Yara Rule
                                            APIs
                                            • CharUpperBuffW.USER32(0046569E,00000000,?,004ACC08,?,00000000,00000000), ref: 004978DD
                                              • Part of subcall function 00416B57: _wcslen.LIBCMT ref: 00416B6A
                                            • CharUpperBuffW.USER32(0046569E,00000000,?,004ACC08,00000000,?,00000000,00000000), ref: 0049783B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: BuffCharUpper$_wcslen
                                            • String ID: <sM
                                            • API String ID: 3544283678-3729773310
                                            • Opcode ID: c9ec2634dcae80c5a6fd22dc74de26056d83201dc8332cc580ec1cd9ad2a11ea
                                            • Instruction ID: c92a08bf669e093a4a5771680f773d93d8dc16ad8186d56231a0307501107d1c
                                            • Opcode Fuzzy Hash: c9ec2634dcae80c5a6fd22dc74de26056d83201dc8332cc580ec1cd9ad2a11ea
                                            • Instruction Fuzzy Hash: A2615D72924118AACF04FBA5CC91DFEB774FF14704B54412BE542A3191EF38AA85CBA9
                                            Function 0042E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: #
                                            • API String ID: 0-1885708031
                                            • Opcode ID: 49aebef3dcc2cd57a60b8b02a18426e1ef4311093efaf2207705df9fb1dd40ec
                                            • Instruction ID: d1494864bbdaf89f30e31f60b50c8359592faf2ee6d2f9fca1b07af47b4668a6
                                            • Opcode Fuzzy Hash: 49aebef3dcc2cd57a60b8b02a18426e1ef4311093efaf2207705df9fb1dd40ec
                                            • Instruction Fuzzy Hash: BC511339600256DFDB14DF2AD0816FA7BA4EF15310F64405BE8929B390E6389D43CBAA
                                            Function 0042F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Sleep.KERNEL32(00000000), ref: 0042F2A2
                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 0042F2BB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: GlobalMemorySleepStatus
                                            • String ID: @
                                            • API String ID: 2783356886-2766056989
                                            • Opcode ID: dc8d2e6aadaa68db752db86bd477804e8a53291406bff81c9315c621c7055a8e
                                            • Instruction ID: 5de2cd8dd683cedd83241b537659f01411918906c5e7ea9c5befa9025096f3bb
                                            • Opcode Fuzzy Hash: dc8d2e6aadaa68db752db86bd477804e8a53291406bff81c9315c621c7055a8e
                                            • Instruction Fuzzy Hash: A95146714087449BD320AF11DC86BAFBBF8FF85304F81885EF1D9421A5EB348569CB6A
                                            Function 00495745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                            Download Yara Rule
                                            APIs
                                            • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 004957E0
                                            • _wcslen.LIBCMT ref: 004957EC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: BuffCharUpper_wcslen
                                            • String ID: CALLARGARRAY
                                            • API String ID: 157775604-1150593374
                                            • Opcode ID: 38ab726e50b65e24aedfe1b2afc111f53c3718e96370b089cb0f54b69633b305
                                            • Instruction ID: fecf3f0de0c00c7a87670555f7d7806ca9bdb838620be0d1e54a475a5b7f74bc
                                            • Opcode Fuzzy Hash: 38ab726e50b65e24aedfe1b2afc111f53c3718e96370b089cb0f54b69633b305
                                            • Instruction Fuzzy Hash: 5A41B131A001059FCF04EFAAC8818EEBBB5EF59324F20806EE505A7351D7389D81CB98
                                            Function 0048D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _wcslen.LIBCMT ref: 0048D130
                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0048D13A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CrackInternet_wcslen
                                            • String ID: |
                                            • API String ID: 596671847-2343686810
                                            • Opcode ID: 0f42ad192cde520660dceabc2e82da7ebe21aa6c3c6d06947fb414a29ed9cbbe
                                            • Instruction ID: 4ec16e2f8a02741809843c60be763da7acbd863f6feddf6464bfc120ed63ca6c
                                            • Opcode Fuzzy Hash: 0f42ad192cde520660dceabc2e82da7ebe21aa6c3c6d06947fb414a29ed9cbbe
                                            • Instruction Fuzzy Hash: 7C315D71D01209ABCF15EFA5CC85AEF7FB9FF08304F00001AF815A6261DB39AA56CB58
                                            Function 004A356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                            Download Yara Rule
                                            APIs
                                            • DestroyWindow.USER32(?,?,?,?), ref: 004A3621
                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 004A365C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$DestroyMove
                                            • String ID: static
                                            • API String ID: 2139405536-2160076837
                                            • Opcode ID: 1f71df5a5a77e6e7771f92438353676df90a110b90d831d3826a04c599156710
                                            • Instruction ID: 8937a241c43aba85c805cb7b0db8d41b42f9b532453bcbb288420416fe032ca8
                                            • Opcode Fuzzy Hash: 1f71df5a5a77e6e7771f92438353676df90a110b90d831d3826a04c599156710
                                            • Instruction Fuzzy Hash: 7D319071500204AEDB20DF68DC80EFB73A9FF59724F10861EF8A597290DA39ED81D768
                                            Function 004A4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 004A461F
                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 004A4634
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID: '
                                            • API String ID: 3850602802-1997036262
                                            • Opcode ID: f25b8ee910870c299010f727b1a0761f46c2517f703832a08c5d93b4dc2b909a
                                            • Instruction ID: 278866432a75f6133ca306e8ddf808b26519ac4dd7dbd476b3541e700e7534b6
                                            • Opcode Fuzzy Hash: f25b8ee910870c299010f727b1a0761f46c2517f703832a08c5d93b4dc2b909a
                                            • Instruction Fuzzy Hash: 39311B74E01209AFDB14CF69C990BDE7BB5FF9A300F14406AEA059B391D7B4A941CF94
                                            Function 004A31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 004A327C
                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004A3287
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID: Combobox
                                            • API String ID: 3850602802-2096851135
                                            • Opcode ID: b1d59199b9493c6c8e63c270eb6c027d4a14f9ca47bf8893780fb42ba3ea9825
                                            • Instruction ID: 54686100568eec7a8c935302bead1e7db38eb0012482e362aaae7e6dfa3c28c5
                                            • Opcode Fuzzy Hash: b1d59199b9493c6c8e63c270eb6c027d4a14f9ca47bf8893780fb42ba3ea9825
                                            • Instruction Fuzzy Hash: EF1193722002086FEF119E94DC81FAB3B5AEB663A5F10416AF9149B290E6399D518764
                                            Function 004A3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0041600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0041604C
                                              • Part of subcall function 0041600E: GetStockObject.GDI32(00000011), ref: 00416060
                                              • Part of subcall function 0041600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0041606A
                                            • GetWindowRect.USER32(00000000,?), ref: 004A377A
                                            • GetSysColor.USER32(00000012), ref: 004A3794
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                            • String ID: static
                                            • API String ID: 1983116058-2160076837
                                            • Opcode ID: e85d33f2f1c8c52e90ed52269ce52bcf9719eb891b3c35dd2b9530ef3ea4f1b7
                                            • Instruction ID: bdd8f7fc03df8967f961e44d2b56473a3d04c898315fbc28adba98d6e1c52ab1
                                            • Opcode Fuzzy Hash: e85d33f2f1c8c52e90ed52269ce52bcf9719eb891b3c35dd2b9530ef3ea4f1b7
                                            • Instruction Fuzzy Hash: D3116AB6610209AFDF00DFA8CC45EFA7BF8FB19304F004529F955E2250E739E8519B64
                                            Function 0048CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0048CD7D
                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0048CDA6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Internet$OpenOption
                                            • String ID: <local>
                                            • API String ID: 942729171-4266983199
                                            • Opcode ID: 4afbfe6e8ee70762d17c05ffac33ec09628ccfd59cf3e82305d0ced5c9b477a6
                                            • Instruction ID: 19456566e32879ac0b5af74dc50621a8bdbcddc167b6e4dcd556ac2dc9d8c7df
                                            • Opcode Fuzzy Hash: 4afbfe6e8ee70762d17c05ffac33ec09628ccfd59cf3e82305d0ced5c9b477a6
                                            • Instruction Fuzzy Hash: 7A11E3712416327AD7246B668CC4EEBBEE8EB127A4F004637B10983180D7789841D7F4
                                            Function 004A3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowTextLengthW.USER32(00000000), ref: 004A34AB
                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 004A34BA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: LengthMessageSendTextWindow
                                            • String ID: edit
                                            • API String ID: 2978978980-2167791130
                                            • Opcode ID: 4e3cd975b0a13c5e1b44f130cbb2c8e140051d1bd924939cc63ceb11bdba65cd
                                            • Instruction ID: a6e0907f39db4a5a7b6c3bb6136229ef838c7ab2d80f2b8e05752251d133655b
                                            • Opcode Fuzzy Hash: 4e3cd975b0a13c5e1b44f130cbb2c8e140051d1bd924939cc63ceb11bdba65cd
                                            • Instruction Fuzzy Hash: 9611C471100104AFEB118E64DC80EFB3B69EF2A379F504325F960972D0D739DC519B58
                                            Function 00476C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                            • CharUpperBuffW.USER32(?,?,?), ref: 00476CB6
                                            • _wcslen.LIBCMT ref: 00476CC2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$BuffCharUpper
                                            • String ID: STOP
                                            • API String ID: 1256254125-2411985666
                                            • Opcode ID: 28679206a62af0a6341246020714314981fdf7c4775266c18473adb34a187ebb
                                            • Instruction ID: fe879a97793a3b7b280228da589abbb9b2d4c344b4264b584bd2dda403f9af9e
                                            • Opcode Fuzzy Hash: 28679206a62af0a6341246020714314981fdf7c4775266c18473adb34a187ebb
                                            • Instruction Fuzzy Hash: 660148326109268ACB219FBDDC809FF33A6EA60314702492AE85692280EB39D940C648
                                            Function 00471CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                              • Part of subcall function 00473CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00473CCA
                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00471D4C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ClassMessageNameSend_wcslen
                                            • String ID: ComboBox$ListBox
                                            • API String ID: 624084870-1403004172
                                            • Opcode ID: 754bd2daca0ae118a86f4789fe8cf7d4a8e1b534b7b5685d598d8ad6ccd6b750
                                            • Instruction ID: 914823559c697b7bf5af6e385ce19973813a0a27070786d89d12d907195b4341
                                            • Opcode Fuzzy Hash: 754bd2daca0ae118a86f4789fe8cf7d4a8e1b534b7b5685d598d8ad6ccd6b750
                                            • Instruction Fuzzy Hash: E2012831600214ABCB24EFA8CC61DFF7368EB02394B10451FF866573D1EE3869088AA8
                                            Function 00471BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                              • Part of subcall function 00473CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00473CCA
                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 00471C46
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ClassMessageNameSend_wcslen
                                            • String ID: ComboBox$ListBox
                                            • API String ID: 624084870-1403004172
                                            • Opcode ID: 4c5d420a037254e331186d5a6b6747f452be9085ff02c8fc159ab0cf92dde320
                                            • Instruction ID: 11eca5a5cf8bca3fd7a44a9eab4ff858f99e890d3ed6015f3b0095c26d1f9fdd
                                            • Opcode Fuzzy Hash: 4c5d420a037254e331186d5a6b6747f452be9085ff02c8fc159ab0cf92dde320
                                            • Instruction Fuzzy Hash: 5A01FC717801046ECB15EBD4C962AFF77A89B11380F20001FE90B772D1EE289E08D6BD
                                            Function 00471C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                              • Part of subcall function 00473CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00473CCA
                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 00471CC8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ClassMessageNameSend_wcslen
                                            • String ID: ComboBox$ListBox
                                            • API String ID: 624084870-1403004172
                                            • Opcode ID: 78fc446232209b0b3c7e05bd25b074cdb5fa567e49b447faa858cc3da8dc3a8a
                                            • Instruction ID: 2ac1804088f680de8ca56071237e32e4dc760bc0a5e2c22bd6785422de5ffd33
                                            • Opcode Fuzzy Hash: 78fc446232209b0b3c7e05bd25b074cdb5fa567e49b447faa858cc3da8dc3a8a
                                            • Instruction Fuzzy Hash: ED01DB717801146BCB15EBD5CA12AFF77A89B11384F14401BB84673391EA289F08D6BD
                                            Function 0042A4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                            Download Yara Rule
                                            APIs
                                            • __Init_thread_footer.LIBCMT ref: 0042A529
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Init_thread_footer_wcslen
                                            • String ID: ,%N$3yF
                                            • API String ID: 2551934079-1307360129
                                            • Opcode ID: 7b2f2f27f5562ce8b3f0f84e7b84a4e513193e90cb91a220e176ecfec074d2a4
                                            • Instruction ID: 418cc78926548de2aaadc308080e2dde2569313f4241651e4a3aa4fbcfa0507b
                                            • Opcode Fuzzy Hash: 7b2f2f27f5562ce8b3f0f84e7b84a4e513193e90cb91a220e176ecfec074d2a4
                                            • Instruction Fuzzy Hash: 8B014C3270012067C500F769F967A9E73649B09715F90006FFD025B2C3DE9CAD818A8F
                                            Function 00471D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00419CB3: _wcslen.LIBCMT ref: 00419CBD
                                              • Part of subcall function 00473CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00473CCA
                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00471DD3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ClassMessageNameSend_wcslen
                                            • String ID: ComboBox$ListBox
                                            • API String ID: 624084870-1403004172
                                            • Opcode ID: d89a502856e5c39345818e1652a6763f8d1621af43f45de5698e166956a836ad
                                            • Instruction ID: 2df90902ee7775ed1b6f2547434549fadf35ecf2c0f6341087b614a88b0ce741
                                            • Opcode Fuzzy Hash: d89a502856e5c39345818e1652a6763f8d1621af43f45de5698e166956a836ad
                                            • Instruction Fuzzy Hash: 09F0FE71B5021466C714F7A5CC62BFF7768AB01344F04091BF866632D1DE786D08866C
                                            Function 0042FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00430668
                                              • Part of subcall function 004332A4: RaiseException.KERNEL32(?,?,?,0043068A,?,004E1444,?,?,?,?,?,?,0043068A,00411129,004D8738,00411129), ref: 00433304
                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00430685
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Exception@8Throw$ExceptionRaise
                                            • String ID: Unknown exception
                                            • API String ID: 3476068407-410509341
                                            • Opcode ID: b78c977deb9c4c786a2f3be18881a6f46ee4f886239b74d998b4640a139e978e
                                            • Instruction ID: 8a9ef89cd59e2d12a381263514402eb75b796a092c879378687861d6288dc8f0
                                            • Opcode Fuzzy Hash: b78c977deb9c4c786a2f3be18881a6f46ee4f886239b74d998b4640a139e978e
                                            • Instruction Fuzzy Hash: CBF0283090020C73CB00FAA6E856D9F777C5E04314FA0423BB814D16D5EF78DA59C58C
                                            Function 004A8172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,004E3018,004E305C), ref: 004A81BF
                                            • CloseHandle.KERNEL32 ref: 004A81D1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CloseCreateHandleProcess
                                            • String ID: \0N
                                            • API String ID: 3712363035-3569702050
                                            • Opcode ID: 60acf8a30cfbb372649baab865151f6d3e172417c6cf7604e4b4697a06d41dfd
                                            • Instruction ID: ac006691daa3690efdf5ddb45997eb7ada6350a0a05ec75d14e756c896bc5d97
                                            • Opcode Fuzzy Hash: 60acf8a30cfbb372649baab865151f6d3e172417c6cf7604e4b4697a06d41dfd
                                            • Instruction Fuzzy Hash: 3DF054B1640340BAE6616F616C89FB73A5CDB05756F004475BF08DA1A3D6798E0083BC
                                            Function 0049747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen
                                            • String ID: 3, 3, 16, 1
                                            • API String ID: 176396367-3042988571
                                            • Opcode ID: 1cde1e7e7372e767e44e90f64e3df7da0352d4813d922a60028896fabef41036
                                            • Instruction ID: 90c704d3f70c523181b90308de5ed625ea18abe4a02a594f8ea51ce15fdf8812
                                            • Opcode Fuzzy Hash: 1cde1e7e7372e767e44e90f64e3df7da0352d4813d922a60028896fabef41036
                                            • Instruction Fuzzy Hash: 1EE02B42224220149731127B9CC1BBF5F89CFCD7A0B14283FF985C2367EA9C9D9193A8
                                            Function 00470B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00470B23
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Message
                                            • String ID: AutoIt$Error allocating memory.
                                            • API String ID: 2030045667-4017498283
                                            • Opcode ID: e6907a930585c176790c8c6eba74d7f8bbb18a0ddd39ab7c9c7afaa1c90580a6
                                            • Instruction ID: a42289d3ac2214fb02ac44b21cf6d6b90d49e3f233e2d72406c7fd7d07a05a55
                                            • Opcode Fuzzy Hash: e6907a930585c176790c8c6eba74d7f8bbb18a0ddd39ab7c9c7afaa1c90580a6
                                            • Instruction Fuzzy Hash: A9E0D83134431826D21037957C43FCA7A848F06B24F60447FF758555C38FE9649046ED
                                            Function 00430D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00430D71,?,?,?,0041100A), ref: 0042F7CE
                                            • IsDebuggerPresent.KERNEL32(?,?,?,0041100A), ref: 00430D75
                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0041100A), ref: 00430D84
                                            Strings
                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00430D7F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                            • API String ID: 55579361-631824599
                                            • Opcode ID: 2c39a0950ae133ec544b63240841dce21304ca243dc62553b66265d6e6fb363c
                                            • Instruction ID: fed07d5464822113cbf13297c14df28a0f1cf339b4b02f850a8d5e0c6761e53d
                                            • Opcode Fuzzy Hash: 2c39a0950ae133ec544b63240841dce21304ca243dc62553b66265d6e6fb363c
                                            • Instruction Fuzzy Hash: 7FE06D702003518BD3709FB9E4543867BE0AF19744F008A7EE486C6651DBB8E4888B99
                                            Function 0042E398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                            Download Yara Rule
                                            APIs
                                            • __Init_thread_footer.LIBCMT ref: 0042E3D5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Init_thread_footer
                                            • String ID: 0%N$8%N
                                            • API String ID: 1385522511-4178720944
                                            • Opcode ID: 1a65213d45a7382c7eb62b61db8cafba2428eeae527ef17dadff786e3ed0ca5f
                                            • Instruction ID: fe2658506b5da9ddbca61f73aa50c2cbb097b142b5be2b8b4e8245d42afc07b8
                                            • Opcode Fuzzy Hash: 1a65213d45a7382c7eb62b61db8cafba2428eeae527ef17dadff786e3ed0ca5f
                                            • Instruction Fuzzy Hash: 50E02031500A74DBC604D71BB7A4AAF3359AB09325BD012BFE401CB2D6DBFC5841874D
                                            Function 00483017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0048302F
                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00483044
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: Temp$FileNamePath
                                            • String ID: aut
                                            • API String ID: 3285503233-3010740371
                                            • Opcode ID: 11c526f36e3c188cb80f89da331bfd841544ce71cd9543a0fd7ae46f3d6a4e90
                                            • Instruction ID: acc32a86bd11759125ece02d5ff1fd36f6b75eef3aca50bf20289742e6806fbc
                                            • Opcode Fuzzy Hash: 11c526f36e3c188cb80f89da331bfd841544ce71cd9543a0fd7ae46f3d6a4e90
                                            • Instruction Fuzzy Hash: 0FD05E7290032867DA60A7A4AD4EFCB3F6CDB06750F0002A2B696E2191DAB49984CAD4
                                            Function 0046D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: LocalTime
                                            • String ID: %.3d$X64
                                            • API String ID: 481472006-1077770165
                                            • Opcode ID: 81253f641a5f5a98bce394ca3813c4d588d245ec96745857b2e480dcbb16bba2
                                            • Instruction ID: b52bc46e5dbfe121733fdbbb5c8bc0e645825aa0327b4366d18fcb6b8ed470db
                                            • Opcode Fuzzy Hash: 81253f641a5f5a98bce394ca3813c4d588d245ec96745857b2e480dcbb16bba2
                                            • Instruction Fuzzy Hash: 1FD012A1E08118E9CB9096D0DC559B9B77CAB09301FA084A3F80691040F72CD50AA76B
                                            Function 004A2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 004A236C
                                            • PostMessageW.USER32(00000000), ref: 004A2373
                                              • Part of subcall function 0047E97B: Sleep.KERNEL32 ref: 0047E9F3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: FindMessagePostSleepWindow
                                            • String ID: Shell_TrayWnd
                                            • API String ID: 529655941-2988720461
                                            • Opcode ID: ef623e423fce3f4c13e426aeadd1932239369e4a202ec3da9f49cd73249a9671
                                            • Instruction ID: ac2c67cecc9d447b77a96a90aaa07736c04624373e17cb5b240df6172f4988f3
                                            • Opcode Fuzzy Hash: ef623e423fce3f4c13e426aeadd1932239369e4a202ec3da9f49cd73249a9671
                                            • Instruction Fuzzy Hash: 7BD0C972781310BAE6A4A7719C4FFC66A189B16B14F114A277755AA1D0C9A4A8018A5C
                                            Function 004A2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 004A232C
                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 004A233F
                                              • Part of subcall function 0047E97B: Sleep.KERNEL32 ref: 0047E9F3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: FindMessagePostSleepWindow
                                            • String ID: Shell_TrayWnd
                                            • API String ID: 529655941-2988720461
                                            • Opcode ID: af98946ad667410fa349bd09b5931b714950f24c2c57bd5ad1c7f2d7ad803ee7
                                            • Instruction ID: fbc913306e8adad24e6f473218d0bebb824e358e1fcdcdf04cf82b47add152f2
                                            • Opcode Fuzzy Hash: af98946ad667410fa349bd09b5931b714950f24c2c57bd5ad1c7f2d7ad803ee7
                                            • Instruction Fuzzy Hash: 02D02272380310B7E6A4B731DC4FFC67E089B01B00F004A277309AA1D0C8F4A800CA0C
                                            Function 0044BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0044BE93
                                            • GetLastError.KERNEL32 ref: 0044BEA1
                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0044BEFC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008348354.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                            • Associated: 00000000.00000002.2008329097.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004AC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008432298.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008484406.00000000004DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2008503893.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_410000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$ErrorLast
                                            • String ID:
                                            • API String ID: 1717984340-0
                                            • Opcode ID: a84eb85021e8eb5e9d6ef0a14d8cf467337e9c20b204cceea047fb96caf03d36
                                            • Instruction ID: 1947c439c0b93cd07f071c629bc83deeccab36d190e152f0ca2929ce10f0a4f5
                                            • Opcode Fuzzy Hash: a84eb85021e8eb5e9d6ef0a14d8cf467337e9c20b204cceea047fb96caf03d36
                                            • Instruction Fuzzy Hash: F441F634600206AFEF218F65CC44ABBBBA4EF46310F24816BF95D972A1DB35CC05DB99