Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1505353
MD5:cf73057ebaa15bfad9eb26c58673a09f
SHA1:3022deaa181fff7fe21b48a8017b7c184fc431e2
SHA256:942a8b027add73486e63e0565d9a51f7d15f6db2e793c008d711d56f58d00000
Tags:exe
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Maps a DLL or memory area into another process
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7680 cmdline: "C:\Users\user\Desktop\file.exe" MD5: CF73057EBAA15BFAD9EB26C58673A09F)
    • msedge.exe (PID: 7716 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 8072 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2160,i,12230124346350487686,4586289073362470680,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 7736 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7900 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7944 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 9036 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2272 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2208 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60045bef-c6b5-4b83-a1d5-475441a028f4} 7944 "\\.\pipe\gecko-crash-server-pipe.7944" 13c7826b310 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 9320 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4136 -parentBuildID 20230927232528 -prefsHandle 4144 -prefMapHandle 4140 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fc346fd-9362-40ab-a4e2-817e26eddda9} 7944 "\\.\pipe\gecko-crash-server-pipe.7944" 13c0a450f10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 8040 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 980 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2612 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8844 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6460 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8916 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6660 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • identity_helper.exe (PID: 8812 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7236 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • identity_helper.exe (PID: 8700 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7236 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • msedge.exe (PID: 9160 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6456 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 10104 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8176 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2024,i,1286031549067182449,3591622684880589910,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 8760 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9836 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2020,i,4537570677945774766,5280682517865062505,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeReversingLabs: Detection: 26%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:64029 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:64032 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:64036 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:64044 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64043 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:64046 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.120:443 -> 192.168.2.4:64045 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.120:443 -> 192.168.2.4:64049 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64052 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64051 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64050 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:64054 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64058 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64057 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64059 version: TLS 1.2
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_008FDBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009068EE FindFirstFileW,FindClose,0_2_009068EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0090698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008FD076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008FD3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00909642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00909642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0090979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00909B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00909B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00905C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00905C97
Source: firefox.exeMemory has grown: Private usage: 1MB later: 93MB
Source: global trafficTCP traffic: 192.168.2.4:64022 -> 1.1.1.1:53
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 23.96.180.189 23.96.180.189
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknownTCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknownTCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknownTCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0090CE44
Source: global trafficHTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /v4/api/selection?placement=88000360&nct=1&fmt=json&ADEFAB=1&OPSYS=WIN10&locale=en-GB&country=CH&edgeid=8684241135348538038&ACHANNEL=4&ABUILD=117.0.5938.132&poptin=0&devosver=10.0.19045.2006&clr=esdk&UITHEME=light&EPCON=0&AMAJOR=117&AMINOR=0&ABLD=5938&APATCH=132 HTTP/1.1Host: arc.msn.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726194545&P2=404&P3=2&P4=ivlTTU8PJHcO%2bYUXZdv9L2b%2bcXx377nank8KX5knyJZ%2bbXDAq0tO4gj9zf4x2xw4MoxU1wef1XjsggZSzUWgzQ%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: hTbIEGYFFur6PbAV4JOVirSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8SeTfecz+acdClL&MD=oBV8zNce HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8SeTfecz+acdClL&MD=oBV8zNce HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1897967772.0000013C05152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1897967772.0000013C05152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.1824454672.0000013C09345000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1891227603.0000013C09345000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1788074266.0000013C09345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.1824454672.0000013C09345000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1891227603.0000013C09345000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1788074266.0000013C09345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2046123680.0000013C089E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365257451.0000013C089D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: firefox.exe, 00000005.00000003.1893342778.0000013C07C9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000005.00000003.2382778434.0000013C063EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120089067.0000013C0832A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000005.00000003.2079665954.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119666313.0000013C0833D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381784069.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382592979.0000013C0833D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000005.00000003.2079665954.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119666313.0000013C0833D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381784069.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382592979.0000013C0833D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2079665954.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119666313.0000013C0833D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381784069.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382592979.0000013C0833D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2079665954.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119666313.0000013C0833D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381784069.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382592979.0000013C0833D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2079665954.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119666313.0000013C0833D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381784069.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382592979.0000013C0833D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2079665954.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119666313.0000013C0833D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381784069.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382592979.0000013C0833D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2079665954.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119666313.0000013C0833D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381784069.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382592979.0000013C0833D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000005.00000003.2079665954.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119666313.0000013C0833D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381784069.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382592979.0000013C0833D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000005.00000003.2079665954.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119666313.0000013C0833D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381784069.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382592979.0000013C0833D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2382592979.0000013C0833D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2079665954.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119666313.0000013C0833D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381784069.0000013C0A5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382592979.0000013C0833D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.1894467977.0000013C063D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2082724772.0000013C0BDB6000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000005.00000003.2382778434.0000013C063EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000005.00000003.1888791023.0000013C0AB36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1891594018.0000013C08D9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382376493.0000013C08D9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000005.00000003.2382778434.0000013C063EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000005.00000003.2382778434.0000013C063EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000005.00000003.2357616870.0000013C7FA3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2357874733.0000013C7FA3C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2358458553.0000013C7FA3F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2358861735.0000013C7FA32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2358737312.0000013C7FA32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2359202066.0000013C7FA3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2358203493.0000013C7FA30000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2362927441.0000013C7FA3E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2359606039.0000013C7FA3E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2358620317.0000013C7FA3F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2361889967.0000013C7FA30000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2362154696.0000013C7FA30000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2357968093.0000013C7FA3E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2358344079.0000013C7FA32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2362609005.0000013C7FA35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381227779.0000013C7F126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2078872758.0000013C7F126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887293236.0000013C7F126000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000005.00000003.2082204070.0000013C7F171000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1839291888.0000013C7F16E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1886548414.0000013C7F16E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F16E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381227779.0000013C7F126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2078872758.0000013C7F126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887293236.0000013C7F126000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000005.00000003.2082204070.0000013C7F171000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1839291888.0000013C7F16E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1886548414.0000013C7F16E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F16E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381227779.0000013C7F126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2078872758.0000013C7F126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887293236.0000013C7F126000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000005.00000003.1787011679.0000013C0A4B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1787011679.0000013C0A4D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1892622401.0000013C085C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1834106046.0000013C084D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1834106046.0000013C084FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1834357907.0000013C059F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1786871951.0000013C0A5F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829412390.0000013C084ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363724523.0000013C084FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079665954.0000013C0A5BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079665954.0000013C0A5F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2086547613.0000013C08D26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2121628590.0000013C084FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823834644.0000013C0A5BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083398343.0000013C0ABAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381784069.0000013C0A5BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1787011679.0000013C0A4C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829412390.0000013C084FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363724523.0000013C084D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119386432.0000013C08584000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2047276542.0000013C0577C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2082724772.0000013C0BDB6000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000005.00000003.1894467977.0000013C063D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000005.00000003.1894467977.0000013C063D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000005.00000003.2356643069.0000013C7FA32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2356745406.0000013C7FA32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.agfamonotype.F=
Source: firefox.exe, 00000005.00000003.2375258862.0000013C7FA40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: firefox.exe, 00000005.00000003.2435758962.0000013C7FA33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com
Source: firefox.exe, 00000005.00000003.2437762535.0000013C09C78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: firefox.exe, 00000005.00000003.2354037840.0000013C7FA36000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2355665160.0000013C7FA35000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2362609005.0000013C7FA35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: firefox.exe, 00000005.00000003.2357874733.0000013C7FA3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: firefox.exe, 00000005.00000003.2355636841.0000013C7FA30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/S
Source: firefox.exe, 00000005.00000003.2362545638.0000013C7FA46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
Source: firefox.exe, 00000005.00000003.2355636841.0000013C7FA30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersLatn
Source: firefox.exe, 00000005.00000003.2371564681.0000013C7FA35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comco
Source: firefox.exe, 00000005.00000003.2371564681.0000013C7FA35000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2371473992.0000013C7FA35000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2372184594.0000013C7FA30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comh
Source: firefox.exe, 00000005.00000003.2367462831.0000013C7FA34000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367626443.0000013C7FA35000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367961745.0000013C7FA35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: firefox.exe, 00000005.00000003.2367462831.0000013C7FA34000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367626443.0000013C7FA35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
Source: firefox.exe, 00000005.00000003.2362609005.0000013C7FA35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/
Source: firefox.exe, 00000005.00000003.2362609005.0000013C7FA35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/F
Source: firefox.exe, 00000005.00000003.2362545638.0000013C7FA46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: firefox.exe, 00000005.00000003.2362609005.0000013C7FA35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/ue
Source: firefox.exe, 00000005.00000003.1894467977.0000013C063D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000005.00000003.2372184594.0000013C7FA30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype./=yEm
Source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2082724772.0000013C0BDB6000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000005.00000003.2118438479.0000013C09463000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000005.00000003.1896867380.0000013C05780000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1787902184.0000013C09370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1885566515.0000013C7FBCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081537013.0000013C7FBCB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000005.00000003.1824139079.0000013C0A55B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulg
Source: firefox.exe, 00000005.00000003.2355315318.0000013C7FA31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2355244838.0000013C7FA36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: firefox.exe, 00000005.00000003.2437762535.0000013C09C78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: firefox.exe, 00000005.00000003.2437762535.0000013C09C78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: mozilla-temp-41.5.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000005.00000003.1736650478.0000013C08117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738086784.0000013C08141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738728978.0000013C0816C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738904432.0000013C08181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1735587458.0000013C07C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738526406.0000013C08157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1737760521.0000013C0812C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000005.00000003.1839608429.0000013C0B756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000005.00000003.2381784069.0000013C0A5B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823834644.0000013C0A5B2000.00000004.00000800.00020000.00000000.sdmp, Session_13370063341943344.6.drString found in binary or memory: https://accounts.google.com
Source: 000003.log3.6.dr, Session_13370063341943344.6.drString found in binary or memory: https://accounts.google.com/
Source: History.6.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: firefox.exe, 0000000C.00000002.2902247987.0000026BB54EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?se5v
Source: History.6.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Session_13370063341943344.6.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.6.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: file.exe, 00000000.00000002.1662766803.00000000010FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1657741990.000000000111F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000002.1661016996.0000026ADAB82000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1660278899.0000026ADAB7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000C.00000002.2902247987.0000026BB54EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_C(vY
Source: file.exe, 00000000.00000003.1657741990.00000000010FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1662766803.00000000010FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwde.
Source: file.exe, 00000000.00000003.1657741990.00000000010FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1662766803.00000000010FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdx
Source: History.6.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: firefox.exe, 00000005.00000003.1895114129.0000013C0638D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000005.00000003.2046123680.0000013C089E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365257451.0000013C089D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382808654.0000013C05161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000005.00000003.2119666313.0000013C0833D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382592979.0000013C0833D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000005.00000003.2119666313.0000013C0833D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382592979.0000013C0833D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000005.00000003.2080688918.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1839291888.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1897967772.0000013C05152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842542547.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2903883826.0000026BB58CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2902518747.000001A583BF2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: firefox.exe, 00000005.00000003.2080688918.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1839291888.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1897967772.0000013C05152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842542547.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2903883826.0000026BB58CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2902518747.000001A583BF2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: Reporting and NEL.6.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.6.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.6.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Network Persistent State0.6.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json0.6.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.6.drString found in binary or memory: https://chromewebstore.google.com/
Source: 19582b8d-749f-4aa6-8d8b-ae3407df213d.tmp.8.drString found in binary or memory: https://clients2.google.com
Source: manifest.json.6.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 19582b8d-749f-4aa6-8d8b-ae3407df213d.tmp.8.drString found in binary or memory: https://clients2.googleusercontent.com
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000005.00000003.1736650478.0000013C08117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738086784.0000013C08141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738728978.0000013C0816C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738904432.0000013C08181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1735587458.0000013C07C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738526406.0000013C08157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1737760521.0000013C0812C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000005.00000003.2080688918.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1839291888.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1897967772.0000013C05152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842542547.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2903883826.0000026BB58CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2902518747.000001A583BF2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: firefox.exe, 00000005.00000003.2080688918.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1839291888.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1897967772.0000013C05152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842542547.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2903883826.0000026BB58CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2902518747.000001A583BF2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: Reporting and NEL.6.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.6.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.6.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.6.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000005.00000003.2085101470.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2080210874.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000005.00000003.2085101470.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2080210874.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000005.00000003.2085101470.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2080210874.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture#?
Source: firefox.exe, 00000005.00000003.2085101470.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2080210874.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElem
Source: firefox.exe, 00000005.00000003.2085101470.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2080210874.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json.6.drString found in binary or memory: https://docs.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.6.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000005.00000003.1736650478.0000013C08117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1787902184.0000013C09350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2086155584.0000013C09350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738086784.0000013C08141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738728978.0000013C0816C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382173545.0000013C09350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738904432.0000013C08181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1735587458.0000013C07C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738526406.0000013C08157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1841849821.0000013C09350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2045851772.0000013C09350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1737760521.0000013C0812C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: Web Data.6.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.6.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.6.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000005.00000003.1826744294.0000013C05632000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1742820108.0000013C05633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1894407262.0000013C063E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743361484.0000013C05633000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000005.00000003.1894467977.0000013C063D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000005.00000003.1894467977.0000013C063D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: 000003.log.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log0.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 000003.log.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: firefox.exe, 00000005.00000003.1826744294.0000013C05632000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1742820108.0000013C05633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1894407262.0000013C063E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743361484.0000013C05633000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000005.00000003.2085101470.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2080210874.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382808654.0000013C05161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2047276542.0000013C0577C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382592979.0000013C0833D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1895114129.0000013C063AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000005.00000003.1736650478.0000013C08117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738086784.0000013C08141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738728978.0000013C0816C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1735587458.0000013C07C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738526406.0000013C08157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1737760521.0000013C0812C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000005.00000003.1823900164.0000013C0A59D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: prefs-1.js.5.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000005.00000003.1895114129.0000013C0638D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842733408.0000013C09463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2045732727.0000013C09463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2085510226.0000013C09463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1772182254.0000013C09463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2118438479.0000013C09463000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000005.00000003.1824221425.0000013C094B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000005.00000003.1839608429.0000013C0B756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000005.00000003.1839608429.0000013C0B756000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1840217332.0000013C0B5B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000005.00000003.1826744294.0000013C05632000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1742820108.0000013C05633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1894407262.0000013C063E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743361484.0000013C05633000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000005.00000003.1826744294.0000013C05632000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1742820108.0000013C05633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1894407262.0000013C063E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743361484.0000013C05633000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000005.00000003.1894467977.0000013C063D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000005.00000003.1826744294.0000013C05632000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1742820108.0000013C05633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1894407262.0000013C063E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743361484.0000013C05633000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000005.00000003.1894467977.0000013C063D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 0000000C.00000002.2903883826.0000026BB5872000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2902518747.000001A583B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000010.00000002.2902518747.000001A583B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestabout
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.1895114129.0000013C0638D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000005.00000003.1826744294.0000013C05632000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1742820108.0000013C05633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1894407262.0000013C063E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743361484.0000013C05633000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000005.00000003.1826744294.0000013C05632000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1742820108.0000013C05633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1894407262.0000013C063E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743361484.0000013C05633000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000005.00000003.1894467977.0000013C063D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000005.00000003.2081874920.0000013C7F2B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000005.00000003.2120546226.0000013C063EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382778434.0000013C063EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000005.00000003.2120546226.0000013C063EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382778434.0000013C063EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000005.00000003.2120546226.0000013C063EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382778434.0000013C063EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000005.00000003.2120546226.0000013C063EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382778434.0000013C063EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000005.00000003.2120598209.0000013C057EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382778434.0000013C063EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000005.00000003.2120546226.0000013C063EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382778434.0000013C063EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000005.00000003.1895114129.0000013C0638D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000005.00000003.1737760521.0000013C0812C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000005.00000003.2045851772.0000013C0935F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120631453.0000013C051D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2086155584.0000013C0936B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382173545.0000013C0936B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382808654.0000013C051D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000005.00000003.2364762782.0000013C08D92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842830682.0000013C08D9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2086369572.0000013C08D9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1891594018.0000013C08D9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382376493.0000013C08D9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000005.00000003.2364762782.0000013C08D92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842830682.0000013C08D9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2086369572.0000013C08D9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1891594018.0000013C08D9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382376493.0000013C08D9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000005.00000003.2046123680.0000013C089E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365257451.0000013C089D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000005.00000003.1895114129.0000013C0638D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000005.00000003.1782937897.0000013C0AB1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083944340.0000013C0AB24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2044409323.0000013C0AB24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1890026989.0000013C0AB24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000005.00000003.2382721671.0000013C08322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120089067.0000013C0832A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000005.00000003.2085101470.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1885790223.0000013C7F2E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081710368.0000013C7F2DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2080210874.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000005.00000003.2080210874.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000005.00000003.2085101470.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1885790223.0000013C7F2E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081710368.0000013C7F2DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081710368.0000013C7F2DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1885790223.0000013C7F2DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2080210874.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000005.00000003.2080210874.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000005.00000003.1895114129.0000013C0638D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1897967772.0000013C05152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000005.00000003.2080688918.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1839291888.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1897967772.0000013C05152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842542547.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2903883826.0000026BB58CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2902518747.000001A583BF2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 00000005.00000003.2364762782.0000013C08D92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1736650478.0000013C08117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842830682.0000013C08D9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738086784.0000013C08141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738728978.0000013C0816C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2086369572.0000013C08D9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738904432.0000013C08181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1891594018.0000013C08D9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382376493.0000013C08D9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1735587458.0000013C07C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738526406.0000013C08157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1737760521.0000013C0812C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000005.00000003.2080688918.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1839291888.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1897967772.0000013C05152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842542547.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2903883826.0000026BB58CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2902518747.000001A583BF2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: content.js.6.dr, content_new.js.6.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000005.00000003.1736650478.0000013C08117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738086784.0000013C08141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738728978.0000013C0816C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738904432.0000013C08181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1735587458.0000013C07C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738526406.0000013C08157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1737760521.0000013C0812C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: Web Data.6.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000005.00000003.1736650478.0000013C08117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738086784.0000013C08141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738728978.0000013C0816C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120546226.0000013C063EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738904432.0000013C08181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1893972751.0000013C063EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382778434.0000013C063EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1735587458.0000013C07C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738526406.0000013C08157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1737760521.0000013C0812C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081986410.0000013C7F2A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000005.00000003.2082389501.0000013C7F15D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1839291888.0000013C7F15B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1886869090.0000013C7F15D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F15B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2903883826.0000026BB58CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2902518747.000001A583BC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000C.00000002.2903883826.0000026BB58CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/US
Source: firefox.exe, 00000005.00000003.1839608429.0000013C0B756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: Top Sites.6.drString found in binary or memory: https://www.office.com/
Source: Top Sites.6.drString found in binary or memory: https://www.office.com/Office
Source: firefox.exe, 00000005.00000003.2081710368.0000013C7F2DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1885790223.0000013C7F2DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1897967772.0000013C05152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 64045 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 64051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64035 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64058 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64032 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64057
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64056
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64059
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64058
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64029 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 64042 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64031
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64030
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64032
Source: unknownNetwork traffic detected: HTTP traffic on port 64052 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64059 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64056 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64031 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64024
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64023
Source: unknownNetwork traffic detected: HTTP traffic on port 64024 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64026
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64028
Source: unknownNetwork traffic detected: HTTP traffic on port 64028 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64029
Source: unknownNetwork traffic detected: HTTP traffic on port 64049 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 64043 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64042
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64044
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64043
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64030 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64035
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64036
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 64046 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64044 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64051
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64050
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 64023 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64052
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64054
Source: unknownNetwork traffic detected: HTTP traffic on port 64036 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64050 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64054 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64057 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64046
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64045
Source: unknownNetwork traffic detected: HTTP traffic on port 64026 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64049
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:64029 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:64032 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:64036 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:64044 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64043 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:64046 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.120:443 -> 192.168.2.4:64045 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.120:443 -> 192.168.2.4:64049 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64052 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64051 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:64050 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:64054 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64058 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64057 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:64059 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0090EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0090ED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0090EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_008FAA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00929576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00929576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.1653215035.0000000000952000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_f9241277-9
Source: file.exe, 00000000.00000000.1653215035.0000000000952000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_a38c57d8-9
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_dab3a2dd-b
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_548c29bd-c
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001A5842496F7 NtQuerySystemInformation,16_2_000001A5842496F7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001A584366932 NtQuerySystemInformation,16_2_000001A584366932
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_008FD5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_008F1201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_008FE8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009020460_2_00902046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008980600_2_00898060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F82980_2_008F8298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008CE4FF0_2_008CE4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008C676B0_2_008C676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009248730_2_00924873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008BCAA00_2_008BCAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0089CAF00_2_0089CAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008ACC390_2_008ACC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008C6DD90_2_008C6DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008991C00_2_008991C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008AB1190_2_008AB119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B13940_2_008B1394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B17060_2_008B1706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B781B0_2_008B781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B19B00_2_008B19B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008979200_2_00897920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A997D0_2_008A997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B7A4A0_2_008B7A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B7CA70_2_008B7CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B1C770_2_008B1C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008C9EEE0_2_008C9EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0091BE440_2_0091BE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B1F320_2_008B1F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001A5842496F716_2_000001A5842496F7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001A58436693216_2_000001A584366932
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001A58436705C16_2_000001A58436705C
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001A58436697216_2_000001A584366972
Source: C:\Users\user\Desktop\file.exeCode function: String function: 008AF9F2 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 008B0A30 appears 46 times
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal68.evad.winEXE@72/331@29/21
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009037B5 GetLastError,FormatMessageW,0_2_009037B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F10BF AdjustTokenPrivileges,CloseHandle,0_2_008F10BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_008F16C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009051CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_009051CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_008FD4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0090648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008942A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_008942A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DA68E9-1E24.pmaJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Login Data.6.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exeReversingLabs: Detection: 26%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2160,i,12230124346350487686,4586289073362470680,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2612 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6460 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6660 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2272 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2208 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60045bef-c6b5-4b83-a1d5-475441a028f4} 7944 "\\.\pipe\gecko-crash-server-pipe.7944" 13c7826b310 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7236 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7236 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4136 -parentBuildID 20230927232528 -prefsHandle 4144 -prefMapHandle 4140 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fc346fd-9362-40ab-a4e2-817e26eddda9} 7944 "\\.\pipe\gecko-crash-server-pipe.7944" 13c0a450f10 rdd
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2024,i,1286031549067182449,3591622684880589910,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2020,i,4537570677945774766,5280682517865062505,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6456 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2160,i,12230124346350487686,4586289073362470680,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2272 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2208 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60045bef-c6b5-4b83-a1d5-475441a028f4} 7944 "\\.\pipe\gecko-crash-server-pipe.7944" 13c7826b310 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4136 -parentBuildID 20230927232528 -prefsHandle 4144 -prefMapHandle 4140 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fc346fd-9362-40ab-a4e2-817e26eddda9} 7944 "\\.\pipe\gecko-crash-server-pipe.7944" 13c0a450f10 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2612 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6460 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6660 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7236 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7236 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6456 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2024,i,1286031549067182449,3591622684880589910,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2020,i,4537570677945774766,5280682517865062505,262144 /prefetch:3
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008942DE
Source: gmpopenh264.dll.tmp.5.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B0A76 push ecx; ret 0_2_008B0A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008AF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_008AF98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00921C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00921C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96473
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001A5842496F7 rdtsc 16_2_000001A5842496F7
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.3 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_008FDBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009068EE FindFirstFileW,FindClose,0_2_009068EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0090698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008FD076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008FD3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00909642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00909642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0090979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00909B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00909B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00905C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00905C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008942DE
Source: firefox.exe, 0000000C.00000002.2902247987.0000026BB54EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW YQ
Source: firefox.exe, 00000010.00000002.2905897261.000001A584110000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll0
Source: firefox.exe, 0000000C.00000002.2902247987.0000026BB54EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2905897261.000001A584110000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2902017324.000001A5838BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000005.00000003.1885790223.0000013C7F2C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081710368.0000013C7F2C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906544613.0000026BB5A19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 0000000C.00000002.2907314843.0000026BB5E40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2902247987.0000026BB54EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2905897261.000001A584110000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001A5842496F7 rdtsc 16_2_000001A5842496F7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090EAA2 BlockInput,0_2_0090EAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008C2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008C2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008942DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B4CE8 mov eax, dword ptr fs:[00000030h]0_2_008B4CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_008F0B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008C2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008C2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008B083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B09D5 SetUnhandledExceptionFilter,0_2_008B09D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_008B0C21

HIPS / PFW / Operating System Protection Evasion

barindex
Maps a DLL or memory area into another process
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonlyJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_008F1201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_008D2BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FB226 SendInput,keybd_event,0_2_008FB226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009122DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_009122DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_008F0B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_008F1663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B0698 cpuid 0_2_008B0698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00908195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00908195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008ED27A GetUserNameW,0_2_008ED27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008CBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_008CBB6F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008942DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00911204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00911204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00911806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00911806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts112
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron112
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1505353 Sample: file.exe Startdate: 06/09/2024 Architecture: WINDOWS Score: 68 48 telemetry-incoming.r53-2.services.mozilla.com 2->48 50 sni1gl.wpc.nucdn.net 2->50 52 13 other IPs or domains 2->52 70 Multi AV Scanner detection for submitted file 2->70 72 Binary is likely a compiled AutoIt script file 2->72 74 Machine Learning detection for sample 2->74 76 AI detected suspicious sample 2->76 8 file.exe 1 2->8         started        11 msedge.exe 35 522 2->11         started        14 firefox.exe 1 2->14         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 78 Binary is likely a compiled AutoIt script file 8->78 80 Found API chain indicative of sandbox detection 8->80 18 msedge.exe 16 8->18         started        20 firefox.exe 1 8->20         started        66 192.168.2.4, 138, 443, 49723 unknown unknown 11->66 68 239.255.255.250 unknown Reserved 11->68 82 Maps a DLL or memory area into another process 11->82 22 msedge.exe 11->22         started        25 msedge.exe 11->25         started        27 msedge.exe 11->27         started        36 3 other processes 11->36 29 firefox.exe 3 95 14->29         started        32 msedge.exe 16->32         started        34 msedge.exe 16->34         started        signatures6 process7 dnsIp8 38 msedge.exe 18->38         started        54 13.107.246.40, 443, 49768, 49770 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->54 56 s-part-0029.t-0009.t-msedge.net 13.107.246.57, 443, 49754 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->56 62 15 other IPs or domains 22->62 58 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 64025, 64027, 64047 GOOGLEUS United States 29->58 60 telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123, 443, 64057, 64058 GOOGLEUS United States 29->60 64 5 other IPs or domains 29->64 44 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 29->44 dropped 46 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 29->46 dropped 40 firefox.exe 29->40         started        42 firefox.exe 29->42         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe26%ReversingLabs
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
example.org0%VirustotalBrowse
chrome.cloudflare-dns.com0%VirustotalBrowse
prod.balrog.prod.cloudops.mozgcp.net0%VirustotalBrowse
prod.detectportal.prod.cloudops.mozgcp.net0%VirustotalBrowse
services.addons.mozilla.org0%VirustotalBrowse
prod.classify-client.prod.webservices.mozgcp.net0%VirustotalBrowse
ipv4only.arpa0%VirustotalBrowse
s-part-0029.t-0009.t-msedge.net0%VirustotalBrowse
telemetry-incoming.r53-2.services.mozilla.com0%VirustotalBrowse
sni1gl.wpc.nucdn.net0%VirustotalBrowse
firefox.settings.services.mozilla.com0%VirustotalBrowse
detectportal.firefox.com0%VirustotalBrowse
googlehosted.l.googleusercontent.com0%VirustotalBrowse
bzib.nelreports.net0%VirustotalBrowse
clients2.googleusercontent.com0%VirustotalBrowse
prod.remote-settings.prod.webservices.mozgcp.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://services.addons.mozilla.org0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%URL Reputationsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%URL Reputationsafe
https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%Avira URL Cloudsafe
https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e40%Avira URL Cloudsafe
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%Avira URL Cloudsafe
http://detectportal.firefox.com/0%Avira URL Cloudsafe
https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
http://www.mozilla.com00%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%VirustotalBrowse
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%VirustotalBrowse
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e40%VirustotalBrowse
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%Avira URL Cloudsafe
https://duckduckgo.com/ac/?q=0%VirustotalBrowse
https://merino.services.mozilla.com/api/v1/suggest0%Avira URL Cloudsafe
http://detectportal.firefox.com/0%VirustotalBrowse
http://www.fontbureau.com/designers0%Avira URL Cloudsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%VirustotalBrowse
https://spocs.getpocket.com/spocs0%Avira URL Cloudsafe
https://docs.google.com/0%Avira URL Cloudsafe
https://screenshots.firefox.com0%Avira URL Cloudsafe
https://completion.amazon.com/search/complete?q=0%Avira URL Cloudsafe
http://www.fontbureau.com/designers0%VirustotalBrowse
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%Avira URL Cloudsafe
https://ads.stickyadstv.com/firefox-etp0%Avira URL Cloudsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%VirustotalBrowse
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%Avira URL Cloudsafe
https://spocs.getpocket.com/spocs0%VirustotalBrowse
https://docs.google.com/0%VirustotalBrowse
https://monitor.firefox.com/breach-details/0%Avira URL Cloudsafe
https://screenshots.firefox.com0%VirustotalBrowse
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%VirustotalBrowse
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://profiler.firefox.com/0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%VirustotalBrowse
https://www.msn.com0%Avira URL Cloudsafe
https://monitor.firefox.com/breach-details/0%VirustotalBrowse
https://ads.stickyadstv.com/firefox-etp0%VirustotalBrowse
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%VirustotalBrowse
https://services.addons.mozilla.org/api/v4/addons/addon/0%Avira URL Cloudsafe
https://merino.services.mozilla.com/api/v1/suggest0%VirustotalBrowse
https://tracking-protection-issues.herokuapp.com/new0%Avira URL Cloudsafe
https://profiler.firefox.com/0%VirustotalBrowse
https://www.msn.com0%VirustotalBrowse
https://www.amazon.com/exec/obidos/external-search/0%VirustotalBrowse
http://exslt.org/sets0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%Avira URL Cloudsafe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%Avira URL Cloudsafe
https://api.accounts.firefox.com/v10%Avira URL Cloudsafe
http://exslt.org/common0%Avira URL Cloudsafe
https://drive-daily-2.corp.google.com/0%Avira URL Cloudsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
https://completion.amazon.com/search/complete?q=0%VirustotalBrowse
https://fpn.firefox.com0%Avira URL Cloudsafe
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc0%Avira URL Cloudsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%Avira URL Cloudsafe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
http://exslt.org/dates-and-times0%Avira URL Cloudsafe
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%Avira URL Cloudsafe
https://drive-daily-1.corp.google.com/0%Avira URL Cloudsafe
https://www.youtube.com/0%Avira URL Cloudsafe
https://drive-daily-5.corp.google.com/0%Avira URL Cloudsafe
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%Avira URL Cloudsafe
http://www.carterandcone.coml0%Avira URL Cloudsafe
http://www.fontbureau.com/designersLatn0%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%Avira URL Cloudsafe
http://127.0.0.1:0%Avira URL Cloudsafe
https://mitmdetection.services.mozilla.com/0%Avira URL Cloudsafe
http://www.galapagosdesign.com/ue0%Avira URL Cloudsafe
https://amazon.com0%Avira URL Cloudsafe
https://chromewebstore.google.com/0%Avira URL Cloudsafe
https://drive-preprod.corp.google.com/0%Avira URL Cloudsafe
https://chrome.google.com/webstore/0%Avira URL Cloudsafe
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0%Avira URL Cloudsafe
https://spocs.getpocket.com/0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%Avira URL Cloudsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%Avira URL Cloudsafe
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r0%Avira URL Cloudsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%Avira URL Cloudsafe
https://merino.services.mozilla.com/api/v1/suggestabout0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%Avira URL Cloudsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%Avira URL Cloudsafe
http://www.inbox.lv/rfc2368/?value=%su0%Avira URL Cloudsafe
https://monitor.firefox.com/user/dashboard0%Avira URL Cloudsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%Avira URL Cloudsafe
https://monitor.firefox.com/about0%Avira URL Cloudsafe
http://mozilla.org/MPL/2.0/.0%Avira URL Cloudsafe
https://account.bellmedia.c0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalseunknown
chrome.cloudflare-dns.com
162.159.61.3
truefalseunknown
prod.classify-client.prod.webservices.mozgcp.net
35.190.72.216
truefalseunknown
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
truefalseunknown
prod.detectportal.prod.cloudops.mozgcp.net
34.107.221.82
truefalseunknown
services.addons.mozilla.org
52.222.236.120
truefalseunknown
ipv4only.arpa
192.0.0.171
truefalseunknown
prod.remote-settings.prod.webservices.mozgcp.net
34.149.100.209
truefalseunknown
googlehosted.l.googleusercontent.com
142.250.181.225
truefalseunknown
sni1gl.wpc.nucdn.net
152.199.21.175
truefalseunknown
s-part-0029.t-0009.t-msedge.net
13.107.246.57
truefalseunknown
telemetry-incoming.r53-2.services.mozilla.com
34.120.208.123
truefalseunknown
detectportal.firefox.com
unknown
unknownfalseunknown
clients2.googleusercontent.com
unknown
unknownfalseunknown
bzib.nelreports.net
unknown
unknownfalseunknown
firefox.settings.services.mozilla.com
unknown
unknownfalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://www.google.com/favicon.icofalse
  • Avira URL Cloud: safe
unknown
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://duckduckgo.com/chrome_newtabWeb Data.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://duckduckgo.com/ac/?q=Web Data.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://detectportal.firefox.com/firefox.exe, 00000005.00000003.1888791023.0000013C0AB36000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.orgfirefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.mozilla.com0firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2082724772.0000013C0BDB6000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
  • Avira URL Cloud: safe
unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 00000005.00000003.2080688918.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1839291888.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1897967772.0000013C05152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842542547.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2903883826.0000026BB58CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2902518747.000001A583BF2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000C.00000002.2903883826.0000026BB5872000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2902518747.000001A583B86000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.6.drfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designersfirefox.exe, 00000005.00000003.2357874733.0000013C7FA3C000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://spocs.getpocket.com/spocsfirefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://docs.google.com/manifest.json.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://screenshots.firefox.comfirefox.exe, 00000005.00000003.1895114129.0000013C0638D000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://completion.amazon.com/search/complete?q=firefox.exe, 00000005.00000003.1736650478.0000013C08117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738086784.0000013C08141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738728978.0000013C0816C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738904432.0000013C08181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1735587458.0000013C07C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738526406.0000013C08157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1737760521.0000013C0812C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000005.00000003.2046123680.0000013C089E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365257451.0000013C089D4000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/breach-details/firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000005.00000003.2364762782.0000013C08D92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1736650478.0000013C08117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842830682.0000013C08D9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738086784.0000013C08141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738728978.0000013C0816C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2086369572.0000013C08D9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738904432.0000013C08181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1891594018.0000013C08D9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382376493.0000013C08D9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1735587458.0000013C07C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738526406.0000013C08157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1737760521.0000013C0812C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://profiler.firefox.com/firefox.exe, 00000005.00000003.2081874920.0000013C7F2B9000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.msn.comfirefox.exe, 00000005.00000003.1839608429.0000013C0B756000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/mozilla-services/screenshotsfirefox.exe, 00000005.00000003.1736650478.0000013C08117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738086784.0000013C08141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738728978.0000013C0816C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1735587458.0000013C07C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738526406.0000013C08157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1737760521.0000013C0812C000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://exslt.org/setsfirefox.exe, 00000005.00000003.1823286748.0000013C7F126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381227779.0000013C7F126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2078872758.0000013C7F126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887293236.0000013C7F126000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 00000005.00000003.2080688918.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1839291888.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1897967772.0000013C05152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842542547.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2903883826.0000026BB58CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2902518747.000001A583BF2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://api.accounts.firefox.com/v1firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://exslt.org/commonfirefox.exe, 00000005.00000003.1823286748.0000013C7F126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381227779.0000013C7F126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2078872758.0000013C7F126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887293236.0000013C7F126000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://drive-daily-2.corp.google.com/manifest.json.6.drfalse
  • Avira URL Cloud: safe
unknown
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://fpn.firefox.comfirefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1895114129.0000013C063AB000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 00000005.00000003.2085101470.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2080210874.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.6.drfalse
  • Avira URL Cloud: safe
unknown
http://exslt.org/dates-and-timesfirefox.exe, 00000005.00000003.2082204070.0000013C7F171000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1839291888.0000013C7F16E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1886548414.0000013C7F16E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F16E000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 00000005.00000003.2080688918.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1839291888.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1897967772.0000013C05152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842542547.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2903883826.0000026BB58CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2902518747.000001A583BF2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
https://drive-daily-1.corp.google.com/manifest.json.6.drfalse
  • Avira URL Cloud: safe
unknown
https://www.youtube.com/firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://drive-daily-5.corp.google.com/manifest.json.6.drfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.carterandcone.comlfirefox.exe, 00000005.00000003.2437762535.0000013C09C78000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.fontbureau.com/designersLatnfirefox.exe, 00000005.00000003.2355636841.0000013C7FA30000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.6.drfalse
  • URL Reputation: safe
unknown
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://127.0.0.1:firefox.exe, 00000005.00000003.1893342778.0000013C07C9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://mitmdetection.services.mozilla.com/firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.galapagosdesign.com/uefirefox.exe, 00000005.00000003.2362609005.0000013C7FA35000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://amazon.comfirefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://chromewebstore.google.com/manifest.json0.6.drfalse
  • Avira URL Cloud: safe
unknown
https://drive-preprod.corp.google.com/manifest.json.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore/manifest.json0.6.drfalse
  • Avira URL Cloud: safe
unknown
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 00000005.00000003.2085101470.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2080210874.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://spocs.getpocket.com/firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://merino.services.mozilla.com/api/v1/suggestaboutfirefox.exe, 00000010.00000002.2902518747.000001A583B86000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000005.00000003.2045851772.0000013C0935F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120631453.0000013C051D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2086155584.0000013C0936B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382173545.0000013C0936B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382808654.0000013C051D1000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000005.00000003.1894467977.0000013C063D4000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/aboutfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://mozilla.org/MPL/2.0/.firefox.exe, 00000005.00000003.1787011679.0000013C0A4B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1787011679.0000013C0A4D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1892622401.0000013C085C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1834106046.0000013C084D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1834106046.0000013C084FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1834357907.0000013C059F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1786871951.0000013C0A5F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829412390.0000013C084ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363724523.0000013C084FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079665954.0000013C0A5BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079665954.0000013C0A5F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2086547613.0000013C08D26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2121628590.0000013C084FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823834644.0000013C0A5BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083398343.0000013C0ABAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2381784069.0000013C0A5BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1787011679.0000013C0A4C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829412390.0000013C084FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363724523.0000013C084D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119386432.0000013C08584000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2047276542.0000013C0577C000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://account.bellmedia.cfirefox.exe, 00000005.00000003.1839608429.0000013C0B756000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.openh264.org/firefox.exe, 00000005.00000003.2081710368.0000013C7F2DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1885790223.0000013C7F2DE000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://login.microsoftonline.comfirefox.exe, 00000005.00000003.1839608429.0000013C0B756000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1840217332.0000013C0B5B2000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://coverage.mozilla.orgfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 00000005.00000003.2089026825.0000013C09500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2082724772.0000013C0BDB6000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
  • Avira URL Cloud: safe
unknown
https://csp.withgoogle.com/csp/report-to/AccountsSignInUiReporting and NEL.6.drfalse
  • URL Reputation: safe
unknown
https://blocked.cdn.mozilla.net/firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://profiler.firefox.comfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture#?firefox.exe, 00000005.00000003.2085101470.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2080210874.0000013C0A0AC000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 00000005.00000003.1826744294.0000013C05632000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1742820108.0000013C05633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1894407262.0000013C063E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743361484.0000013C05633000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 00000005.00000003.1826744294.0000013C05632000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1742820108.0000013C05633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1894407262.0000013C063E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743361484.0000013C05633000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgfirefox.exe, 00000005.00000003.2080688918.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1839291888.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1897967772.0000013C05152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842542547.0000013C7F1B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F1AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2903883826.0000026BB58CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2902518747.000001A583BF2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.icoWeb Data.6.drfalse
  • Avira URL Cloud: safe
unknown
https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/preferencesfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://screenshots.firefox.com/firefox.exe, 00000005.00000003.1737760521.0000013C0812C000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.google.com/searchfirefox.exe, 00000005.00000003.1736650478.0000013C08117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738086784.0000013C08141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738728978.0000013C0816C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120546226.0000013C063EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738904432.0000013C08181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1893972751.0000013C063EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2382778434.0000013C063EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1735587458.0000013C07C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1738526406.0000013C08157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1737760521.0000013C0812C000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://relay.firefox.com/api/v1/firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://drive-autopush.corp.google.com/manifest.json.6.drfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://topsites.services.mozilla.com/cid/firefox.exe, 0000000C.00000002.2906301351.0000026BB5900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2905262600.000001A583C40000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://twitter.com/firefox.exe, 00000005.00000003.2382808654.0000013C05139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1897967772.0000013C05152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823286748.0000013C7F143000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.galapagosdesign.com/Ffirefox.exe, 00000005.00000003.2362609005.0000013C7FA35000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
142.250.80.68
unknownUnited States
15169GOOGLEUSfalse
23.43.85.147
unknownUnited States
3257GTT-BACKBONEGTTDEfalse
13.107.246.40
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
23.96.180.189
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
23.44.201.16
unknownUnited States
20940AKAMAI-ASN1EUfalse
152.195.19.97
unknownUnited States
15133EDGECASTUSfalse
162.159.61.3
chrome.cloudflare-dns.comUnited States
13335CLOUDFLARENETUSfalse
52.222.236.120
services.addons.mozilla.orgUnited States
16509AMAZON-02USfalse
34.120.208.123
telemetry-incoming.r53-2.services.mozilla.comUnited States
15169GOOGLEUSfalse
142.250.65.174
unknownUnited States
15169GOOGLEUSfalse
13.107.246.57
s-part-0029.t-0009.t-msedge.netUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
34.149.100.209
prod.remote-settings.prod.webservices.mozgcp.netUnited States
2686ATGS-MMD-ASUSfalse
142.251.40.234
unknownUnited States
15169GOOGLEUSfalse
34.107.221.82
prod.detectportal.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
35.244.181.201
prod.balrog.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
142.250.181.225
googlehosted.l.googleusercontent.comUnited States
15169GOOGLEUSfalse
239.255.255.250
unknownReserved
unknownunknownfalse
142.251.40.163
unknownUnited States
15169GOOGLEUSfalse
35.190.72.216
prod.classify-client.prod.webservices.mozgcp.netUnited States
15169GOOGLEUSfalse

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1505353
Start date and time:2024-09-06 04:28:09 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 48s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:26
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:file.exe
Detection:MAL
Classification:mal68.evad.winEXE@72/331@29/21
EGA Information:
  • Successful, ratio: 66.7%
HCA Information:
  • Successful, ratio: 96%
  • Number of executed functions: 37
  • Number of non-executed functions: 308
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 13.107.42.16, 64.233.167.84, 204.79.197.239, 13.107.21.239, 142.250.184.206, 13.107.6.158, 2.19.126.152, 2.19.126.145, 2.23.209.130, 2.23.209.182, 2.23.209.133, 142.250.184.195, 216.58.206.35, 2.19.126.163, 192.229.221.95, 142.250.181.238, 2.22.61.59, 2.22.61.56, 142.250.185.174, 66.102.1.84, 142.251.40.195, 142.250.65.163
  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, incoming.telemetry.mozilla.org, edgeassetservice.afd.azureedge.net, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, redirector.gvt1.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, bzib.nelreports.net.akamaized.net, fonts.gstatic.com, wildcardtlu-ssl.ec.azureedge.net, ctldl.windowsupdate.com, b-0005.b-msedge.net, detectportal.prod.mozaws.net, www-www.bing.com.trafficmanager.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.ne
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtWriteVirtualMemory calls found.
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

TimeTypeDescription
03:29:08AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
03:29:17AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.43.85.147file.exeGet hashmaliciousUnknownBrowse
    file.exeGet hashmaliciousUnknownBrowse
      file.exeGet hashmaliciousUnknownBrowse
        file.exeGet hashmaliciousBabadedaBrowse
          13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
          • www.aib.gov.uk/
          NEW ORDER.xlsGet hashmaliciousUnknownBrowse
          • 2s.gg/3zs
          PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
          • 2s.gg/42Q
          06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
          • 2s.gg/3zk
          Quotation.xlsGet hashmaliciousUnknownBrowse
          • 2s.gg/3zM
          23.96.180.189file.exeGet hashmaliciousUnknownBrowse
            file.exeGet hashmaliciousUnknownBrowse
              file.exeGet hashmaliciousUnknownBrowse
                file.exeGet hashmaliciousUnknownBrowse
                  file.exeGet hashmaliciousUnknownBrowse
                    file.exeGet hashmaliciousUnknownBrowse
                      file.exeGet hashmaliciousBabadedaBrowse
                        GrammarlyInstaller.evxSw76fmxki94ued2mj0c82.exeGet hashmaliciousUnknownBrowse
                          PDFpower (1).exeGet hashmaliciousUnknownBrowse
                            file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                              152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
                              • www.ust.com/

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
                              • 162.159.61.3
                              file.exeGet hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              file.exeGet hashmaliciousUnknownBrowse
                              • 162.159.61.3
                              file.exeGet hashmaliciousUnknownBrowse
                              • 162.159.61.3
                              file.exeGet hashmaliciousUnknownBrowse
                              • 162.159.61.3
                              https://ws.onehub.com/folders/xxma24lqGet hashmaliciousUnknownBrowse
                              • 162.159.61.3
                              file.exeGet hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              file.exeGet hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              file.exeGet hashmaliciousUnknownBrowse
                              • 162.159.61.3
                              file.exeGet hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              example.orgfile.exeGet hashmaliciousUnknownBrowse
                              • 93.184.215.14
                              file.exeGet hashmaliciousUnknownBrowse
                              • 93.184.215.14
                              file.exeGet hashmaliciousUnknownBrowse
                              • 93.184.215.14
                              file.exeGet hashmaliciousUnknownBrowse
                              • 93.184.215.14
                              file.exeGet hashmaliciousUnknownBrowse
                              • 93.184.215.14
                              file.exeGet hashmaliciousUnknownBrowse
                              • 93.184.215.14
                              file.exeGet hashmaliciousUnknownBrowse
                              • 93.184.215.14
                              file.exeGet hashmaliciousUnknownBrowse
                              • 93.184.215.14
                              file.exeGet hashmaliciousUnknownBrowse
                              • 93.184.215.14
                              file.exeGet hashmaliciousUnknownBrowse
                              • 93.184.215.14
                              services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.23
                              file.exeGet hashmaliciousUnknownBrowse
                              • 3.165.190.17
                              file.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.80
                              file.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.120
                              file.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.48
                              file.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.48
                              file.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.23
                              file.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.120
                              file.exeGet hashmaliciousUnknownBrowse
                              • 108.156.60.43
                              file.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.120
                              ipv4only.arpafile.exeGet hashmaliciousUnknownBrowse
                              • 192.0.0.171
                              file.exeGet hashmaliciousUnknownBrowse
                              • 192.0.0.171
                              file.exeGet hashmaliciousUnknownBrowse
                              • 192.0.0.170
                              file.exeGet hashmaliciousUnknownBrowse
                              • 192.0.0.170
                              file.exeGet hashmaliciousUnknownBrowse
                              • 192.0.0.170
                              file.exeGet hashmaliciousUnknownBrowse
                              • 192.0.0.171
                              file.exeGet hashmaliciousUnknownBrowse
                              • 192.0.0.170
                              file.exeGet hashmaliciousUnknownBrowse
                              • 192.0.0.171
                              file.exeGet hashmaliciousUnknownBrowse
                              • 192.0.0.170
                              file.exeGet hashmaliciousUnknownBrowse
                              • 192.0.0.171

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              GTT-BACKBONEGTTDEfile.exeGet hashmaliciousUnknownBrowse
                              • 23.43.85.136
                              file.exeGet hashmaliciousUnknownBrowse
                              • 23.43.85.16
                              spc.elfGet hashmaliciousMirai, MoobotBrowse
                              • 195.21.21.138
                              i686.elfGet hashmaliciousUnknownBrowse
                              • 217.79.164.248
                              file.exeGet hashmaliciousUnknownBrowse
                              • 23.43.85.10
                              https://www.zdescargas.org/adobe-acrobat-pro-dc-2022-full-v15-12-2023/Get hashmaliciousHTMLPhisherBrowse
                              • 23.43.85.151
                              mirai.x86.elfGet hashmaliciousMiraiBrowse
                              • 195.21.68.139
                              firmware.armv7l.elfGet hashmaliciousUnknownBrowse
                              • 69.174.72.229
                              firmware.i686.elfGet hashmaliciousUnknownBrowse
                              • 154.15.213.121
                              file.exeGet hashmaliciousAmadey, StealcBrowse
                              • 23.43.85.136
                              MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousUnknownBrowse
                              • 94.245.104.56
                              file.exeGet hashmaliciousUnknownBrowse
                              • 20.75.60.91
                              file.exeGet hashmaliciousUnknownBrowse
                              • 13.107.246.51
                              http://geminiak.weebly.com/Get hashmaliciousUnknownBrowse
                              • 51.104.148.203
                              http://mettamask-org-exoi.webflow.io/Get hashmaliciousUnknownBrowse
                              • 150.171.27.10
                              http://support-metamlk-exten.webflow.io/Get hashmaliciousUnknownBrowse
                              • 150.171.28.10
                              http://help-s-sso-metmeask.webflow.io/Get hashmaliciousUnknownBrowse
                              • 150.171.28.10
                              http://help-hub-metamasskk--net.webflow.io/Get hashmaliciousUnknownBrowse
                              • 150.171.27.10
                              http://learn-help---mettamsks.webflow.io/Get hashmaliciousUnknownBrowse
                              • 150.171.27.10
                              http://manta-network.de/Get hashmaliciousUnknownBrowse
                              • 20.4.130.154
                              AKAMAI-ASN1EUfile.exeGet hashmaliciousUnknownBrowse
                              • 23.44.201.27
                              file.exeGet hashmaliciousUnknownBrowse
                              • 23.44.133.38
                              file.exeGet hashmaliciousUnknownBrowse
                              • 104.126.116.43
                              file.exeGet hashmaliciousUnknownBrowse
                              • 23.219.82.8
                              file.exeGet hashmaliciousUnknownBrowse
                              • 104.70.121.219
                              file.exeGet hashmaliciousUnknownBrowse
                              • 23.59.250.35
                              file.exeGet hashmaliciousUnknownBrowse
                              • 23.219.82.26
                              Setup.exeGet hashmaliciousLummaC StealerBrowse
                              • 23.197.127.21
                              https://jtielectrical-my.sharepoint.com/:f:/g/personal/wwise_jtielectric_com/EiRUStVFyApDuTy9pUHQbzMB7Ixh_nngG6WTsOeTzF4k1w?e=MsJpM6Get hashmaliciousUnknownBrowse
                              • 2.16.238.149
                              https://webmail_208425654.itdays.net/271702705cloudstore-428375907?data=consumer-in@kenvue.comGet hashmaliciousHTMLPhisherBrowse
                              • 2.16.6.30
                              MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousUnknownBrowse
                              • 94.245.104.56
                              file.exeGet hashmaliciousUnknownBrowse
                              • 20.75.60.91
                              file.exeGet hashmaliciousUnknownBrowse
                              • 13.107.246.51
                              http://geminiak.weebly.com/Get hashmaliciousUnknownBrowse
                              • 51.104.148.203
                              http://mettamask-org-exoi.webflow.io/Get hashmaliciousUnknownBrowse
                              • 150.171.27.10
                              http://support-metamlk-exten.webflow.io/Get hashmaliciousUnknownBrowse
                              • 150.171.28.10
                              http://help-s-sso-metmeask.webflow.io/Get hashmaliciousUnknownBrowse
                              • 150.171.28.10
                              http://help-hub-metamasskk--net.webflow.io/Get hashmaliciousUnknownBrowse
                              • 150.171.27.10
                              http://learn-help---mettamsks.webflow.io/Get hashmaliciousUnknownBrowse
                              • 150.171.27.10
                              http://manta-network.de/Get hashmaliciousUnknownBrowse
                              • 20.4.130.154

                              JA3 Fingerprints

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousUnknownBrowse
                              • 40.127.169.103
                              • 184.28.90.27
                              file.exeGet hashmaliciousUnknownBrowse
                              • 40.127.169.103
                              • 184.28.90.27
                              file.exeGet hashmaliciousUnknownBrowse
                              • 40.127.169.103
                              • 184.28.90.27
                              http://dappdefi-layer.com/Get hashmaliciousUnknownBrowse
                              • 40.127.169.103
                              • 184.28.90.27
                              http://www.internal-checker.com/Get hashmaliciousUnknownBrowse
                              • 40.127.169.103
                              • 184.28.90.27
                              http://hoangboy23.github.io/Get hashmaliciousHTMLPhisherBrowse
                              • 40.127.169.103
                              • 184.28.90.27
                              https://bafkreih4ip5zjsxef3jbe32pyegreos33fovmx4546n5bglt5plmopvjiq.ipfs.dweb.link/Get hashmaliciousHTMLPhisherBrowse
                              • 40.127.169.103
                              • 184.28.90.27
                              http://bafkreih4ip5zjsxef3jbe32pyegreos33fovmx4546n5bglt5plmopvjiq.ipfs.cf-ipfs.com/Get hashmaliciousHTMLPhisherBrowse
                              • 40.127.169.103
                              • 184.28.90.27
                              https://onyxbusinesssolutions.co.za/ie/yoww6n/as5kb3lub3zaaxmtymcubmv0/Get hashmaliciousUnknownBrowse
                              • 40.127.169.103
                              • 184.28.90.27
                              http://loginnetflixleiojfioje.blogspot.com.cy/Get hashmaliciousUnknownBrowse
                              • 40.127.169.103
                              • 184.28.90.27
                              fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.120
                              • 35.244.181.201
                              • 34.149.100.209
                              • 34.120.208.123
                              file.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.120
                              • 35.244.181.201
                              • 34.149.100.209
                              • 34.120.208.123
                              file.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.120
                              • 35.244.181.201
                              • 34.149.100.209
                              • 34.120.208.123
                              file.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.120
                              • 35.244.181.201
                              • 34.149.100.209
                              • 34.120.208.123
                              file.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.120
                              • 35.244.181.201
                              • 34.149.100.209
                              • 34.120.208.123
                              file.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.120
                              • 35.244.181.201
                              • 34.149.100.209
                              • 34.120.208.123
                              file.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.120
                              • 35.244.181.201
                              • 34.149.100.209
                              • 34.120.208.123
                              file.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.120
                              • 35.244.181.201
                              • 34.149.100.209
                              • 34.120.208.123
                              file.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.120
                              • 35.244.181.201
                              • 34.149.100.209
                              • 34.120.208.123
                              file.exeGet hashmaliciousUnknownBrowse
                              • 52.222.236.120
                              • 35.244.181.201
                              • 34.149.100.209
                              • 34.120.208.123

                              Dropped Files

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousUnknownBrowse
                                file.exeGet hashmaliciousUnknownBrowse
                                  file.exeGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousUnknownBrowse
                                          file.exeGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                    file.exeGet hashmaliciousUnknownBrowse

                                                                      Created / dropped Files

                                                                      C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_dddb96ad-9c76-47a6-a8bc-c51a50099fa2.json (copy)

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):6439
                                                                      Entropy (8bit):5.134971604696357
                                                                      Encrypted:false
                                                                      SSDEEP:192:i5cjMiTOToT7cbhbVbTbfbRbObtbyEzn/nSrDtTJdB:i5cYIM67cNhnzFSJ5nSrDhJdB
                                                                      MD5:2C47B418F88CD498B48CB6FCBA9519E7
                                                                      SHA1:0150A2E695EE977AB4331D527FEE801996A84747
                                                                      SHA-256:ECDA9445EEC9390EAD04C523FF720523190F7B23455387FDF8073C5728E5032E
                                                                      SHA-512:C2D483043AFE23C3E5D1C9983A310D80AB4DE5EB12E62D114CA7663EFE78856535A43F7D2AC2CDACCFAA5CDC394EF35C2889D4E6A6F0841763612679F240C35F
                                                                      Malicious:false
                                                                      Preview:{"type":"uninstall","id":"dddb96ad-9c76-47a6-a8bc-c51a50099fa2","creationDate":"2024-09-06T03:49:12.320Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                      C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_dddb96ad-9c76-47a6-a8bc-c51a50099fa2.json.tmp

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):6439
                                                                      Entropy (8bit):5.134971604696357
                                                                      Encrypted:false
                                                                      SSDEEP:192:i5cjMiTOToT7cbhbVbTbfbRbObtbyEzn/nSrDtTJdB:i5cYIM67cNhnzFSJ5nSrDhJdB
                                                                      MD5:2C47B418F88CD498B48CB6FCBA9519E7
                                                                      SHA1:0150A2E695EE977AB4331D527FEE801996A84747
                                                                      SHA-256:ECDA9445EEC9390EAD04C523FF720523190F7B23455387FDF8073C5728E5032E
                                                                      SHA-512:C2D483043AFE23C3E5D1C9983A310D80AB4DE5EB12E62D114CA7663EFE78856535A43F7D2AC2CDACCFAA5CDC394EF35C2889D4E6A6F0841763612679F240C35F
                                                                      Malicious:false
                                                                      Preview:{"type":"uninstall","id":"dddb96ad-9c76-47a6-a8bc-c51a50099fa2","creationDate":"2024-09-06T03:49:12.320Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\113593d1-8c2c-4e96-bc61-dab413977fd5.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):8321
                                                                      Entropy (8bit):5.789944357657007
                                                                      Encrypted:false
                                                                      SSDEEP:192:fsNwsmh+eiRUkfOjNkET6qRAq1k8SPxVLZ7VTiQ:fsNw9kjUeET6q3QxVNZTiQ
                                                                      MD5:FD1BD31FABF2BA80570132FD84118162
                                                                      SHA1:7C7D8F55540045BD1C45EF4E7F6A620265FC5E17
                                                                      SHA-256:55159BD28E4644BFB2BB030800D518FDD1B68C41D578B6D628D4D27A2C5D19EE
                                                                      SHA-512:24D8B74F0F978388661E72EB919681817BCD00A9858DF6A7A86ED448DA0D75A4A072A60745360D06B1C616EFB5D1BF553BF0E811D25B3797154F2A82FD2778D5
                                                                      Malicious:false
                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2973da74-ce41-4bec-b9f7-94b723d86583.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):6820
                                                                      Entropy (8bit):5.793353751483867
                                                                      Encrypted:false
                                                                      SSDEEP:96:iaqkHfkmhS5ih/cI9URLl8RotoyMFVvlwh0e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aksmhLeiRUxhE6qRAq1k8SPxVLZ7VTiq
                                                                      MD5:A514E49159AAE850D01A700B180774C5
                                                                      SHA1:91D0D6FBE61D84B026FD7FDA0D8202AA3B1E0182
                                                                      SHA-256:ED5366A99D44CAA4331CF1D2153CD9BC24D7331C7335E1B91040F70DDDE4D979
                                                                      SHA-512:7EB9162CC3DC6939A3826BB17202AD87034CAD0CF0CABC2BD640DFEC65C5384EC8151FB46A6D57E9430F39FD72640B5898E5871EB952708A3418E1D652BCC5BF
                                                                      Malicious:false
                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADcaPLWgmEtRr6ipqWLnyq+EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABJRRVYpHN/FB/cSVMMkFln8vWeKcYvQYDWlpouHEFo1QAAAAA

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3a96b696-e31f-4a4a-9cdd-2699d6fa6546.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):25052
                                                                      Entropy (8bit):6.031579064169988
                                                                      Encrypted:false
                                                                      SSDEEP:768:aMGQ7FCYXGIgtDAWtJ4P1+gpAqiLMDUzeEyS3xXNq:aMGQ5XMBk1ZnMXNq
                                                                      MD5:C2AA6233F72CED23B05A203DA654CCA4
                                                                      SHA1:963F5D04E2858F3DB386FF2C9879D462AECBBF37
                                                                      SHA-256:3FBABF66E45CFE41F0BA8A07A25FA6DFB328C4B8748B16D99C218BE5105052F0
                                                                      SHA-512:694FBF9AB47ED9C6DFC6615440873BA2AAB172A68B008B3EF645B2514524793D9968185CA2673CFE10052202351BF3B2258D9FAC61EB01A5FF44FD5156099659
                                                                      Malicious:false
                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370063340889487","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\43f32c8a-b503-4efb-aed0-b21b45ec9cd8.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):25103
                                                                      Entropy (8bit):6.030741665134878
                                                                      Encrypted:false
                                                                      SSDEEP:768:aMGQ7FCYXGIgtDAWtJ4Pk+gpAqiLMDU8eEyS3xXNq:aMGQ5XMBkkZUMXNq
                                                                      MD5:F49EAA54F1118F87B9FA5653A1C56B2F
                                                                      SHA1:3CA95E1BBF0E544BBBB014CA9E4A1EDEF97911A6
                                                                      SHA-256:E33922AB616100AB3382D2B4A3FFE37332023349668C2C40247217CB2BF267EF
                                                                      SHA-512:88FD74F4A82AC979936D0937979DAD43F4C882C68C88990B313CFC7CA6D4811A0D7F1EF2576EFFCB4C5E50D1DFE9F16F78790AB14E519AC3560ED99E6B797B9F
                                                                      Malicious:false
                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370063340889487","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\440b199a-6e35-4592-8d80-8fc25dfa4391.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:modified
                                                                      Size (bytes):23966
                                                                      Entropy (8bit):6.0501563661271875
                                                                      Encrypted:false
                                                                      SSDEEP:384:WtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhQgkQErIDHEEQSDTx5JkjrKyqO6:aMGQ7FCYXGIgtDAWtJ4n1+gpEAHEEQSd
                                                                      MD5:B5F3B7C9560168DB13EF531C0B521B02
                                                                      SHA1:397C0B1F0E281BCE8FC8D11ED6DDAAFD84C84257
                                                                      SHA-256:FD43C503BC4FCBFC1B0FE6B9C85A86683FBB681B123A59AC9F60625A36595ACD
                                                                      SHA-512:F18F27E34775639D3989007CA9C3DFA3898C8D6F07C76D18219187A31DC3010293148D05503EC773EF0F9AC3E22A42BDF9D502A632632083F0244E3616CF2324
                                                                      Malicious:false
                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370063340889487","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5edca014-a655-4904-80c4-b37758d2b719.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):8090
                                                                      Entropy (8bit):5.812133185714471
                                                                      Encrypted:false
                                                                      SSDEEP:192:asNAsmh+eiRUezQEkE66qRAq1k8SPxVLZ7VTiq:asNA9kv0fE66q3QxVNZTiq
                                                                      MD5:203B9638F95547B798C64EFC0299CD1C
                                                                      SHA1:3B30FA9E0A44C49F7D9DB183699EEB0C8055F6F3
                                                                      SHA-256:51503D9550E7BAF5E2638F35AB43A9EDF83EBF832DDE22B55ADF3A47CF92C7C5
                                                                      SHA-512:B5B59B21A0305229605CC8D915D933DAA3AA029806343E116E1BE5C5424441BFC4C3DBB8CBD78F5748476066FDB71435A62F1A33636024652D97CD46435F90E3
                                                                      Malicious:false
                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\62a12ae8-2720-4e79-8149-1441e592d429.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):8090
                                                                      Entropy (8bit):5.812133185714471
                                                                      Encrypted:false
                                                                      SSDEEP:192:asNAsmh+eiRUezQEkE66qRAq1k8SPxVLZ7VTiq:asNA9kv0fE66q3QxVNZTiq
                                                                      MD5:203B9638F95547B798C64EFC0299CD1C
                                                                      SHA1:3B30FA9E0A44C49F7D9DB183699EEB0C8055F6F3
                                                                      SHA-256:51503D9550E7BAF5E2638F35AB43A9EDF83EBF832DDE22B55ADF3A47CF92C7C5
                                                                      SHA-512:B5B59B21A0305229605CC8D915D933DAA3AA029806343E116E1BE5C5424441BFC4C3DBB8CBD78F5748476066FDB71435A62F1A33636024652D97CD46435F90E3
                                                                      Malicious:false
                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9da1b250-b3f9-40a5-bee5-2a161febab0f.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):8239
                                                                      Entropy (8bit):5.79595212046485
                                                                      Encrypted:false
                                                                      SSDEEP:192:fsNAsmh+eiRUhfOjNkET6qRAq1k8SPxVLZ7VTiQ:fsNA9kKUeET6q3QxVNZTiQ
                                                                      MD5:C0B94614C8B72A95A7C4DB97A74F8E5A
                                                                      SHA1:99DF8EC85030D226A385579C32E597FCC1315A49
                                                                      SHA-256:E3A89F0814D0FBFAE10E546E99592FA73B10000043679A0F2895309543AB6800
                                                                      SHA-512:B3688283D174D25338F44A8A9757DDBA0B3E81AE21141F0254613B49FABADDE2625235F9C2AF07310B8A006170E8D14E2F29C5862A1F0FFF75FE8A9259518D9A
                                                                      Malicious:false
                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\8d36e29c-3477-4bde-95ea-df2591d9c2de.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):107893
                                                                      Entropy (8bit):4.640136267101608
                                                                      Encrypted:false
                                                                      SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7Q:fwUQC5VwBIiElEd2K57P7Q
                                                                      MD5:46EC1899F11FE2F524F4A0ED857B2BF7
                                                                      SHA1:830620AD3E3FAC7FE25BD86C291A17AFA245B2CA
                                                                      SHA-256:07965BB5BA96950A38D1B7E50D9564F84D383F21D6FB17B6A411925728AF5146
                                                                      SHA-512:5496B3873B3C5FA3560593D4E3E9F43F6BFA288C5FC3B879D14269A51938D5DDAD950326D86D8DB606A34F7B235E615237136DB19539A1740CAD9B527BEBAEB2
                                                                      Malicious:false
                                                                      Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):107893
                                                                      Entropy (8bit):4.640136267101608
                                                                      Encrypted:false
                                                                      SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7Q:fwUQC5VwBIiElEd2K57P7Q
                                                                      MD5:46EC1899F11FE2F524F4A0ED857B2BF7
                                                                      SHA1:830620AD3E3FAC7FE25BD86C291A17AFA245B2CA
                                                                      SHA-256:07965BB5BA96950A38D1B7E50D9564F84D383F21D6FB17B6A411925728AF5146
                                                                      SHA-512:5496B3873B3C5FA3560593D4E3E9F43F6BFA288C5FC3B879D14269A51938D5DDAD950326D86D8DB606A34F7B235E615237136DB19539A1740CAD9B527BEBAEB2
                                                                      Malicious:false
                                                                      Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):4194304
                                                                      Entropy (8bit):0.0
                                                                      Encrypted:false
                                                                      SSDEEP:3::
                                                                      MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                      SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                      SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                      SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):4194304
                                                                      Entropy (8bit):0.0
                                                                      Encrypted:false
                                                                      SSDEEP:3::
                                                                      MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                      SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                      SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                      SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DA68E9-1E24.pma

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):4194304
                                                                      Entropy (8bit):0.03961605955738151
                                                                      Encrypted:false
                                                                      SSDEEP:192:eTk01utmqvDzKX7/J8iD12absbZHtgbXrh8IYhliNEzi/cRQMpEtRvn8y08Tcm2D:4k0EtelWC2hIRQazv08T2RGOD
                                                                      MD5:EA197617723A9C438D8C74BFADAE7695
                                                                      SHA1:FB7F94D538EEDA4A4B7DD91B2C3F2EAF6809EC2E
                                                                      SHA-256:13D0DAC7B3B8D82A9ECDCA412A957943429EB4140B0A36D15A39A6CE1CBA99A0
                                                                      SHA-512:6ABFB9171FEA76532EDEDA4BF0CAEAD720FAC1613DE86C6B9A359D5260CA7F8D2E8D233B93E44B1E177E84521E69EB973D331C67855BAF3F8F395C0FDD756583
                                                                      Malicious:false
                                                                      Preview:...@..@...@.....C.].....@................a...P..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....e.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".bsyowe20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U.>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z.......................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DA68EA-1F68.pma

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):4194304
                                                                      Entropy (8bit):0.464138119758744
                                                                      Encrypted:false
                                                                      SSDEEP:6144:m6iH3h9zMmlbaH4JO6JeqkaIcUzwLaHx:kqmlmTA2
                                                                      MD5:EA6778AA99B15B5517F908B0AF26F762
                                                                      SHA1:C060F0C1954FF8AC57D96BC8E7DB1AA9613ACA81
                                                                      SHA-256:BA335E02829947D1328FF3D375358DA61613DA09975D046E0359AE6F2112D0A7
                                                                      SHA-512:66E74FB0961A80E62629341AA69D029E080754CB0D479B054232043182C1EBDC1B1A5774AA9F69A0A89D8D2726B2227B787E3FC26EF00034FC9DA2709BFC354F
                                                                      Malicious:false
                                                                      Preview:...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....i.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".bsyowe20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U?:K..>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered....(..$...

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DA68FD-2778.pma

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):4194304
                                                                      Entropy (8bit):0.040766316353672116
                                                                      Encrypted:false
                                                                      SSDEEP:192:Zm0EbtmqvDtKX7YJEa3XxxTxqZ/g+X2G970R6EqhTS7NzR21gQMZ7n7n8y08TcmQ:80EtTeK8YJcFhInSgV7708T2RGOD
                                                                      MD5:E306BC2A7386032025B8504BBE251107
                                                                      SHA1:1FB62E924CEAE385D745E8EAD77C0B5B8D239AE7
                                                                      SHA-256:E7A6C0172460420B5CF9A47074523FED9E0B1EC6065E5C9876ADFB3FC3E1C887
                                                                      SHA-512:6DCBED634701506785C015D9E9DC476F82645EB257AAC8B0A7F12418CED4AEA485C70046CBAA1CDE8E1B85840B8A684DC643E80DEF3C646569DE85C0619B7FBC
                                                                      Malicious:false
                                                                      Preview:...@..@...@.....C.].....@................b...Q..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".bsyowe20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DA6905-2238.pma

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):4194304
                                                                      Entropy (8bit):0.03951103700642486
                                                                      Encrypted:false
                                                                      SSDEEP:192:UL0EbtmqvDKKX2JLMo4sPqpRX/gg4rfh9rNE3Oeu1gQsjw6bG2n8y08Tcm2RGOdB:E0Etq4osfmhFI6gfw6V08T2RGOD
                                                                      MD5:C6E665030A0E60469E26B45664D442E2
                                                                      SHA1:55768FFA785DCEBDA92888F0A4F3E0C6927465D3
                                                                      SHA-256:E86FC4AD114C73DEC270A5402C325A40FB34B090A9D39A4E69E19DB2910DE19E
                                                                      SHA-512:77F2D51412FCA371D2BD370521AAD81E4E511EF680DC689ABD692DFCD74C49475081013E5E3DC7E28B2D35367A30AA5D4C3F7EC164F54BFD7DE4172E44F6A318
                                                                      Malicious:false
                                                                      Preview:...@..@...@.....C.].....@................]...M..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".bsyowe20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):16384
                                                                      Entropy (8bit):0.3553968406659012
                                                                      Encrypted:false
                                                                      SSDEEP:12:biUXhV0xosU8xCe+JKlkQuMRxCb8ZXfgYJ0IJpP0KLsyW1L7Fx6:bFRqxosU8xWMk8xVZ4YWI30otWn
                                                                      MD5:CFAB81B800EDABACBF6CB61AA78D5258
                                                                      SHA1:2730D4DA1BE7238D701DC84EB708A064B8D1CF27
                                                                      SHA-256:452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
                                                                      SHA-512:EC188B0EE4D3DAABC26799B34EE471BEE988BDD7CEB011ED7DF3D4CF26F98932BBBB4B70DC2B7FD4DF9A3981B3CE22F4B5BE4A0DB97514D526E521575EFB2EC6
                                                                      Malicious:false
                                                                      Preview:...@.@...@..............@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.h.......A.......e............,.........W.......................W....................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A............................E.[4.f..................E.[4.f.................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.Errors............i.y..Yd.........A..................._..-`....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......C...........................VM....],................WM....],................Stability.BrowserExitCodes...... ...i.y......VM....],........H...i.y.1U!S............................................................ ...i.y...0...WM....],........................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):280
                                                                      Entropy (8bit):3.060980776278344
                                                                      Encrypted:false
                                                                      SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj1J1:o1//BVsJDG2Yq
                                                                      MD5:74B32A83C9311607EB525C6E23854EE0
                                                                      SHA1:C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2
                                                                      SHA-256:06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
                                                                      SHA-512:ADC193A89F0E476E7326B4EA0472814FE6DD0C16FC010AAF7B4CF78567D5DF6A1574C1CE99A63018AFE7E9AD68918147880621A3C00FAA7AD1014A0056B4B9C4
                                                                      Malicious:false
                                                                      Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3c73b1e9-c1b5-48c9-ab2c-3ea64625a9a2.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):10926
                                                                      Entropy (8bit):5.16404265736624
                                                                      Encrypted:false
                                                                      SSDEEP:192:sVLkd5JX2Hm4lIA6RYs318cpj+FmYQA/sCf+S1f:sVLCJX2HdItpUzQ6sCfP
                                                                      MD5:D8455B86DD7AF5E158ACBDB7F99BA299
                                                                      SHA1:866987184B270B33B5E2A5C1389E17C16A3B73A9
                                                                      SHA-256:60657CCC7F06A4145A48AF7A5DFEAC3750D2B8F15ABB9955AAC3CB59D09B6BEB
                                                                      SHA-512:7100AB68E93E1A92F908D5E7E3F0C3B5821BF42903EC01CDFFC9D6E027D6527705662788978824B383631A72D42712D9BFE9DFBBFAE0658CBB12063AAAE32970
                                                                      Malicious:false
                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370063340709362","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0"

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3fbd5ea2-c8ef-49f6-b3e8-864bd41ae64f.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):9701
                                                                      Entropy (8bit):4.94418533476496
                                                                      Encrypted:false
                                                                      SSDEEP:192:sVLkd5JX2HaYs3T8cpj+FmYQA/sCf+S1f:sVLCJX2H8pUzQ6sCfP
                                                                      MD5:AA42DB36AEA2DEB02BD95FF0137F5977
                                                                      SHA1:0FD5EE684C174F478E98E30E55A2931F7F4E1126
                                                                      SHA-256:7E904628D3CA10E6F4DDC2327C800D446D208681F7A0B56C7D887DBF4F6D6102
                                                                      SHA-512:E26B46556AA5BBDF35D650220C4303E99F1F8681C67CE56F85346AE1807267BCA6C2517F9E73B3499F1DA3F19B2A92DA312B383BA62AF2179D58C8D625DDC1F2
                                                                      Malicious:false
                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370063340709362","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0"

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\44758608-fc49-4b4a-abf0-89d8196225ea.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):11060
                                                                      Entropy (8bit):5.164578092366925
                                                                      Encrypted:false
                                                                      SSDEEP:192:sVLkd5JX2Hm4lIA6RYs318cpj+FmYQAFUCf+S1f:sVLCJX2HdItpUzQIUCfP
                                                                      MD5:8D0076F6A8D6B5F13487F4C8C41C4954
                                                                      SHA1:ED775275B1BB7300440CD5B5A44D753563ABFA49
                                                                      SHA-256:D5E0E974525D1FC3B2FB9790756367B8F7ACD957005BF56ADE30000B6ECB17BE
                                                                      SHA-512:7F92185031C1338D6718B6C337700EF410845823D9CBE11AFC09A71C223C4D41A17D458B10287A72D0970843870F21117A83BCBCEAF1D3A8659EBA522D5ABEA6
                                                                      Malicious:false
                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370063340709362","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0"

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\92073c1f-2781-48c6-b581-379c82d8749d.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):30244
                                                                      Entropy (8bit):5.565965719797709
                                                                      Encrypted:false
                                                                      SSDEEP:768:u9jZ5s7pLGLvbSWPwWflZ8F1+UoAYDCx9Tuqh0VfUC9xbog/OVtGJX2JErwsDpHh:u9jZ5QcvbSWPwWflZu1jaoGJGJd8tD
                                                                      MD5:51C53405FBB47799D9FEB094CCAF6000
                                                                      SHA1:61E911620D18CEC486266FA64EDD18F8205B5C9C
                                                                      SHA-256:9614BAA31841E4BAE649433D1ABAA49CE570D9E7B95A12FFCA6F3432C3C0182B
                                                                      SHA-512:688D7DDFA189AAE900DCEF6E924CBCE45E6216D43FA4FAE5E7A6EB1D3B7FD8DBA7216D8EDC81F6A56AC334A351E4232C2D80A7851D0C74DB48798AC3F08E7498
                                                                      Malicious:false
                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370063339472998","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370063339472998","location":5,"ma

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9d07e2d1-9149-422d-810f-cc8d9b6d9490.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:very short file (no magic)
                                                                      Category:dropped
                                                                      Size (bytes):1
                                                                      Entropy (8bit):0.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:L:L
                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                      Malicious:false
                                                                      Preview:.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):16
                                                                      Entropy (8bit):3.2743974703476995
                                                                      Encrypted:false
                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                      Malicious:false
                                                                      Preview:MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:modified
                                                                      Size (bytes):12991
                                                                      Entropy (8bit):5.385956895234389
                                                                      Encrypted:false
                                                                      SSDEEP:192:BAMlAEH/WCxkD7MDPSYAxmemxb7mngJdv9TXJ4MQmLu5/4eeNdl:6kAEOKSXs/J7mGnQmLu5/5eNdl
                                                                      MD5:703775BF30680A094BFD859D1ECC1DEB
                                                                      SHA1:554A13B6CA623924DDB4038759B2A74B1B812CC6
                                                                      SHA-256:9C37A080EEF20C87490B631BAA5BB96FB718484FDD2AEA98382885417C434472
                                                                      SHA-512:72801A51D888996530D48C85A1CA2B3EB3519E788E483816A32F968F2FDFD87AD48558F95502A420F015E362299FBFBBA828053B3059E4A9D9AD315DF8E195F7
                                                                      Malicious:false
                                                                      Preview:...m.................DB_VERSION.1Z7...................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13370063346714570.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}]k....................QUERY_TIMESTAMP:edge_hub_apps_manifest_gz4.7.*.13370063346725286.$QUERY:edge_hub_apps_manifest_gz4.7.*..[{"name":"edge_hub_apps_manifest_gz","url":"https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline","version":{"major":4,"minor":7,"patch":107},"hash":"Qoxdh2pZS19o99emYo77uFsfzxtXVDB75kV6eln53YE=","size":1682291}]=_.../..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivileged

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):16
                                                                      Entropy (8bit):3.2743974703476995
                                                                      Encrypted:false
                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                      Malicious:false
                                                                      Preview:MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):293
                                                                      Entropy (8bit):5.095865435789837
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2XV3M1wkn23oH+Tcwt9Eh1ZB2KLll2X10zq2Pwkn23oH+Tcwt9Eh1tIFUv:P2BrfYeb9Eh1ZFLn2yzvYfYeb9Eh16F2
                                                                      MD5:F6792674C3FBE5C1C1564D431B789840
                                                                      SHA1:EA7191C68B8CF8D41F7D5A276490DB81DA561B5A
                                                                      SHA-256:EA0C039F61DE50F650764AE7FF491330F0AEB54A8A39277112BEF7E0D1E805EC
                                                                      SHA-512:7F12FCF86EB25F0D0F06D39852EF6382C57C8041A4105EA072410C2573F0DD60EA790709C99FEBED97FC3BF579DC3D3F24D2AABD02F701D60674047CF05CE54E
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:29:05.839 2344 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2024/09/05-22:29:06.039 2344 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:OpenPGP Secret Key
                                                                      Category:dropped
                                                                      Size (bytes):41
                                                                      Entropy (8bit):4.704993772857998
                                                                      Encrypted:false
                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                      Malicious:false
                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):12288
                                                                      Entropy (8bit):0.3202460253800455
                                                                      Encrypted:false
                                                                      SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                                      MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                                      SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                                      SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                                      SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):28672
                                                                      Entropy (8bit):0.46198005043983004
                                                                      Encrypted:false
                                                                      SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBNj8YG:TouQq3qh7z3bY2LNW9WMcUvBCd
                                                                      MD5:07C7EBEDD8858B911118BE19B4DFAF51
                                                                      SHA1:2BF4BF424922522368B9A82BE3FD7BB272EBD5D9
                                                                      SHA-256:DE9D793291A9CC07F347A098B9A09D4FC98C0351A81749A03C5E1F91AE63A8F0
                                                                      SHA-512:5D933FB5992F981446D55E1DFE7CB53B0892CEAA0C944537CA47D00F988DCA15E2B628B0AE621C920DFC77A60D43036C89988AB8C607589A0FFA33666C0C9327
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.01057775872642915
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsFl:/F
                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                      Malicious:false
                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):270336
                                                                      Entropy (8bit):8.280239615765425E-4
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.011852361981932763
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsHlDll:/H
                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.012340643231932763
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsGl3ll:/y
                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                      Category:dropped
                                                                      Size (bytes):262512
                                                                      Entropy (8bit):8.81240594570408E-4
                                                                      Encrypted:false
                                                                      SSDEEP:3:LsNlAR/K1:Ls30/K1
                                                                      MD5:1367AEC1FAAE56E975C5DA325CEA6E91
                                                                      SHA1:57A777EA04A39BCE3910EE9F316A8A3C5C450730
                                                                      SHA-256:E7C1E2284D1344DF4FE837627C37CAB28466B46038AD98E88409AA91C56FD3F6
                                                                      SHA-512:F5850B5C5F42EF786E02230FB48DDD538579F3A1101C4C31523D8113162A300E3BEA823A28A423EDDE3BDC00F314753981051A870DC2D2D42086E9600035BD92
                                                                      Malicious:false
                                                                      Preview:........................................5..t../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):16
                                                                      Entropy (8bit):3.2743974703476995
                                                                      Encrypted:false
                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                      Malicious:false
                                                                      Preview:MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):33
                                                                      Entropy (8bit):3.5394429593752084
                                                                      Encrypted:false
                                                                      SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                      MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                      SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                      SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                      SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                      Malicious:false
                                                                      Preview:...m.................DB_VERSION.1

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):16
                                                                      Entropy (8bit):3.2743974703476995
                                                                      Encrypted:false
                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                      Malicious:false
                                                                      Preview:MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):305
                                                                      Entropy (8bit):5.2179728275773485
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2XMFF4M1wkn23oH+TcwtnG2tbB2KLll2XH4q2Pwkn23oH+TcwtnG2tMsIFUv:P2o4rfYebn9VFLn2ovYfYebn9GFUv
                                                                      MD5:77755076BEAB04EB8DEAFE21E7361745
                                                                      SHA1:EA97C2B0814633919ED20CA4446248888F729479
                                                                      SHA-256:92FBACD59D15931AA2935459FD16DAC72FA34E86C65248F4FB0F9D060284AB61
                                                                      SHA-512:7A0D2EE7C162DC6CE7A8CD4B204682BAEF8AAF29F55A42825C3DC6B01B01902815C37AE0D9F843CE72C67CD13BE14C5CB2238C4CD72DD44C574749D10C89DDFA
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:28:59.946 1184 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2024/09/05-22:29:00.113 1184 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:OpenPGP Secret Key
                                                                      Category:dropped
                                                                      Size (bytes):41
                                                                      Entropy (8bit):4.704993772857998
                                                                      Encrypted:false
                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                      Malicious:false
                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                                      Category:dropped
                                                                      Size (bytes):32768
                                                                      Entropy (8bit):0.494709561094235
                                                                      Encrypted:false
                                                                      SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                                      MD5:CF7760533536E2AF66EA68BC3561B74D
                                                                      SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                                      SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                                      SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                      Category:dropped
                                                                      Size (bytes):20480
                                                                      Entropy (8bit):0.5094712832659277
                                                                      Encrypted:false
                                                                      SSDEEP:12:TLW4QpRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7me5q4iZ7dV:TLqpR+DDNzWjJ0npnyXKUO8+j25XmL
                                                                      MD5:D4971855DD087E30FC14DF1535B556B9
                                                                      SHA1:9E00DEFC7E54C75163273184837B9D0263AA528C
                                                                      SHA-256:EC7414FF1DB052E8E0E359801F863969866F19228F3D5C64F632D991C923F0D2
                                                                      SHA-512:ACA411D7819B03EF9C9ACA292D91B1258238DF229B4E165A032DB645E66BFE1148FF3DCFDAC3126FCD34DBD0892F420148E280D9716C63AD9FCDD9E7CA58D71D
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):16
                                                                      Entropy (8bit):3.2743974703476995
                                                                      Encrypted:false
                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                      Malicious:false
                                                                      Preview:MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):375520
                                                                      Entropy (8bit):5.354097555283321
                                                                      Encrypted:false
                                                                      SSDEEP:6144:DA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:DFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                      MD5:6237FACC6F5785D02BD3486F90F64E4B
                                                                      SHA1:8C4B2ED72A5C20680CD60B7FC01DA5E985D0E5FA
                                                                      SHA-256:F80BA31FAC97AA3DE6E2591CF03CDA9F94F824BD794EE84A80DD56EA998D70E9
                                                                      SHA-512:84AEAC60E5A53474AD5641710F793169441F5D5A8BEC6405D21B7122BFCFD81F0AFCA80C3BD9D8F362A9A9B4E046A46D52BB5D03C899400C3FBA34BDFA23BA01
                                                                      Malicious:false
                                                                      Preview:...m.................DB_VERSION.1.8;Eq...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13370063345823635..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):16
                                                                      Entropy (8bit):3.2743974703476995
                                                                      Encrypted:false
                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                      Malicious:false
                                                                      Preview:MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):309
                                                                      Entropy (8bit):5.177538097763795
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2Xsq1wkn23oH+Tcwtk2WwnvB2KLll2XM9+q2Pwkn23oH+Tcwtk2WwnvIFUv:P2cfYebkxwnvFLn2LvYfYebkxwnQFUv
                                                                      MD5:39646709A5C6FC0CFB8D4F6554E8BBA1
                                                                      SHA1:7F6F8F5FF117E08889CB17C6BA661D95FB367257
                                                                      SHA-256:0212A02809A81CD8AECA81FE7A7179850AD930769334C27E7A800A32C8C35359
                                                                      SHA-512:24DCF141C2F326DC3B93AA955DDB1BC565A4C6C312BB5B535C8A4010FDDF3AA85A2D44E9C799A5F1E9FBD38FA230D1C7BEC272F4EB84925FFF3A70BC216FA669
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:29:05.125 2318 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/05-22:29:05.162 2318 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:OpenPGP Secret Key
                                                                      Category:dropped
                                                                      Size (bytes):41
                                                                      Entropy (8bit):4.704993772857998
                                                                      Encrypted:false
                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                      Malicious:false
                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:modified
                                                                      Size (bytes):358859
                                                                      Entropy (8bit):5.324615595521504
                                                                      Encrypted:false
                                                                      SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RU:C1gAg1zfvM
                                                                      MD5:F3766363A865A505A829C4AE4F932699
                                                                      SHA1:849766ED4D5AB1D615AF4A98D0BD3B0EA1E0CE78
                                                                      SHA-256:1BB73A70C3E1560864BF4025551C7C43A9C1AF876BD84147638B379254E73359
                                                                      SHA-512:2BC1C0235053C6AC9A317A37E0C37331A7E57ED8BCC719C0139F152F6B84B40B80DD35FEF6471CE61A3044371A1F206689AA6691495C276EA44B604C0713C14F
                                                                      Malicious:false
                                                                      Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):16
                                                                      Entropy (8bit):3.2743974703476995
                                                                      Encrypted:false
                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                      Malicious:false
                                                                      Preview:MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):209
                                                                      Entropy (8bit):1.8784775129881184
                                                                      Encrypted:false
                                                                      SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                      MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                      SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                      SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                      SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                      Malicious:false
                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):16
                                                                      Entropy (8bit):3.2743974703476995
                                                                      Encrypted:false
                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                      Malicious:false
                                                                      Preview:MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):281
                                                                      Entropy (8bit):5.16716734388774
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2Xp1wkn23oH+Tcwt8aVdg2KLll2Xu+q2Pwkn23oH+Tcwt8aPrqIFUv:P2MfYeb0Ln2++vYfYebL3FUv
                                                                      MD5:8408B4693103F57B3936B1D46BA57416
                                                                      SHA1:38DD96CE6AC292766DEAB305DBEF9AF493F62D82
                                                                      SHA-256:0207BDB458AE4958F9153C682CE5314EC1C4B7010CA9B514E9C9CD990DE56B4E
                                                                      SHA-512:516D567B292BB038718412517366E68340ED746F3B0CA8EEF1C6198A79965A6B09B8649E0CE65969365B90124293022A81B9FA82F32F7A837B13D906D68F0F61
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:28:59.950 10bc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2024/09/05-22:28:59.962 10bc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:OpenPGP Secret Key
                                                                      Category:dropped
                                                                      Size (bytes):41
                                                                      Entropy (8bit):4.704993772857998
                                                                      Encrypted:false
                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                      Malicious:false
                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):16
                                                                      Entropy (8bit):3.2743974703476995
                                                                      Encrypted:false
                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                      Malicious:false
                                                                      Preview:MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):209
                                                                      Entropy (8bit):1.8784775129881184
                                                                      Encrypted:false
                                                                      SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                      MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                      SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                      SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                      SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                      Malicious:false
                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):16
                                                                      Entropy (8bit):3.2743974703476995
                                                                      Encrypted:false
                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                      Malicious:false
                                                                      Preview:MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):285
                                                                      Entropy (8bit):5.192504006652926
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2Xs1wkn23oH+Tcwt86FB2KLll2XdSN+q2Pwkn23oH+Tcwt865IFUv:P2bfYeb/FFLn2tSN+vYfYeb/WFUv
                                                                      MD5:48852A88B9710F0558C9739AF4BCC1FE
                                                                      SHA1:ACA82BB2D603E128DC4D9451003D82D0D3381AA6
                                                                      SHA-256:EE63EA264A72A3FB57AC3E7D94C7BA6A718BBBDA28BB1EF7EB530E6DEBB4CBC2
                                                                      SHA-512:A6D8B7C583932F47A0AE90F68F42B211F4A8AF7B8996FE82427E8E161EEE337D1A58F17C153574B9C5DAC99872202F6E8A91402A3AD1A44F666216D59B024CCC
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:28:59.964 10bc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2024/09/05-22:28:59.973 10bc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:OpenPGP Secret Key
                                                                      Category:dropped
                                                                      Size (bytes):41
                                                                      Entropy (8bit):4.704993772857998
                                                                      Encrypted:false
                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                      Malicious:false
                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):1197
                                                                      Entropy (8bit):1.8784775129881184
                                                                      Encrypted:false
                                                                      SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                      MD5:A2A3B1383E3AAC2430F44FC7BF3E447E
                                                                      SHA1:B807210A1205126A107A5FE25F070D2879407AA4
                                                                      SHA-256:90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
                                                                      SHA-512:396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
                                                                      Malicious:false
                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):322
                                                                      Entropy (8bit):5.108317769325327
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2Xhn9+q2Pwkn23oH+Tcwt8NIFUt822XhnJZmw+22X89VkwOwkn23oH+Tcwt8+ed:P2xn4vYfYebpFUt822xnJ/+22sD5JfYN
                                                                      MD5:0F3539D2BC6C146FC30C09746F64D8A5
                                                                      SHA1:186A53BFDFA03952086DDFD5BB6C16A493FF7F0D
                                                                      SHA-256:F98DC7D62F71EE08069ECDB6CDD4823CEE43FB3E7619D66D138A302B67C7BB60
                                                                      SHA-512:4A7062FBF6C46BA679D46E262BD8CE67EEDF9C0013E4AD0F5796CCD14C7828B8ADFE22F0CB0C8CD151BF2C4437D0B0796D3E0550EE52255EA89852BDD42D0699
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:29:00.921 1d28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/05-22:29:00.921 1d28 Recovering log #3.2024/09/05-22:29:00.922 1d28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):322
                                                                      Entropy (8bit):5.108317769325327
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2Xhn9+q2Pwkn23oH+Tcwt8NIFUt822XhnJZmw+22X89VkwOwkn23oH+Tcwt8+ed:P2xn4vYfYebpFUt822xnJ/+22sD5JfYN
                                                                      MD5:0F3539D2BC6C146FC30C09746F64D8A5
                                                                      SHA1:186A53BFDFA03952086DDFD5BB6C16A493FF7F0D
                                                                      SHA-256:F98DC7D62F71EE08069ECDB6CDD4823CEE43FB3E7619D66D138A302B67C7BB60
                                                                      SHA-512:4A7062FBF6C46BA679D46E262BD8CE67EEDF9C0013E4AD0F5796CCD14C7828B8ADFE22F0CB0C8CD151BF2C4437D0B0796D3E0550EE52255EA89852BDD42D0699
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:29:00.921 1d28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/05-22:29:00.921 1d28 Recovering log #3.2024/09/05-22:29:00.922 1d28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):4096
                                                                      Entropy (8bit):0.3169096321222068
                                                                      Encrypted:false
                                                                      SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                                      MD5:2554AD7847B0D04963FDAE908DB81074
                                                                      SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                                      SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                                      SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                      Category:dropped
                                                                      Size (bytes):32768
                                                                      Entropy (8bit):0.40981274649195937
                                                                      Encrypted:false
                                                                      SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                                      MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                                      SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                                      SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                                      SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):429
                                                                      Entropy (8bit):5.809210454117189
                                                                      Encrypted:false
                                                                      SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                      MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                      SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                      SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                      SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                      Malicious:false
                                                                      Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                      Category:dropped
                                                                      Size (bytes):20480
                                                                      Entropy (8bit):2.4405647196292692
                                                                      Encrypted:false
                                                                      SSDEEP:48:0Bmw6fU1zBd+2RypcrK2FS92FZhRYbrz1LMpbp+2gjGCHkJ/AztYZIHfmulhlBIa:0BCyHpjRelS9nsH4/AztcCuuoKwg8y
                                                                      MD5:0E7D3511E954D426EE6D6A023852B821
                                                                      SHA1:ED2C499A1601575EF21D7574B9BC01A026416DDC
                                                                      SHA-256:96127C0E73C4EE3FE99E9B170D8D9809CA1C366AE4C86879D57EC0EAE53C87C5
                                                                      SHA-512:694E9F5D70124E659C43663F192361F029356B9C3CF8A1DCD9D84D969722B12D7EA840739CB2E38FD1DEC98CAE896AC683CD27AEF05756A7E102CE3300103EA1
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 4
                                                                      Category:dropped
                                                                      Size (bytes):159744
                                                                      Entropy (8bit):0.644627711490051
                                                                      Encrypted:false
                                                                      SSDEEP:96:XHdFaU+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjNCwh:X9H+GPXBBE3upb0HtTTDxVj3
                                                                      MD5:9A9E99E2067887CEA913FCF3625DB249
                                                                      SHA1:6DEAC38D841FA7A14E1ACFAF87AE5EAF920A264E
                                                                      SHA-256:3FD57CCF42E776D8B3DF8CE506C4E4507D4F4FC7E50E98EEC5E8CE4B15DFF3C4
                                                                      SHA-512:CCFF9FD116E998D676D7A97FC073CDA8792F370F0A5C3B4480773ED9645ECA9D3FC6CA92F2347207471E6E35B255C022790482E1FEA3FEFD7CF016FE4C57B10C
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):8720
                                                                      Entropy (8bit):0.32756802934224966
                                                                      Encrypted:false
                                                                      SSDEEP:6:CA/J3+t76Y4QZZofU99pO0BY7VqR4EZY4QZvG5:zhHQws9LdJBQZG5
                                                                      MD5:85A1303CA9FC6ACBD9410C1B92CCA254
                                                                      SHA1:112F5E087D4DE7696743691BBD5375E83CFDC5CF
                                                                      SHA-256:EF3E64A16D0BF66F970F618DFBD9211B0FC29126891E1DE025D42D84E0AA18D7
                                                                      SHA-512:B0B9228381A4C4502C2F6A31E0FDF85756E0B8479C20E4CAF52BA2EFD75AD8EB4514F2E7BF779FDEB06D58C2969A76C95646D11AD28C95B3DF3BD5654730B52E
                                                                      Malicious:false
                                                                      Preview:.............o...'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 2
                                                                      Category:dropped
                                                                      Size (bytes):28672
                                                                      Entropy (8bit):0.33890226319329847
                                                                      Encrypted:false
                                                                      SSDEEP:12:TLMfly7aoxrRGcAkSQdC6ae1//fxEjkE/RFL2iFV1eHFxOUwa5qgufTsZ75fOSI:TLYcjr0+Pdajk+FZH1W6UwccI5fBI
                                                                      MD5:971F4C153D386AC7ED39363C31E854FC
                                                                      SHA1:339841CA0088C9EABDE4AACC8567D2289CCB9544
                                                                      SHA-256:B6468DA6EC0EAE580B251692CFE24620D39412954421BBFDECB13EF21BE7BC88
                                                                      SHA-512:1A4DD0C2BE163AAB3B81D63DEB4A7DB6421612A6CF1A5685951F86B7D5A40B67FC6585B7E52AA0CC20FF47349F15DFF0C9038086E3A7C78AE0FFBEE6D8AA7F7E
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):406
                                                                      Entropy (8bit):5.194280940567418
                                                                      Encrypted:false
                                                                      SSDEEP:12:P2EuqvYfYeb8rcHEZrELFUt822X/+22F5JfYeb8rcHEZrEZSJ:eE1YfYeb8nZrExg89uXJfYeb8nZrEZe
                                                                      MD5:1D5A28DE897EF1F260F7D57F89DF9B03
                                                                      SHA1:C6C68AA170AD95A513A50D1C65C9F7C82F03A1F2
                                                                      SHA-256:D8F1715FD76CC7878585866798C38797B10FB7C32F7729BBD4D41C59A9434485
                                                                      SHA-512:C44FCA3DC4B434C948224B53A78D9D07C2402E28E57B0D7F4C6A24CD1AD7B8C889DB28DFB56AB6B483DD43F18D3AD57E79B9195675BE4C008C8348DBB6D1C168
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:29:02.129 1d20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/05-22:29:02.130 1d20 Recovering log #3.2024/09/05-22:29:02.130 1d20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):406
                                                                      Entropy (8bit):5.194280940567418
                                                                      Encrypted:false
                                                                      SSDEEP:12:P2EuqvYfYeb8rcHEZrELFUt822X/+22F5JfYeb8rcHEZrEZSJ:eE1YfYeb8nZrExg89uXJfYeb8nZrEZe
                                                                      MD5:1D5A28DE897EF1F260F7D57F89DF9B03
                                                                      SHA1:C6C68AA170AD95A513A50D1C65C9F7C82F03A1F2
                                                                      SHA-256:D8F1715FD76CC7878585866798C38797B10FB7C32F7729BBD4D41C59A9434485
                                                                      SHA-512:C44FCA3DC4B434C948224B53A78D9D07C2402E28E57B0D7F4C6A24CD1AD7B8C889DB28DFB56AB6B483DD43F18D3AD57E79B9195675BE4C008C8348DBB6D1C168
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:29:02.129 1d20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/05-22:29:02.130 1d20 Recovering log #3.2024/09/05-22:29:02.130 1d20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):334
                                                                      Entropy (8bit):5.114699216064342
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2XuspM+q2Pwkn23oH+Tcwt8a2jMGIFUt822XosmZmw+22XbnMVkwOwkn23oH+Tg:P2+si+vYfYeb8EFUt822bm/+22LMV5Jg
                                                                      MD5:87FFA12B999615738EEFEB558DE4F4C0
                                                                      SHA1:742D8425F435FEE7F832E8B95E4E38010A2B80D0
                                                                      SHA-256:ECE8BB78E80930BF9A264B52F255FE771720276C7189EE7718207916528EBF94
                                                                      SHA-512:B2A839598075D72E98568CC376F676278408C64925640F7966DB6BA1505F5AF8F1037E9AC3351D67D7FD237C82C0F5DCB6CC76F9C36A9A82F63A626A59FBF36A
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:29:00.950 1e1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/05-22:29:00.956 1e1c Recovering log #3.2024/09/05-22:29:00.961 1e1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):334
                                                                      Entropy (8bit):5.114699216064342
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2XuspM+q2Pwkn23oH+Tcwt8a2jMGIFUt822XosmZmw+22XbnMVkwOwkn23oH+Tg:P2+si+vYfYeb8EFUt822bm/+22LMV5Jg
                                                                      MD5:87FFA12B999615738EEFEB558DE4F4C0
                                                                      SHA1:742D8425F435FEE7F832E8B95E4E38010A2B80D0
                                                                      SHA-256:ECE8BB78E80930BF9A264B52F255FE771720276C7189EE7718207916528EBF94
                                                                      SHA-512:B2A839598075D72E98568CC376F676278408C64925640F7966DB6BA1505F5AF8F1037E9AC3351D67D7FD237C82C0F5DCB6CC76F9C36A9A82F63A626A59FBF36A
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:29:00.950 1e1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/05-22:29:00.956 1e1c Recovering log #3.2024/09/05-22:29:00.961 1e1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                                                      Category:dropped
                                                                      Size (bytes):57344
                                                                      Entropy (8bit):0.863060653641558
                                                                      Encrypted:false
                                                                      SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                                                      MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                                                      SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                                                      SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                                                      SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):45056
                                                                      Entropy (8bit):0.40293591932113104
                                                                      Encrypted:false
                                                                      SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                                      MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                                      SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                                      SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                                      SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\19582b8d-749f-4aa6-8d8b-ae3407df213d.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2271
                                                                      Entropy (8bit):5.266407202115042
                                                                      Encrypted:false
                                                                      SSDEEP:48:YXs28s1FfcdshC5sKgsPrszgnsYW+H/siYsJ+HpWCbZ:uJF9yHuEW4rp4pP1
                                                                      MD5:80E0727C010A750B05DAD470DD7A941D
                                                                      SHA1:D1B7DA85B578A2DC1A02154B31ACEB3A97096439
                                                                      SHA-256:E217A2DA6B21F9720EB7ECBDE8DF372194F014DE901CE7CC95A7C2F563E4709A
                                                                      SHA-512:14B58A406352A5B199C0ADBDFF6517EEF156B38F9C507A32FA1DB10182E7AB3E716A7E7E58F70BE7A1FE3E9EDEFAB041FA734FD98CC5AFF07C14EB4ECE99ED07
                                                                      Malicious:false
                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372655343238621","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372655344576992","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370156945345476","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372655345504258","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpn

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\49e98427-d2b0-453d-b64a-216abe919f51.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):111
                                                                      Entropy (8bit):4.718418993774295
                                                                      Encrypted:false
                                                                      SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                      MD5:285252A2F6327D41EAB203DC2F402C67
                                                                      SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                      SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                      SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                      Malicious:false
                                                                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\77cdbfa1-188b-4dbc-ae28-110cc7b8c900.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2
                                                                      Entropy (8bit):1.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:H:H
                                                                      MD5:D751713988987E9331980363E24189CE
                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                      Malicious:false
                                                                      Preview:[]

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7a813a5c-50a6-4d80-8f63-e576ba62fe39.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):40
                                                                      Entropy (8bit):4.1275671571169275
                                                                      Encrypted:false
                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                      Malicious:false
                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                      Category:dropped
                                                                      Size (bytes):20480
                                                                      Entropy (8bit):1.0787617840777464
                                                                      Encrypted:false
                                                                      SSDEEP:48:T2dKLopF+SawLUO1Xj8BmtXGq6FR2cNC07OFyPr:ige+Aum4acNXlr
                                                                      MD5:14179682A01883DFFE3D76C0433B55C3
                                                                      SHA1:AC36275FE6200E870D4B195309D596E3F2BC600B
                                                                      SHA-256:3E80B6B47E6DC69B17E9794874BC984FC4958E379E4C0FFA52DC466426E47E25
                                                                      SHA-512:09C449280FA13A0BB5D279D3319F2C69C6C8C433573022BEBE5675C7A58589E77D8D1B2B766D805F620CF179441ADCD039D9FB48EE3F59E40DAC0C2A6CE99798
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):61
                                                                      Entropy (8bit):3.926136109079379
                                                                      Encrypted:false
                                                                      SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                      MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                      SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                      SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                      SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                      Malicious:false
                                                                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2c4cd.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):61
                                                                      Entropy (8bit):3.926136109079379
                                                                      Encrypted:false
                                                                      SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                      MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                      SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                      SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                      SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                      Malicious:false
                                                                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3af3c.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):61
                                                                      Entropy (8bit):3.926136109079379
                                                                      Encrypted:false
                                                                      SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                      MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                      SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                      SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                      SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                      Malicious:false
                                                                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                      Category:dropped
                                                                      Size (bytes):36864
                                                                      Entropy (8bit):1.3281835601172758
                                                                      Encrypted:false
                                                                      SSDEEP:96:uIEumQv8m1ccnvS6uDo2dQF2YQ9UZX18rRVkI:uIEumQv8m1ccnvS63282rUZXSd
                                                                      MD5:95C5BB6DF56826357FE498401AE6E36E
                                                                      SHA1:12B07EE973A6F4552D5B71C3F481A9C873F4B3FF
                                                                      SHA-256:973BC2EF1990ECCA56217B4C6166F32018EBC13B7CEB3FCFAABD13DE39AEF690
                                                                      SHA-512:99D6BFC6724E4C28FC59EF01C8B09414FB443FB70621765892F51F121E2C4E4FBBF08AA14B2AA64372A9945814A3AA37B7731514A19249E65070A4C4FDBBAA5B
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2
                                                                      Entropy (8bit):1.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:H:H
                                                                      MD5:D751713988987E9331980363E24189CE
                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                      Malicious:false
                                                                      Preview:[]

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2a5ac.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2
                                                                      Entropy (8bit):1.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:H:H
                                                                      MD5:D751713988987E9331980363E24189CE
                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                      Malicious:false
                                                                      Preview:[]

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2b934.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2
                                                                      Entropy (8bit):1.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:H:H
                                                                      MD5:D751713988987E9331980363E24189CE
                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                      Malicious:false
                                                                      Preview:[]

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2bcfd.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2
                                                                      Entropy (8bit):1.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:H:H
                                                                      MD5:D751713988987E9331980363E24189CE
                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                      Malicious:false
                                                                      Preview:[]

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):40
                                                                      Entropy (8bit):4.1275671571169275
                                                                      Encrypted:false
                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                      Malicious:false
                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):203
                                                                      Entropy (8bit):5.4042796420747425
                                                                      Encrypted:false
                                                                      SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                      MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                      SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                      SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                      SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                      Malicious:false
                                                                      Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2c598.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):203
                                                                      Entropy (8bit):5.4042796420747425
                                                                      Encrypted:false
                                                                      SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                      MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                      SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                      SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                      SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                      Malicious:false
                                                                      Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF3d36e.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):203
                                                                      Entropy (8bit):5.4042796420747425
                                                                      Encrypted:false
                                                                      SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                      MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                      SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                      SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                      SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                      Malicious:false
                                                                      Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):36864
                                                                      Entropy (8bit):0.36515621748816035
                                                                      Encrypted:false
                                                                      SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                      MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                      SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                      SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                      SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c699d1a2-7bb8-46a4-8e0d-dbba56c38a6a.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2
                                                                      Entropy (8bit):1.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:H:H
                                                                      MD5:D751713988987E9331980363E24189CE
                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                      Malicious:false
                                                                      Preview:[]

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d37af753-f028-4aba-8ac2-98cb049c24af.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):355
                                                                      Entropy (8bit):5.446948398174112
                                                                      Encrypted:false
                                                                      SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQcdgrWTBv31dB8wXwlmUUAnIMp5KA85/:YWyX5Sg9vt+UAnIQcmWTR7N+UAnIlx0Q
                                                                      MD5:25A43071075586CCECAA8B4EF834A1C6
                                                                      SHA1:9D5825BA0D23781DAF7B873FCCA565F44D2D28A8
                                                                      SHA-256:E439E8D74CF9445F660252039DB74B38F54E5683650810EC4CB4EC1401EE307F
                                                                      SHA-512:7A8656D8C11DF08C64C8C23162F639BAE15BE4C0571B5E6A63845B22C264586184B5B9E29DA41219AAD80434BD2041A21E6F564B0ABC0AFAFF63053905B5EB11
                                                                      Malicious:false
                                                                      Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1757125751.567567,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725589751.567571}],"version":2}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\da41c278-8791-4321-b119-64e6a99ec75a.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):354
                                                                      Entropy (8bit):5.473882841398997
                                                                      Encrypted:false
                                                                      SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQcdhBv31dB8wXwlmUUAnIMp51K5SQ:YWyX5Sg9vt+UAnIQc3R7N+UAnIkK0Q
                                                                      MD5:F4FA29379DD3B9D62D992BDFCC8776B3
                                                                      SHA1:A75F715E643862A8AD7A79777C17786A7DAD2435
                                                                      SHA-256:AF23F31D1C129E451DAD934163001B27A5705A1288449D3E6E55B9FBAD32800F
                                                                      SHA-512:C520480C6E4A39A4BE6C42D3B8EB451F7401896F1A730E582931BED8BC2880A2D06879D84087E88012532ABE577FEBB737E2B59DD085984EA5AB1B98A6BB67A5
                                                                      Malicious:false
                                                                      Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1757125813.047606,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725589813.04761}],"version":2}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e6ccff35-f91f-4d22-b93a-e0e36d0541ea.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2
                                                                      Entropy (8bit):1.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:H:H
                                                                      MD5:D751713988987E9331980363E24189CE
                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                      Malicious:false
                                                                      Preview:[]

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f3d7b032-d446-44bc-96f3-145fe17b5062.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2
                                                                      Entropy (8bit):1.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:H:H
                                                                      MD5:D751713988987E9331980363E24189CE
                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                      Malicious:false
                                                                      Preview:[]

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                      Category:dropped
                                                                      Size (bytes):20480
                                                                      Entropy (8bit):0.5744102022039023
                                                                      Encrypted:false
                                                                      SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isCHIrdNG7fdjxHIXOFSY:TLiOUOq0afDdWec9sJKG7zo7J5fc
                                                                      MD5:8B7CCBAE5FB8F1D3FDB331AED0833FB0
                                                                      SHA1:7924CE8D7CF818F1132F1C8A047FBEEF13F18877
                                                                      SHA-256:8029C4EAA75734867C5970AB41422A7F551EBFDF65E152C09F8A4038B17080C8
                                                                      SHA-512:23B07F98E037ECC9BAAB37EA93264503B936CA180F4873D19944D186F3529926CBDC7A0962E7A51EADC8CEB2CA85D94BFC3C431D0068B8320C45BF24C0DDB163
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):9701
                                                                      Entropy (8bit):4.94418533476496
                                                                      Encrypted:false
                                                                      SSDEEP:192:sVLkd5JX2HaYs3T8cpj+FmYQA/sCf+S1f:sVLCJX2H8pUzQ6sCfP
                                                                      MD5:AA42DB36AEA2DEB02BD95FF0137F5977
                                                                      SHA1:0FD5EE684C174F478E98E30E55A2931F7F4E1126
                                                                      SHA-256:7E904628D3CA10E6F4DDC2327C800D446D208681F7A0B56C7D887DBF4F6D6102
                                                                      SHA-512:E26B46556AA5BBDF35D650220C4303E99F1F8681C67CE56F85346AE1807267BCA6C2517F9E73B3499F1DA3F19B2A92DA312B383BA62AF2179D58C8D625DDC1F2
                                                                      Malicious:false
                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370063340709362","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0"

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2e43c.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):9701
                                                                      Entropy (8bit):4.94418533476496
                                                                      Encrypted:false
                                                                      SSDEEP:192:sVLkd5JX2HaYs3T8cpj+FmYQA/sCf+S1f:sVLCJX2H8pUzQ6sCfP
                                                                      MD5:AA42DB36AEA2DEB02BD95FF0137F5977
                                                                      SHA1:0FD5EE684C174F478E98E30E55A2931F7F4E1126
                                                                      SHA-256:7E904628D3CA10E6F4DDC2327C800D446D208681F7A0B56C7D887DBF4F6D6102
                                                                      SHA-512:E26B46556AA5BBDF35D650220C4303E99F1F8681C67CE56F85346AE1807267BCA6C2517F9E73B3499F1DA3F19B2A92DA312B383BA62AF2179D58C8D625DDC1F2
                                                                      Malicious:false
                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370063340709362","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0"

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3283a.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):9701
                                                                      Entropy (8bit):4.94418533476496
                                                                      Encrypted:false
                                                                      SSDEEP:192:sVLkd5JX2HaYs3T8cpj+FmYQA/sCf+S1f:sVLCJX2H8pUzQ6sCfP
                                                                      MD5:AA42DB36AEA2DEB02BD95FF0137F5977
                                                                      SHA1:0FD5EE684C174F478E98E30E55A2931F7F4E1126
                                                                      SHA-256:7E904628D3CA10E6F4DDC2327C800D446D208681F7A0B56C7D887DBF4F6D6102
                                                                      SHA-512:E26B46556AA5BBDF35D650220C4303E99F1F8681C67CE56F85346AE1807267BCA6C2517F9E73B3499F1DA3F19B2A92DA312B383BA62AF2179D58C8D625DDC1F2
                                                                      Malicious:false
                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370063340709362","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0"

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3541c.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):9701
                                                                      Entropy (8bit):4.94418533476496
                                                                      Encrypted:false
                                                                      SSDEEP:192:sVLkd5JX2HaYs3T8cpj+FmYQA/sCf+S1f:sVLCJX2H8pUzQ6sCfP
                                                                      MD5:AA42DB36AEA2DEB02BD95FF0137F5977
                                                                      SHA1:0FD5EE684C174F478E98E30E55A2931F7F4E1126
                                                                      SHA-256:7E904628D3CA10E6F4DDC2327C800D446D208681F7A0B56C7D887DBF4F6D6102
                                                                      SHA-512:E26B46556AA5BBDF35D650220C4303E99F1F8681C67CE56F85346AE1807267BCA6C2517F9E73B3499F1DA3F19B2A92DA312B383BA62AF2179D58C8D625DDC1F2
                                                                      Malicious:false
                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370063340709362","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0"

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF39d6a.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):9701
                                                                      Entropy (8bit):4.94418533476496
                                                                      Encrypted:false
                                                                      SSDEEP:192:sVLkd5JX2HaYs3T8cpj+FmYQA/sCf+S1f:sVLCJX2H8pUzQ6sCfP
                                                                      MD5:AA42DB36AEA2DEB02BD95FF0137F5977
                                                                      SHA1:0FD5EE684C174F478E98E30E55A2931F7F4E1126
                                                                      SHA-256:7E904628D3CA10E6F4DDC2327C800D446D208681F7A0B56C7D887DBF4F6D6102
                                                                      SHA-512:E26B46556AA5BBDF35D650220C4303E99F1F8681C67CE56F85346AE1807267BCA6C2517F9E73B3499F1DA3F19B2A92DA312B383BA62AF2179D58C8D625DDC1F2
                                                                      Malicious:false
                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370063340709362","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0"

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):33
                                                                      Entropy (8bit):4.051821770808046
                                                                      Encrypted:false
                                                                      SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                                      MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                      SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                      SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                      SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                      Malicious:false
                                                                      Preview:{"preferred_apps":[],"version":1}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):25012
                                                                      Entropy (8bit):5.567486763583056
                                                                      Encrypted:false
                                                                      SSDEEP:768:u9jZsSWPwWfuZ8F1+UoAYDCx9Tuqh0VfUC9xbog/OVmX2JErwsLpHtuM:u9jZsSWPwWfuZu1jaPGJdQtv
                                                                      MD5:7CCCE1B3EB3CEE891B61C4E114E83A0F
                                                                      SHA1:76146F51E006C00ED94ACD78C567391F88F473D8
                                                                      SHA-256:DB6286DA4B1591346A427853041599AE1F7B1F7D84A61B530C5FB5ECFF26AFCB
                                                                      SHA-512:661EC1E70C7C5DFB106B110517817545FDF8BDA58D82012D9DE596735BDC1A23FC33A18E1E1A9DE37AB5ABDBEFFB61C7825065CDF5D24E05F463522DBDF51D9C
                                                                      Malicious:false
                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370063339472998","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370063339472998","location":5,"ma

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2dbdf.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):25012
                                                                      Entropy (8bit):5.567486763583056
                                                                      Encrypted:false
                                                                      SSDEEP:768:u9jZsSWPwWfuZ8F1+UoAYDCx9Tuqh0VfUC9xbog/OVmX2JErwsLpHtuM:u9jZsSWPwWfuZu1jaPGJdQtv
                                                                      MD5:7CCCE1B3EB3CEE891B61C4E114E83A0F
                                                                      SHA1:76146F51E006C00ED94ACD78C567391F88F473D8
                                                                      SHA-256:DB6286DA4B1591346A427853041599AE1F7B1F7D84A61B530C5FB5ECFF26AFCB
                                                                      SHA-512:661EC1E70C7C5DFB106B110517817545FDF8BDA58D82012D9DE596735BDC1A23FC33A18E1E1A9DE37AB5ABDBEFFB61C7825065CDF5D24E05F463522DBDF51D9C
                                                                      Malicious:false
                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370063339472998","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370063339472998","location":5,"ma

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):364
                                                                      Entropy (8bit):4.0376743154328
                                                                      Encrypted:false
                                                                      SSDEEP:6:S85aEFljljljljljljlaH/laDigTD/GTmw+CA5EEE:S+a8ljljljljljljlafUh6B+CA
                                                                      MD5:7AC7F493F4E5B712AD28C36A14CD5A82
                                                                      SHA1:B4A93DFCEEB7561924C986AE63DCF90442772F9D
                                                                      SHA-256:F204F17445006AA7DE5A672387042D0267F26B0AC33C519BF288AC8FF4338A51
                                                                      SHA-512:9D392D4F5B40529E4E8B44F5BD9912D56BA04B5CE5D542D9A163D17EE99845E583E79062D63666FE787543588F58DB1ED676A8569A32AFF131F8BFAD43565C04
                                                                      Malicious:false
                                                                      Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f...................j................next-map-id.1.Knamespace-a7fbd9a7_96f7_42f2_ac5c_528ffe8d9a34-https://accounts.google.com/.0V.e................V.e................V.e................V.e................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):322
                                                                      Entropy (8bit):5.1140035019426024
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2XXM+q2Pwkn23oH+TcwtrQMxIFUt822XNZmw+22XbMVkwOwkn23oH+TcwtrQMFd:P2s+vYfYebCFUt822d/+224V5JfYebtJ
                                                                      MD5:D4C4E3A6820C599920F21AD28394CFA7
                                                                      SHA1:FCE6B4FC9F5CE6E8B1FED88A33B8848B3753836E
                                                                      SHA-256:97D8E4ECF048D273BC3D3EA54E8FF71C719459FFFDEE0BF9C97E8B412DE34B25
                                                                      SHA-512:A32F9826F28497897D78F5A25B77252F3B04FCFBB2AC0D561D5C7DAE3C5B17D73B47750F76784FE622BE95B6ACC275D04695E8D4519A3865E2CB41E60B1BDD3B
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:29:00.983 1e1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/05-22:29:00.984 1e1c Recovering log #3.2024/09/05-22:29:00.987 1e1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):322
                                                                      Entropy (8bit):5.1140035019426024
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2XXM+q2Pwkn23oH+TcwtrQMxIFUt822XNZmw+22XbMVkwOwkn23oH+TcwtrQMFd:P2s+vYfYebCFUt822d/+224V5JfYebtJ
                                                                      MD5:D4C4E3A6820C599920F21AD28394CFA7
                                                                      SHA1:FCE6B4FC9F5CE6E8B1FED88A33B8848B3753836E
                                                                      SHA-256:97D8E4ECF048D273BC3D3EA54E8FF71C719459FFFDEE0BF9C97E8B412DE34B25
                                                                      SHA-512:A32F9826F28497897D78F5A25B77252F3B04FCFBB2AC0D561D5C7DAE3C5B17D73B47750F76784FE622BE95B6ACC275D04695E8D4519A3865E2CB41E60B1BDD3B
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:29:00.983 1e1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/05-22:29:00.984 1e1c Recovering log #3.2024/09/05-22:29:00.987 1e1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13370063341943344

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):9188
                                                                      Entropy (8bit):4.0529685127079045
                                                                      Encrypted:false
                                                                      SSDEEP:192:3lkB3Po7Y7A9r3Po7YtAgU3Po7YnepePN3Po7YfG:wsY7AdsYtA3sYeGsYO
                                                                      MD5:C423BA9A97792DCD9C9F812B9B3F5493
                                                                      SHA1:44D29D86E3994A7615D0A8D760F19273FD41AC92
                                                                      SHA-256:87E78989E6A61A9AF61E5A1EA4D6FE35E48888264FA9EE621DFB0D1E421F8354
                                                                      SHA-512:E28FD109AE8C595A241259EA0C5B41A3032C7B90880AF004D409E602BE7023E97B82D56725775358FB47831CFD5280EA3F6D99FAF22FD7A69F911C7F4D2A5774
                                                                      Malicious:false
                                                                      Preview:SNSS........1.3............1.3......".1.3............1.3........1.3........1.3........1.3....!...1.3................................1.3.1.31..,....1.3$...a7fbd9a7_96f7_42f2_ac5c_528ffe8d9a34....1.3........1.3...............1.3....1.3........................1.3....................5..0....1.3&...{1A5CCF63-1000-409F-B5C1-AFEC7F75D4D9}......1.3...........1.3........................1.3............1.3....;...https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd&ifkv=Ab5oB3rT3ru3jTRKbk0vplgf4mlCUhqOlR9kjvKxynShvM2TGTOD30HnCZ6eQTQSAniKOTXH0hn_&service=accountsettings&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S187947718%3A1725589745033549&ddm=0.............!.......................................................................................................({.+j!..){.+j!..H.......`...............X.......................................................~...;...h.t.t.p.s.:././.a.c.c.o.u.n.t.s...g.o.o.g.l.e...c.o.m./.v

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):20480
                                                                      Entropy (8bit):0.44194574462308833
                                                                      Encrypted:false
                                                                      SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                      MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                      SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                      SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                      SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):350
                                                                      Entropy (8bit):5.168830420588738
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2XgFN+q2Pwkn23oH+Tcwt7Uh2ghZIFUt822XNHmZmw+22XnNVkwOwkn23oH+Tcz:P2QN+vYfYebIhHh2FUt822lm/+22dV5K
                                                                      MD5:1F1A8CFCDBD0DF81B4FE2B15946C893D
                                                                      SHA1:93389D12AAAB82BCD9CE8D1E3708FD7235A93C65
                                                                      SHA-256:CC85DD32E44285399F977203111D70B5B90B7FB1EBB2AEE3C998A2016374EAA5
                                                                      SHA-512:96052C4F386483D9F13F344804EECC9C3B5FDA79BBFEBC4BE70194F4EE99955ADD494CDCE5C901EC8CDBDA8B2D2F1C582B28FB3487DF87232BF68AA06442EE70
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:28:59.933 10bc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/05-22:28:59.937 10bc Recovering log #3.2024/09/05-22:28:59.938 10bc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):350
                                                                      Entropy (8bit):5.168830420588738
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2XgFN+q2Pwkn23oH+Tcwt7Uh2ghZIFUt822XNHmZmw+22XnNVkwOwkn23oH+Tcz:P2QN+vYfYebIhHh2FUt822lm/+22dV5K
                                                                      MD5:1F1A8CFCDBD0DF81B4FE2B15946C893D
                                                                      SHA1:93389D12AAAB82BCD9CE8D1E3708FD7235A93C65
                                                                      SHA-256:CC85DD32E44285399F977203111D70B5B90B7FB1EBB2AEE3C998A2016374EAA5
                                                                      SHA-512:96052C4F386483D9F13F344804EECC9C3B5FDA79BBFEBC4BE70194F4EE99955ADD494CDCE5C901EC8CDBDA8B2D2F1C582B28FB3487DF87232BF68AA06442EE70
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:28:59.933 10bc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/05-22:28:59.937 10bc Recovering log #3.2024/09/05-22:28:59.938 10bc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.01057775872642915
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsFl:/F
                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                      Malicious:false
                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):270336
                                                                      Entropy (8bit):8.280239615765425E-4
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.011852361981932763
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsHlDll:/H
                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.012340643231932763
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsGl3ll:/y
                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                      Category:dropped
                                                                      Size (bytes):524656
                                                                      Entropy (8bit):4.6377872329235307E-4
                                                                      Encrypted:false
                                                                      SSDEEP:3:LsulBX:Ls8
                                                                      MD5:AE95A8915E3E3D987E529859A80160F2
                                                                      SHA1:383AD366C1279FEC76B5BDD4E27CF0FCA39E1F2E
                                                                      SHA-256:1B3256CED0042752D11CB45A49C3E4111AD246D391DF847D1A3167783FD314AA
                                                                      SHA-512:44DAF8369FCA3D8538643F8F5A443B6C9D5685A664DC09B6F714AE88349E5A185E3FE52E3626F1E636D081BDE890EBA0054094C7295D3F8181B8772AAB8AE2C8
                                                                      Malicious:false
                                                                      Preview:.........................................ZUt../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.01057775872642915
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsFl:/F
                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                      Malicious:false
                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):270336
                                                                      Entropy (8bit):0.0012471779557650352
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.011852361981932763
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsHlDll:/H
                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.012340643231932763
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsGl3ll:/y
                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                      Category:dropped
                                                                      Size (bytes):262512
                                                                      Entropy (8bit):8.81240594570408E-4
                                                                      Encrypted:false
                                                                      SSDEEP:3:LsNl7t:Ls3J
                                                                      MD5:E05428D76D895ED9917DC83D1B65AE2E
                                                                      SHA1:FE72A989FC323DCB41906783A21E524F0BBA9B89
                                                                      SHA-256:5413D8CE759BEFF69AF8E1CBBCAED95E249A362D86B4C611A7CE2FB871AF47A3
                                                                      SHA-512:78B4D37C1087FC0B1B3577A327ADA23B077D38BE7D9AEA0D14A33C9597DD2675AA24CF307B5316BC3575F9A2EC119A74D47428D03D0663EC566EBB3B5B882E35
                                                                      Malicious:false
                                                                      Preview:.........................................\.t../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):270336
                                                                      Entropy (8bit):0.0012471779557650352
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):432
                                                                      Entropy (8bit):5.207387402142878
                                                                      Encrypted:false
                                                                      SSDEEP:12:P2H+vYfYebvqBQFUt822e/+226FqiV5JfYebvqBvJ:e8YfYebvZg8996sEJfYebvk
                                                                      MD5:FE2C58056077E51192673295BC05607F
                                                                      SHA1:38DDE4FEF7B3CF577A5EB2D9D4E99581810163AE
                                                                      SHA-256:9376BD271ABD04E9806A030E30CB713A103DC7FA18DA41FC58838148748C995E
                                                                      SHA-512:B0B461A01EF5BFFD55FB150EFFF45AC836D968212E521FA0A3130BDCF11A4D093D10BF84D04914FD9F6E57911AA7E5C38B956192736BD4DF39EB1593AF7E8FDB
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:29:00.995 1e1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/05-22:29:00.996 1e1c Recovering log #3.2024/09/05-22:29:00.998 1e1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):432
                                                                      Entropy (8bit):5.207387402142878
                                                                      Encrypted:false
                                                                      SSDEEP:12:P2H+vYfYebvqBQFUt822e/+226FqiV5JfYebvqBvJ:e8YfYebvZg8996sEJfYebvk
                                                                      MD5:FE2C58056077E51192673295BC05607F
                                                                      SHA1:38DDE4FEF7B3CF577A5EB2D9D4E99581810163AE
                                                                      SHA-256:9376BD271ABD04E9806A030E30CB713A103DC7FA18DA41FC58838148748C995E
                                                                      SHA-512:B0B461A01EF5BFFD55FB150EFFF45AC836D968212E521FA0A3130BDCF11A4D093D10BF84D04914FD9F6E57911AA7E5C38B956192736BD4DF39EB1593AF7E8FDB
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:29:00.995 1e1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/05-22:29:00.996 1e1c Recovering log #3.2024/09/05-22:29:00.998 1e1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\33c5d3ae-a1eb-4f6f-bc08-c3008ab9fe1a.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2
                                                                      Entropy (8bit):1.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:H:H
                                                                      MD5:D751713988987E9331980363E24189CE
                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                      Malicious:false
                                                                      Preview:[]

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\3d535c58-3fc4-4d76-bede-bb2c08793bc9.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):111
                                                                      Entropy (8bit):4.718418993774295
                                                                      Encrypted:false
                                                                      SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                      MD5:285252A2F6327D41EAB203DC2F402C67
                                                                      SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                      SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                      SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                      Malicious:false
                                                                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\4f3d28ca-f98f-4602-ac35-26cf205b3ac1.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):40
                                                                      Entropy (8bit):4.1275671571169275
                                                                      Encrypted:false
                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                      Malicious:false
                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\53ac6767-1607-430f-850d-c841b79b831e.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2
                                                                      Entropy (8bit):1.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:H:H
                                                                      MD5:D751713988987E9331980363E24189CE
                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                      Malicious:false
                                                                      Preview:[]

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):193
                                                                      Entropy (8bit):4.864047146590611
                                                                      Encrypted:false
                                                                      SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                      MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                      SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                      SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                      SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                      Malicious:false
                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF3b8a3.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):193
                                                                      Entropy (8bit):4.864047146590611
                                                                      Encrypted:false
                                                                      SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                      MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                      SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                      SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                      SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                      Malicious:false
                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                      Category:dropped
                                                                      Size (bytes):36864
                                                                      Entropy (8bit):0.555790634850688
                                                                      Encrypted:false
                                                                      SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                                      MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                                      SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                                      SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                                      SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2
                                                                      Entropy (8bit):1.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:H:H
                                                                      MD5:D751713988987E9331980363E24189CE
                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                      Malicious:false
                                                                      Preview:[]

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2b934.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2
                                                                      Entropy (8bit):1.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:H:H
                                                                      MD5:D751713988987E9331980363E24189CE
                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                      Malicious:false
                                                                      Preview:[]

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2bcfd.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2
                                                                      Entropy (8bit):1.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:H:H
                                                                      MD5:D751713988987E9331980363E24189CE
                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                      Malicious:false
                                                                      Preview:[]

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):40
                                                                      Entropy (8bit):4.1275671571169275
                                                                      Encrypted:false
                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                      Malicious:false
                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):36864
                                                                      Entropy (8bit):0.36515621748816035
                                                                      Encrypted:false
                                                                      SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                      MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                      SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                      SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                      SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\aa4d76c6-4724-44a6-87a8-71e08647f95d.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2
                                                                      Entropy (8bit):1.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:H:H
                                                                      MD5:D751713988987E9331980363E24189CE
                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                      Malicious:false
                                                                      Preview:[]

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):80
                                                                      Entropy (8bit):3.4921535629071894
                                                                      Encrypted:false
                                                                      SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                      MD5:69449520FD9C139C534E2970342C6BD8
                                                                      SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                      SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                      SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                      Malicious:false
                                                                      Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):420
                                                                      Entropy (8bit):5.253695973387521
                                                                      Encrypted:false
                                                                      SSDEEP:12:P2T+vYfYebvqBZFUt822tA//+22xiV5JfYebvqBaJ:eQYfYebvyg89tXxEJfYebvL
                                                                      MD5:5E6985295787BB3B1EA628F88C6A0293
                                                                      SHA1:D4B3C34E4FF493BB7E1C77DA6DF9F39B9898B107
                                                                      SHA-256:54023456ED98BF0F73EAFDCD7E97C9D345232C4B8023E3DC51693F643D12C2FF
                                                                      SHA-512:678F020CAA84FFA709BF82AB80F357BEB269BEFDEE77DD9C3986C815191623F14F6E40C7CC8F5046B080B6367ED88F9A4781239900E7A6D007601448414E9EAC
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:29:16.947 1e1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/05-22:29:16.948 1e1c Recovering log #3.2024/09/05-22:29:16.951 1e1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):420
                                                                      Entropy (8bit):5.253695973387521
                                                                      Encrypted:false
                                                                      SSDEEP:12:P2T+vYfYebvqBZFUt822tA//+22xiV5JfYebvqBaJ:eQYfYebvyg89tXxEJfYebvL
                                                                      MD5:5E6985295787BB3B1EA628F88C6A0293
                                                                      SHA1:D4B3C34E4FF493BB7E1C77DA6DF9F39B9898B107
                                                                      SHA-256:54023456ED98BF0F73EAFDCD7E97C9D345232C4B8023E3DC51693F643D12C2FF
                                                                      SHA-512:678F020CAA84FFA709BF82AB80F357BEB269BEFDEE77DD9C3986C815191623F14F6E40C7CC8F5046B080B6367ED88F9A4781239900E7A6D007601448414E9EAC
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:29:16.947 1e1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/05-22:29:16.948 1e1c Recovering log #3.2024/09/05-22:29:16.951 1e1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):326
                                                                      Entropy (8bit):5.214767624410007
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2XtpM+q2Pwkn23oH+TcwtpIFUt822XiZmw+22XtMVkwOwkn23oH+Tcwta/WLJ:P2jM+vYfYebmFUt822S/+229MV5JfYev
                                                                      MD5:D628AF95EDB3279BBB3A698971B531F0
                                                                      SHA1:0CBDF96DC73A11CF1414E72780CACABD550B6EBA
                                                                      SHA-256:F9FC89FB53C9C0991637E5D89E055D84F712CBF33D3AC544323ED482E54B3452
                                                                      SHA-512:C4629590E98B05777847027D1098994F133112EE7535EDFD64707777DAF20F884B7E3B37C5E55F833BE3B1E7CB6F129BBDE43496336677F5683B3AC241FE3008
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:28:59.949 138c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/05-22:28:59.950 138c Recovering log #3.2024/09/05-22:28:59.950 138c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):326
                                                                      Entropy (8bit):5.214767624410007
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2XtpM+q2Pwkn23oH+TcwtpIFUt822XiZmw+22XtMVkwOwkn23oH+Tcwta/WLJ:P2jM+vYfYebmFUt822S/+229MV5JfYev
                                                                      MD5:D628AF95EDB3279BBB3A698971B531F0
                                                                      SHA1:0CBDF96DC73A11CF1414E72780CACABD550B6EBA
                                                                      SHA-256:F9FC89FB53C9C0991637E5D89E055D84F712CBF33D3AC544323ED482E54B3452
                                                                      SHA-512:C4629590E98B05777847027D1098994F133112EE7535EDFD64707777DAF20F884B7E3B37C5E55F833BE3B1E7CB6F129BBDE43496336677F5683B3AC241FE3008
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:28:59.949 138c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/05-22:28:59.950 138c Recovering log #3.2024/09/05-22:28:59.950 138c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                                      Category:dropped
                                                                      Size (bytes):28672
                                                                      Entropy (8bit):0.26707851465859517
                                                                      Encrypted:false
                                                                      SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                                                      MD5:04F8B790DF73BD7CD01238F4681C3F44
                                                                      SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                                                      SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                                                      SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):131072
                                                                      Entropy (8bit):0.005567161523650777
                                                                      Encrypted:false
                                                                      SSDEEP:3:ImtVx//l/9hltXlPyE/loOdK/ll:IiVt/BXYEto//
                                                                      MD5:84D92AB21D7B2EA48FAE086AF7F81EB1
                                                                      SHA1:881907A584CDBE9C067EFD4338D04FA052831A3B
                                                                      SHA-256:565FC73B243E7D102D85FEE3B2DDF071C8A17295877AEBF40492C137925D61E0
                                                                      SHA-512:80CA390A3A83B5C211D15C6C99B4F613B2DE913ADF13E3BA97A4408C1D2A342AB028C1DEC0F4B63D8B845D760F184F95C79BBD69619651C13DDC92288CB0DFE1
                                                                      Malicious:false
                                                                      Preview:VLnk.....?.........u.6Q.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5
                                                                      Category:dropped
                                                                      Size (bytes):184320
                                                                      Entropy (8bit):1.0664168748262308
                                                                      Encrypted:false
                                                                      SSDEEP:192:QSqzWMMUfTMQnGCTjHbRJkkqtXaWTK+hGgH+6e7EHVumYnX6n6:QrzWMffQQnzkkqtXnTK+hNH+5EVumN
                                                                      MD5:C7156295BF9D08DE4EFA103C9574626F
                                                                      SHA1:27AAE2BF9EAEB6CDAE2E6DDB84B145227ADB88D7
                                                                      SHA-256:74E6F2D4B9AB606BF477BD0D290BC7D70072A0878CF7D59E052976FD86D718F0
                                                                      SHA-512:CC12047AA0FB9523450F9D060C5CC2C3EDE2E95BB5DEC90DDE38260D70C346EAB369FB1EEC0A76C6A672AD66D584740A1670F6002C607E61812B508CC1EF70A6
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
                                                                      Category:dropped
                                                                      Size (bytes):14336
                                                                      Entropy (8bit):1.4124665235766798
                                                                      Encrypted:false
                                                                      SSDEEP:48:uOK3tjkSdj5IUltGhp22iSBgDC2Rypc9c+zh2Rypc7xj/:PtSjGhp22iSIdS1F
                                                                      MD5:336AB7846445017C73D9AD24BC12C99E
                                                                      SHA1:97A45D3C496B99FD6B2C090CE2D289FC5A2C685F
                                                                      SHA-256:7F1B7219EFFA0F9546054744B8CE48AB7255EA5A33833F7B672B785FB8253849
                                                                      SHA-512:4713DF5BA44CAE7D4A6141AF8E607BA092E297775DF0D118F40A356238269438380CC40B350F705B645C60596691091BB56570D9423366ED7DE5844E292F41F1
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):40960
                                                                      Entropy (8bit):0.41235120905181716
                                                                      Encrypted:false
                                                                      SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                      MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                      SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                      SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                      SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):11755
                                                                      Entropy (8bit):5.190465908239046
                                                                      Encrypted:false
                                                                      SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                      MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                      SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                      SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                      SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                      Malicious:false
                                                                      Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cdad6fb7-bc97-4c81-b682-e485f3f670d9.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):10988
                                                                      Entropy (8bit):5.16490304600644
                                                                      Encrypted:false
                                                                      SSDEEP:192:sVLkd5JX2Hm4lIA6RYs318cpj+FmYQAFsCf+S1f:sVLCJX2HdItpUzQIsCfP
                                                                      MD5:3FB6C611A81F4D9D415E2D6DAAB3C8CD
                                                                      SHA1:56777A54C8380E78A41FBF6F4F25821B832915A3
                                                                      SHA-256:5F5A7600C01767B4A19E3CC3D17281EE9D31DDF14E9832D4E73B4B58F2AFC227
                                                                      SHA-512:7A1E7C8E1F53146E9F075F52492171DC4170A32AAFA9FFEB8B0D4044E317F550D1CFC31C7986AC0FB171E4DC09B806BAE1BA78F203F74DA1AABD8A10AAD1FACF
                                                                      Malicious:false
                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370063340709362","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0"

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):28672
                                                                      Entropy (8bit):0.3410017321959524
                                                                      Encrypted:false
                                                                      SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                      MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                      SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                      SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                      SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\eea19220-161b-407b-b207-a0925416044b.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):25012
                                                                      Entropy (8bit):5.567486763583056
                                                                      Encrypted:false
                                                                      SSDEEP:768:u9jZsSWPwWfuZ8F1+UoAYDCx9Tuqh0VfUC9xbog/OVmX2JErwsLpHtuM:u9jZsSWPwWfuZu1jaPGJdQtv
                                                                      MD5:7CCCE1B3EB3CEE891B61C4E114E83A0F
                                                                      SHA1:76146F51E006C00ED94ACD78C567391F88F473D8
                                                                      SHA-256:DB6286DA4B1591346A427853041599AE1F7B1F7D84A61B530C5FB5ECFF26AFCB
                                                                      SHA-512:661EC1E70C7C5DFB106B110517817545FDF8BDA58D82012D9DE596735BDC1A23FC33A18E1E1A9DE37AB5ABDBEFFB61C7825065CDF5D24E05F463522DBDF51D9C
                                                                      Malicious:false
                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370063339472998","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370063339472998","location":5,"ma

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f572fb9e-cfe8-406c-8e78-466c96c0f0a7.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:very short file (no magic)
                                                                      Category:dropped
                                                                      Size (bytes):1
                                                                      Entropy (8bit):0.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:L:L
                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                      Malicious:false
                                                                      Preview:.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f5885e32-f6aa-4796-a2bd-6855bf0ccfb4.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):11098
                                                                      Entropy (8bit):5.163922477154682
                                                                      Encrypted:false
                                                                      SSDEEP:192:sVLkd5JX2Hm4lIA6RYs318cpj+FmYQA4UCf+S1f:sVLCJX2HdItpUzQVUCfP
                                                                      MD5:9545BAF1DE6BFF7F043B3AA9DD822A60
                                                                      SHA1:1CC2AD8A032ECB947E98C0613C3BC13F825159A9
                                                                      SHA-256:895DBF0CA4141C01BE3504CFDA5BD9061565C38CCB3502317CE5A0301048A8CE
                                                                      SHA-512:27A64D585C18F94B6CA177C8616354F4AA5A4F3DCEC0982DFFB0E155753313D90E276890CC99EA3D2D8935C5134169E652D1D89CF4DD34DA10D600AE58F9D1ED
                                                                      Malicious:false
                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370063340709362","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0"

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                      Category:dropped
                                                                      Size (bytes):16384
                                                                      Entropy (8bit):0.35226517389931394
                                                                      Encrypted:false
                                                                      SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                                      MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                                      SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                                      SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                                      SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):32768
                                                                      Entropy (8bit):0.0964175483113141
                                                                      Encrypted:false
                                                                      SSDEEP:6:G9l/QFhMl/QFhZ9XHl/Vl/Unkl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/u:CtQbMtQbjFnnnnnnnnnnnnnnpEo
                                                                      MD5:D3C5BD81B943D3B3E4E3A90D7571BBBC
                                                                      SHA1:594E2A7738910985540D7268D6A54D3438B585A6
                                                                      SHA-256:FD042C5BB4602FF16812CDDB2AAAD1D29A4E6A1E7C33B65B996F402C7F05567D
                                                                      SHA-512:479B7FA53FD5E1BDF710EED02E42BE7E015BD9AE1F3C05754286EE47959CC06FD18B535AC704B17046C45F37E9BE898E787762DB5185FDB5AC726C54E181A7EC
                                                                      Malicious:false
                                                                      Preview:..-.............H........HX..].........V.'D.N....-.............H........HX..].........V.'D.N..........D...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite Write-Ahead Log, version 3007000
                                                                      Category:dropped
                                                                      Size (bytes):296672
                                                                      Entropy (8bit):1.0011843629720292
                                                                      Encrypted:false
                                                                      SSDEEP:384:XjFd8eXFmFvFBJF0JF9JF+JF1JFdJFKJFyJF0XJF5nUJF7:Xp/0tFKxUpRwYC5q7
                                                                      MD5:4A59DEE71C2A935BA31EC4D64B1AE66D
                                                                      SHA1:99E5CB703D29227883F54D93BDDAE2B80B4E6BE7
                                                                      SHA-256:1EB4363D5B6B3750DB0A9D30F041D86E83DF423400C654A24ECE6680E443CBB6
                                                                      SHA-512:FD72EB1A094B9CC23C6BFD9364C76A8D4543D98FA7B142095491BBFA3C0A76C4CF77F001E349825B71448C1CB806C6872134C99F67C5EDE176117F4F57C73F9B
                                                                      Malicious:false
                                                                      Preview:7....-..................../..C^.................u..H#..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):16
                                                                      Entropy (8bit):3.2743974703476995
                                                                      Encrypted:false
                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                      Malicious:false
                                                                      Preview:MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:modified
                                                                      Size (bytes):250
                                                                      Entropy (8bit):3.681980121667722
                                                                      Encrypted:false
                                                                      SSDEEP:3:VVXntjQPEnjQCWVlkmtl3seGKT9rcQ6x4UNgEOtlTxotlTxotlTxotlTxotlTxoO:/XntM+xWPFl3sedhOZdOuuuuuu
                                                                      MD5:47E0EFA0D1F241B3DCAA7D3A0B290B81
                                                                      SHA1:B69C008681ED1A8320255C387239659681CD3168
                                                                      SHA-256:4913B21973817B3504E09B769850628A63CD8E2D43A52A16907D6B8C7A36CD12
                                                                      SHA-512:BE69A59925C43C3A3DFBA49B343DD3885BB720D700ABB967CAD505E57A06A57D619E47FA143427BCBE1B95921CB378FE358E7CDD097F8511165FEDF81C5EEF4D
                                                                      Malicious:false
                                                                      Preview:A..r.................20_1_1...1.,U.................20_1_1...1....0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):16
                                                                      Entropy (8bit):3.2743974703476995
                                                                      Encrypted:false
                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                      Malicious:false
                                                                      Preview:MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):281
                                                                      Entropy (8bit):5.195319457199925
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2XW+M1wkn23oH+Tcwtfrl2KLll2X5HMNSVq2Pwkn23oH+TcwtfrK+IFUv:P2G+rfYeb1Ln2JHMNOvYfYeb23FUv
                                                                      MD5:566415811E7C3C87DB3F2022E448072A
                                                                      SHA1:C47539390E09CA8379EC54E7719CC15244AF13BC
                                                                      SHA-256:DA054AB2C9B84E315F98968814F55B4C3A917471D097A493789D33001F940061
                                                                      SHA-512:3204AB67EE4981E37B36984D7F620F19DBBA9A51A09A968D6E3FA29388D5283FB601789C4840C6C276BAABA22ADEFEB52EA8A37A738E5BA6DFD68D88A3FC3EBD
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:29:00.757 10f4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2024/09/05-22:29:01.028 10f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:OpenPGP Secret Key
                                                                      Category:dropped
                                                                      Size (bytes):41
                                                                      Entropy (8bit):4.704993772857998
                                                                      Encrypted:false
                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                      Malicious:false
                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):16
                                                                      Entropy (8bit):3.2743974703476995
                                                                      Encrypted:false
                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                      Malicious:false
                                                                      Preview:MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):617
                                                                      Entropy (8bit):3.9357594062751415
                                                                      Encrypted:false
                                                                      SSDEEP:12:G0nYUtegetU3p/Uz0RuWlJhC+lvBavRtin01zv0:G0nYUteu3RUovhC+lvBOL0
                                                                      MD5:F92B1772933BEFBDD45935AF16DF0BB6
                                                                      SHA1:234A775CD7ABD7D5E8C5001D713840C70EA72DE5
                                                                      SHA-256:06F489DF91A06096A4BD4C2D0C8E321AD982F1147C4C0033FE90B8A2A3D252F0
                                                                      SHA-512:58FD0B7654A12FBC7AB05A71C363B441F6170A904C3DACDC591C700D8C354995215BC5B289B3572A65C159D4BD85810028F4624F636057CD4E9497094E5DB6E5
                                                                      Malicious:false
                                                                      Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_......-.t.................21_......'..................33_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.....

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):16
                                                                      Entropy (8bit):3.2743974703476995
                                                                      Encrypted:false
                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                      Malicious:false
                                                                      Preview:MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):299
                                                                      Entropy (8bit):5.162929160936172
                                                                      Encrypted:false
                                                                      SSDEEP:6:P2X+DSM1wkn23oH+Tcwtfrzs52KLll2XoVVq2Pwkn23oH+TcwtfrzAdIFUv:P2MSrfYebs9Ln28vYfYeb9FUv
                                                                      MD5:2C0D29B5B088515608A8CCD824CD30BE
                                                                      SHA1:3766DEE353390764E0125A8F1EA45AE801EB1285
                                                                      SHA-256:D5C89296B837F46F7630E87657FE6CC10EA9A1E5C1095201D6FCEE6BA1F5FF62
                                                                      SHA-512:26394996D763AA96E771F5100EAAA8C67F3B946535E538FC08A05B97E8DB9F1407AAD3E096A28DD47630D90559E0AB9424B1093AF9CA10B4E481CB327D6BE9FE
                                                                      Malicious:false
                                                                      Preview:2024/09/05-22:29:00.735 10f4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2024/09/05-22:29:00.754 10f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:OpenPGP Secret Key
                                                                      Category:dropped
                                                                      Size (bytes):41
                                                                      Entropy (8bit):4.704993772857998
                                                                      Encrypted:false
                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                      Malicious:false
                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.01057775872642915
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsFl:/F
                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                      Malicious:false
                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):270336
                                                                      Entropy (8bit):8.280239615765425E-4
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.011852361981932763
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsHlDll:/H
                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.012340643231932763
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsGl3ll:/y
                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                      Category:dropped
                                                                      Size (bytes):262512
                                                                      Entropy (8bit):8.81240594570408E-4
                                                                      Encrypted:false
                                                                      SSDEEP:3:LsNlPK/t:Ls3y1
                                                                      MD5:347185B0466D6693C8CBAB8005DE22BE
                                                                      SHA1:BAA84E46680000FAF7C2D482A9296D5CA056D5D1
                                                                      SHA-256:A9037EAC09F5CB6C23E65AC492B0D7558C19A4DF72B07CE8BB56A32A5DCB153B
                                                                      SHA-512:FDFF7626C4449F2A229E2A64780F0D3C3D0CC7B8480AA1796DDBE74F8D104A8FBE99DF2E2566A4793C59816F7B65ED1FDC685966FDBA827CDA8354405C6082D9
                                                                      Malicious:false
                                                                      Preview:........................................4 .t../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.01057775872642915
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsFl:/F
                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                      Malicious:false
                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):270336
                                                                      Entropy (8bit):8.280239615765425E-4
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.011852361981932763
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsHlDll:/H
                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.012340643231932763
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsGl3ll:/y
                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                      Category:dropped
                                                                      Size (bytes):262512
                                                                      Entropy (8bit):8.81240594570408E-4
                                                                      Encrypted:false
                                                                      SSDEEP:3:LsNlct:Ls30
                                                                      MD5:9894F5DE6BEBF3531CAAF69DC298D49A
                                                                      SHA1:C4D4358189F78FF229AFECBBEFBDB0EA2C29AAF4
                                                                      SHA-256:10C4A570F4B0CE3B66D1DBE26558FF8704D845AC1A4B560A5B31612D535949A8
                                                                      SHA-512:FAA938DAB605342879181920EE49CD8D55E3C01896E0DDBAA6967C39EA54033CC8D2EB0BCFF87CF3656961948BC329279EC73C9CAAB1648B00D5CE808BB30F5D
                                                                      Malicious:false
                                                                      Preview:........................................z..t../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):120
                                                                      Entropy (8bit):3.32524464792714
                                                                      Encrypted:false
                                                                      SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                      MD5:A397E5983D4A1619E36143B4D804B870
                                                                      SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                      SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                      SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                      Malicious:false
                                                                      Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):13
                                                                      Entropy (8bit):2.7192945256669794
                                                                      Encrypted:false
                                                                      SSDEEP:3:NYLFRQI:ap2I
                                                                      MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                      SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                      SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                      SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                      Malicious:false
                                                                      Preview:117.0.2045.47

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):6820
                                                                      Entropy (8bit):5.793353751483867
                                                                      Encrypted:false
                                                                      SSDEEP:96:iaqkHfkmhS5ih/cI9URLl8RotoyMFVvlwh0e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aksmhLeiRUxhE6qRAq1k8SPxVLZ7VTiq
                                                                      MD5:A514E49159AAE850D01A700B180774C5
                                                                      SHA1:91D0D6FBE61D84B026FD7FDA0D8202AA3B1E0182
                                                                      SHA-256:ED5366A99D44CAA4331CF1D2153CD9BC24D7331C7335E1B91040F70DDDE4D979
                                                                      SHA-512:7EB9162CC3DC6939A3826BB17202AD87034CAD0CF0CABC2BD640DFEC65C5384EC8151FB46A6D57E9430F39FD72640B5898E5871EB952708A3418E1D652BCC5BF
                                                                      Malicious:false
                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADcaPLWgmEtRr6ipqWLnyq+EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABJRRVYpHN/FB/cSVMMkFln8vWeKcYvQYDWlpouHEFo1QAAAAA

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2892b.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):6820
                                                                      Entropy (8bit):5.793353751483867
                                                                      Encrypted:false
                                                                      SSDEEP:96:iaqkHfkmhS5ih/cI9URLl8RotoyMFVvlwh0e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aksmhLeiRUxhE6qRAq1k8SPxVLZ7VTiq
                                                                      MD5:A514E49159AAE850D01A700B180774C5
                                                                      SHA1:91D0D6FBE61D84B026FD7FDA0D8202AA3B1E0182
                                                                      SHA-256:ED5366A99D44CAA4331CF1D2153CD9BC24D7331C7335E1B91040F70DDDE4D979
                                                                      SHA-512:7EB9162CC3DC6939A3826BB17202AD87034CAD0CF0CABC2BD640DFEC65C5384EC8151FB46A6D57E9430F39FD72640B5898E5871EB952708A3418E1D652BCC5BF
                                                                      Malicious:false
                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADcaPLWgmEtRr6ipqWLnyq+EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABJRRVYpHN/FB/cSVMMkFln8vWeKcYvQYDWlpouHEFo1QAAAAA

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28ec9.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):6820
                                                                      Entropy (8bit):5.793353751483867
                                                                      Encrypted:false
                                                                      SSDEEP:96:iaqkHfkmhS5ih/cI9URLl8RotoyMFVvlwh0e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aksmhLeiRUxhE6qRAq1k8SPxVLZ7VTiq
                                                                      MD5:A514E49159AAE850D01A700B180774C5
                                                                      SHA1:91D0D6FBE61D84B026FD7FDA0D8202AA3B1E0182
                                                                      SHA-256:ED5366A99D44CAA4331CF1D2153CD9BC24D7331C7335E1B91040F70DDDE4D979
                                                                      SHA-512:7EB9162CC3DC6939A3826BB17202AD87034CAD0CF0CABC2BD640DFEC65C5384EC8151FB46A6D57E9430F39FD72640B5898E5871EB952708A3418E1D652BCC5BF
                                                                      Malicious:false
                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADcaPLWgmEtRr6ipqWLnyq+EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABJRRVYpHN/FB/cSVMMkFln8vWeKcYvQYDWlpouHEFo1QAAAAA

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28ee8.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):6820
                                                                      Entropy (8bit):5.793353751483867
                                                                      Encrypted:false
                                                                      SSDEEP:96:iaqkHfkmhS5ih/cI9URLl8RotoyMFVvlwh0e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aksmhLeiRUxhE6qRAq1k8SPxVLZ7VTiq
                                                                      MD5:A514E49159AAE850D01A700B180774C5
                                                                      SHA1:91D0D6FBE61D84B026FD7FDA0D8202AA3B1E0182
                                                                      SHA-256:ED5366A99D44CAA4331CF1D2153CD9BC24D7331C7335E1B91040F70DDDE4D979
                                                                      SHA-512:7EB9162CC3DC6939A3826BB17202AD87034CAD0CF0CABC2BD640DFEC65C5384EC8151FB46A6D57E9430F39FD72640B5898E5871EB952708A3418E1D652BCC5BF
                                                                      Malicious:false
                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADcaPLWgmEtRr6ipqWLnyq+EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABJRRVYpHN/FB/cSVMMkFln8vWeKcYvQYDWlpouHEFo1QAAAAA

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b481.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):6820
                                                                      Entropy (8bit):5.793353751483867
                                                                      Encrypted:false
                                                                      SSDEEP:96:iaqkHfkmhS5ih/cI9URLl8RotoyMFVvlwh0e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aksmhLeiRUxhE6qRAq1k8SPxVLZ7VTiq
                                                                      MD5:A514E49159AAE850D01A700B180774C5
                                                                      SHA1:91D0D6FBE61D84B026FD7FDA0D8202AA3B1E0182
                                                                      SHA-256:ED5366A99D44CAA4331CF1D2153CD9BC24D7331C7335E1B91040F70DDDE4D979
                                                                      SHA-512:7EB9162CC3DC6939A3826BB17202AD87034CAD0CF0CABC2BD640DFEC65C5384EC8151FB46A6D57E9430F39FD72640B5898E5871EB952708A3418E1D652BCC5BF
                                                                      Malicious:false
                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADcaPLWgmEtRr6ipqWLnyq+EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABJRRVYpHN/FB/cSVMMkFln8vWeKcYvQYDWlpouHEFo1QAAAAA

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d2e6.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):6820
                                                                      Entropy (8bit):5.793353751483867
                                                                      Encrypted:false
                                                                      SSDEEP:96:iaqkHfkmhS5ih/cI9URLl8RotoyMFVvlwh0e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aksmhLeiRUxhE6qRAq1k8SPxVLZ7VTiq
                                                                      MD5:A514E49159AAE850D01A700B180774C5
                                                                      SHA1:91D0D6FBE61D84B026FD7FDA0D8202AA3B1E0182
                                                                      SHA-256:ED5366A99D44CAA4331CF1D2153CD9BC24D7331C7335E1B91040F70DDDE4D979
                                                                      SHA-512:7EB9162CC3DC6939A3826BB17202AD87034CAD0CF0CABC2BD640DFEC65C5384EC8151FB46A6D57E9430F39FD72640B5898E5871EB952708A3418E1D652BCC5BF
                                                                      Malicious:false
                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADcaPLWgmEtRr6ipqWLnyq+EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABJRRVYpHN/FB/cSVMMkFln8vWeKcYvQYDWlpouHEFo1QAAAAA

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d325.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):6820
                                                                      Entropy (8bit):5.793353751483867
                                                                      Encrypted:false
                                                                      SSDEEP:96:iaqkHfkmhS5ih/cI9URLl8RotoyMFVvlwh0e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aksmhLeiRUxhE6qRAq1k8SPxVLZ7VTiq
                                                                      MD5:A514E49159AAE850D01A700B180774C5
                                                                      SHA1:91D0D6FBE61D84B026FD7FDA0D8202AA3B1E0182
                                                                      SHA-256:ED5366A99D44CAA4331CF1D2153CD9BC24D7331C7335E1B91040F70DDDE4D979
                                                                      SHA-512:7EB9162CC3DC6939A3826BB17202AD87034CAD0CF0CABC2BD640DFEC65C5384EC8151FB46A6D57E9430F39FD72640B5898E5871EB952708A3418E1D652BCC5BF
                                                                      Malicious:false
                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADcaPLWgmEtRr6ipqWLnyq+EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABJRRVYpHN/FB/cSVMMkFln8vWeKcYvQYDWlpouHEFo1QAAAAA

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f39d.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):6820
                                                                      Entropy (8bit):5.793353751483867
                                                                      Encrypted:false
                                                                      SSDEEP:96:iaqkHfkmhS5ih/cI9URLl8RotoyMFVvlwh0e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aksmhLeiRUxhE6qRAq1k8SPxVLZ7VTiq
                                                                      MD5:A514E49159AAE850D01A700B180774C5
                                                                      SHA1:91D0D6FBE61D84B026FD7FDA0D8202AA3B1E0182
                                                                      SHA-256:ED5366A99D44CAA4331CF1D2153CD9BC24D7331C7335E1B91040F70DDDE4D979
                                                                      SHA-512:7EB9162CC3DC6939A3826BB17202AD87034CAD0CF0CABC2BD640DFEC65C5384EC8151FB46A6D57E9430F39FD72640B5898E5871EB952708A3418E1D652BCC5BF
                                                                      Malicious:false
                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADcaPLWgmEtRr6ipqWLnyq+EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABJRRVYpHN/FB/cSVMMkFln8vWeKcYvQYDWlpouHEFo1QAAAAA

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39d2b.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):6820
                                                                      Entropy (8bit):5.793353751483867
                                                                      Encrypted:false
                                                                      SSDEEP:96:iaqkHfkmhS5ih/cI9URLl8RotoyMFVvlwh0e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aksmhLeiRUxhE6qRAq1k8SPxVLZ7VTiq
                                                                      MD5:A514E49159AAE850D01A700B180774C5
                                                                      SHA1:91D0D6FBE61D84B026FD7FDA0D8202AA3B1E0182
                                                                      SHA-256:ED5366A99D44CAA4331CF1D2153CD9BC24D7331C7335E1B91040F70DDDE4D979
                                                                      SHA-512:7EB9162CC3DC6939A3826BB17202AD87034CAD0CF0CABC2BD640DFEC65C5384EC8151FB46A6D57E9430F39FD72640B5898E5871EB952708A3418E1D652BCC5BF
                                                                      Malicious:false
                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADcaPLWgmEtRr6ipqWLnyq+EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABJRRVYpHN/FB/cSVMMkFln8vWeKcYvQYDWlpouHEFo1QAAAAA

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c43b.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):6820
                                                                      Entropy (8bit):5.793353751483867
                                                                      Encrypted:false
                                                                      SSDEEP:96:iaqkHfkmhS5ih/cI9URLl8RotoyMFVvlwh0e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aksmhLeiRUxhE6qRAq1k8SPxVLZ7VTiq
                                                                      MD5:A514E49159AAE850D01A700B180774C5
                                                                      SHA1:91D0D6FBE61D84B026FD7FDA0D8202AA3B1E0182
                                                                      SHA-256:ED5366A99D44CAA4331CF1D2153CD9BC24D7331C7335E1B91040F70DDDE4D979
                                                                      SHA-512:7EB9162CC3DC6939A3826BB17202AD87034CAD0CF0CABC2BD640DFEC65C5384EC8151FB46A6D57E9430F39FD72640B5898E5871EB952708A3418E1D652BCC5BF
                                                                      Malicious:false
                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADcaPLWgmEtRr6ipqWLnyq+EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABJRRVYpHN/FB/cSVMMkFln8vWeKcYvQYDWlpouHEFo1QAAAAA

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3fe27.TMP (copy)

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):6820
                                                                      Entropy (8bit):5.793353751483867
                                                                      Encrypted:false
                                                                      SSDEEP:96:iaqkHfkmhS5ih/cI9URLl8RotoyMFVvlwh0e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aksmhLeiRUxhE6qRAq1k8SPxVLZ7VTiq
                                                                      MD5:A514E49159AAE850D01A700B180774C5
                                                                      SHA1:91D0D6FBE61D84B026FD7FDA0D8202AA3B1E0182
                                                                      SHA-256:ED5366A99D44CAA4331CF1D2153CD9BC24D7331C7335E1B91040F70DDDE4D979
                                                                      SHA-512:7EB9162CC3DC6939A3826BB17202AD87034CAD0CF0CABC2BD640DFEC65C5384EC8151FB46A6D57E9430F39FD72640B5898E5871EB952708A3418E1D652BCC5BF
                                                                      Malicious:false
                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADcaPLWgmEtRr6ipqWLnyq+EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABJRRVYpHN/FB/cSVMMkFln8vWeKcYvQYDWlpouHEFo1QAAAAA

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                      Category:dropped
                                                                      Size (bytes):20480
                                                                      Entropy (8bit):0.5963118027796015
                                                                      Encrypted:false
                                                                      SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                                                      MD5:48A6A0713B06707BC2FE9A0F381748D3
                                                                      SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                                                      SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                                                      SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.01057775872642915
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsFl:/F
                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                      Malicious:false
                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):270336
                                                                      Entropy (8bit):8.280239615765425E-4
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.011852361981932763
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsHlDll:/H
                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:modified
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.012340643231932763
                                                                      Encrypted:false
                                                                      SSDEEP:3:MsGl3ll:/y
                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                      Category:dropped
                                                                      Size (bytes):262512
                                                                      Entropy (8bit):8.81240594570408E-4
                                                                      Encrypted:false
                                                                      SSDEEP:3:LsNlH/u/:Ls3fu/
                                                                      MD5:42D8796BD4748013C09ADEFD5A6BB54A
                                                                      SHA1:872B6F9EDAB88DA0568FB9FB38428722AA1C2293
                                                                      SHA-256:19005B0504B893371E6C4FC9D11700750A1B6D470359FCC137FFF53EF9AD0158
                                                                      SHA-512:19CF551C11AD3A83600F8BC001CF6CA1009F988BDAFD5933240335CB4A80E44D7CD0F80EAA1F740F44209CE34C5F78B05837FA3675F26F337474772D4777925F
                                                                      Malicious:false
                                                                      Preview:...........................................s../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):47
                                                                      Entropy (8bit):4.3818353308528755
                                                                      Encrypted:false
                                                                      SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                      MD5:48324111147DECC23AC222A361873FC5
                                                                      SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                      SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                      SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                      Malicious:false
                                                                      Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):35
                                                                      Entropy (8bit):4.014438730983427
                                                                      Encrypted:false
                                                                      SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                      MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                      SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                      SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                      SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                      Malicious:false
                                                                      Preview:{"forceServiceDetermination":false}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):29
                                                                      Entropy (8bit):3.922828737239167
                                                                      Encrypted:false
                                                                      SSDEEP:3:2NGw+K+:fwZ+
                                                                      MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                      SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                      SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                      SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                      Malicious:false
                                                                      Preview:customSynchronousLookupUris_0

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):35302
                                                                      Entropy (8bit):7.99333285466604
                                                                      Encrypted:true
                                                                      SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                      MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                      SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                      SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                      SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                      Malicious:false
                                                                      Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):18
                                                                      Entropy (8bit):3.5724312513221195
                                                                      Encrypted:false
                                                                      SSDEEP:3:kDnaV6bVon:kDYa2
                                                                      MD5:5692162977B015E31D5F35F50EFAB9CF
                                                                      SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                                                      SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                                                      SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                                                      Malicious:false
                                                                      Preview:edgeSettings_2.0-0

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):3581
                                                                      Entropy (8bit):4.459693941095613
                                                                      Encrypted:false
                                                                      SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                      MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                      SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                      SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                      SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                      Malicious:false
                                                                      Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):47
                                                                      Entropy (8bit):4.493433469104717
                                                                      Encrypted:false
                                                                      SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                                                      MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                                      SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                                      SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                                      SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                                      Malicious:false
                                                                      Preview:synchronousLookupUris_636976985063396749.rel.v2

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):35302
                                                                      Entropy (8bit):7.99333285466604
                                                                      Encrypted:true
                                                                      SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                      MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                      SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                      SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                      SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                      Malicious:false
                                                                      Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):50
                                                                      Entropy (8bit):3.9904355005135823
                                                                      Encrypted:false
                                                                      SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                      MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                      SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                      SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                      SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                      Malicious:false
                                                                      Preview:topTraffic_170540185939602997400506234197983529371

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):575056
                                                                      Entropy (8bit):7.999649474060713
                                                                      Encrypted:true
                                                                      SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                      MD5:BE5D1A12C1644421F877787F8E76642D
                                                                      SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                      SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                      SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                      Malicious:false
                                                                      Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):86
                                                                      Entropy (8bit):4.389669793590032
                                                                      Encrypted:false
                                                                      SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQOn:YQ3Kq9X0dMgAEiLIMn
                                                                      MD5:03B6D5E81A4DC4D4E6C27BE1E932B9D9
                                                                      SHA1:3C5EF0615314BDB136AB57C90359F1839BDD5C93
                                                                      SHA-256:73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
                                                                      SHA-512:0037EB23CCDBDDE93CFEB7B9A223D59D0872D4EC7F5E3CA4F7767A7301E96E1AF1175980DC4F08531D5571AFB94DF789567588DEB2D6D611C57EE4CC05376547
                                                                      Malicious:false
                                                                      Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":15}

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d2e25cc3-a782-4b91-ac85-7a966bb1fc48.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):22924
                                                                      Entropy (8bit):6.046993366823012
                                                                      Encrypted:false
                                                                      SSDEEP:384:WtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhQgkQpeEySDTx5JkjrKyqOb:aMGQ7FCYXGIgtDAWtJ4n1+gppeEyS3xk
                                                                      MD5:99441E037E14CDC375C9775E8B02DD27
                                                                      SHA1:F7E1E71E9721118D064747C6F30E05B1E8100DAB
                                                                      SHA-256:5CA7C5967BA464B41CFD0185BEE72B95002715BF9CBF486720D1AA1BB31D8CEB
                                                                      SHA-512:40996D35D7D7CF76ECA5A1F1F2D56FA34FF3F43E7B889F16A6BE863DD9A3F3BF7850DC8D41942C736D162602D1E716596A15D7FDB9A2B743C91E7B350B2B618E
                                                                      Malicious:false
                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370063340889487","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e21f6ebe-fbdb-4113-9518-ad7472996e76.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):23966
                                                                      Entropy (8bit):6.0501563661271875
                                                                      Encrypted:false
                                                                      SSDEEP:384:WtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhQgkQErIDHEEQSDTx5JkjrKyqO6:aMGQ7FCYXGIgtDAWtJ4n1+gpEAHEEQSd
                                                                      MD5:B5F3B7C9560168DB13EF531C0B521B02
                                                                      SHA1:397C0B1F0E281BCE8FC8D11ED6DDAAFD84C84257
                                                                      SHA-256:FD43C503BC4FCBFC1B0FE6B9C85A86683FBB681B123A59AC9F60625A36595ACD
                                                                      SHA-512:F18F27E34775639D3989007CA9C3DFA3898C8D6F07C76D18219187A31DC3010293148D05503EC773EF0F9AC3E22A42BDF9D502A632632083F0244E3616CF2324
                                                                      Malicious:false
                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370063340889487","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f613e7c9-4e47-4b27-9e13-2b7b9c63f2b7.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):25052
                                                                      Entropy (8bit):6.0315483906541205
                                                                      Encrypted:false
                                                                      SSDEEP:768:aMGQ7FCYXGIgtDAWtJ4P1+gpAqiLMDU8eEyS3xXNq:aMGQ5XMBk1ZUMXNq
                                                                      MD5:A73FE8DF96A62E5D7A9633C811A2770C
                                                                      SHA1:B95DB334B98A2C471D9915C0DE3854E657416228
                                                                      SHA-256:B872D3C0816BA96D013ADCFB632DDD0A519D276C6A0BC34043FC557C81B73C4D
                                                                      SHA-512:E20E6F1728283FB117685E492BE2BB4A2CF7EDD1A7CAA09D049414058ACED6701E7F29BC496A1A0B2D6361400C175C5DF1C42EF1237B7C5C894481AA484AD7CA
                                                                      Malicious:false
                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370063340889487","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):2278
                                                                      Entropy (8bit):3.831681970442939
                                                                      Encrypted:false
                                                                      SSDEEP:48:uiTrlKxrgxVxl9Il8u8JEzSxyEXIMrb9YxEGaMAQzd1rc:mwYaE/UIMr549U
                                                                      MD5:22AD57FDCCC31ED486A8CE60891EE1E4
                                                                      SHA1:4156C4ED20941A721C980FBBE34CC71E19336FA5
                                                                      SHA-256:D3E1B09493AA7BFFF474F5EF31381E1C0D3455AB855AD55147B432382D7291C5
                                                                      SHA-512:9CB552FCBBFB965D6C802DB300F76C3742F4A3D01EB7168FCC57ED247D0489AAA5883131072F9A943838FD1156C622D513C5E49A436E774EF4DD2DFACA457064
                                                                      Malicious:false
                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.0.7.A.w.A.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.3.G.j.y.1.o.

                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):4622
                                                                      Entropy (8bit):3.9930271014018084
                                                                      Encrypted:false
                                                                      SSDEEP:48:uiTrlKxExOLxD9Il8u88I0Nql7oWDkorhy0eEZiBmEuQQQx03iMWmtu+UqUUAw68:aZYa8I0+a104YfyVmzUHUAjGz5JFh
                                                                      MD5:5ADDD40CF9399911AED118E2524E283B
                                                                      SHA1:60AC4B477782D0ABC2F1C5BF214A690D2F9CBDF7
                                                                      SHA-256:59D2A81CEE1BF38D05E87BCB2E7E19DBBE54FCD2E25BFC4D9FE29375F5991566
                                                                      SHA-512:4B3E92A0DF7366DFD3AD02FB726FA7AE4858A0A2F4BACC2C33A9FD6BFCB07A410C4E5F21B77F6076D3ECE040C3E582C865B50ED8495EE7185390F4E70C4960E0
                                                                      Malicious:false
                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".n.W.t.d.0.g.Q.A.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.3.G.j.y.1.o.

                                                                      C:\Users\user\AppData\Local\Temp\005371bf-c30c-4968-af21-dda28d99f081.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                      Category:dropped
                                                                      Size (bytes):206855
                                                                      Entropy (8bit):7.983996634657522
                                                                      Encrypted:false
                                                                      SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                      MD5:788DF0376CE061534448AA17288FEA95
                                                                      SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                      SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                      SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                      Malicious:false
                                                                      Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                      C:\Users\user\AppData\Local\Temp\04ac2039-2e39-4568-971a-d5344de2afdb.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 695599
                                                                      Category:dropped
                                                                      Size (bytes):530155
                                                                      Entropy (8bit):7.998052069279837
                                                                      Encrypted:true
                                                                      SSDEEP:12288:UfdcGDwmyu0bCD7gQ7zfAegwBbL1DjoUVMf+xVmY6ChWH1:UVAmx13vvBbxjoG2+xVmYbK
                                                                      MD5:94272B956CE605582036FBB1FD2C6F6B
                                                                      SHA1:BFA71C982C975EF81EA46F8F269D7157EEE3A45F
                                                                      SHA-256:56AA6D1F6B57EB76F4C69A82E364C126DAAFB2CF51DB21309B01ECEB56076266
                                                                      SHA-512:26754E48C97BB974D072A862BB1EE10626144598C7E35869F38884D208C0E30F95F07BAC9B0C882EA87FF77316B082228374405F518B387C006B8A42F5878FC7
                                                                      Malicious:false
                                                                      Preview:............o.6.........I....d[.z.6l.=...dIV...q..0...Iyk.C..8.R...v\7.....u..'..r...=.w..W.}..V_....W7......~..........<..f.-.O...l....a.../....l.m.e..kv.Y.n...~......}...ww..uSt.U..o.O...G..4w..|...........]]..y../..W.n...........".y..WB.2*C.7..W.4.....M...I..\&.($...."'....Y.e..o.7y.K.......oZ2.?..qW.O.$.............<.kV`2)G..%,...2.."Q..M.....}g.M`qa.x.Z_....N"......~.~.....;..4.....XEX...B0.Q=.'...z.,.|.>.5..W.6..$\RaT.&.m.%.b.2.....5#[..\...z.j.j|......~RN....@p.C.1.j.}..}..Z..Co'.i.%.TZ...O=%.`.J+............Y|.....mp.6...;v...l?...!..?"Q....a....'.8...)..)7..N...B.8...Yj.?..........V../...g....C..i.....IN...P..P.@.....N..u/...FJ.A<N<..gD. #..6....N.F.....C......4..........?R@.K../-%..P...|.././.o..?#K......%..=.8;........J..............6"..2.........jI....A..W.3......[.....$...>.%iJ..g..A...._....B.>.r...G.5.....$.P[.....J..r.y.4.KE.Lj/)i".w..Ig./.k?.....l../Z.f......"|%.-..T.....).l."Q..j*>%..E.J6...l...^.f.=`%./.l......7$D

                                                                      C:\Users\user\AppData\Local\Temp\0f85c088-a439-4709-a3b5-e6970785b862.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:very short file (no magic)
                                                                      Category:dropped
                                                                      Size (bytes):1
                                                                      Entropy (8bit):0.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:L:L
                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                      Malicious:false
                                                                      Preview:.

                                                                      C:\Users\user\AppData\Local\Temp\4f56fb55-a190-40ff-9b6e-8b2b25b8c3ae.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:very short file (no magic)
                                                                      Category:dropped
                                                                      Size (bytes):1
                                                                      Entropy (8bit):0.0
                                                                      Encrypted:false
                                                                      SSDEEP:3:L:L
                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                      Malicious:false
                                                                      Preview:.

                                                                      C:\Users\user\AppData\Local\Temp\79e4f584-66b6-46cf-83f9-52390069a8a4.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:Google Chrome extension, version 3
                                                                      Category:dropped
                                                                      Size (bytes):11185
                                                                      Entropy (8bit):7.951995436832936
                                                                      Encrypted:false
                                                                      SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                      MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                      SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                      SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                      SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                      Malicious:false
                                                                      Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                      C:\Users\user\AppData\Local\Temp\9be667d7-1539-4c40-bf44-5a10a8dc8b9d.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902
                                                                      Category:dropped
                                                                      Size (bytes):76319
                                                                      Entropy (8bit):7.996132588300074
                                                                      Encrypted:true
                                                                      SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6w6DLZ8:GdS8scZNzFrMa4M+lK5/nEDd8
                                                                      MD5:24439F0E82F6A60E541FB2697F02043F
                                                                      SHA1:E3FAA84B0ED8CDD2268D53A0ECC6F3134D5EBD8F
                                                                      SHA-256:B24DD5C374F8BB381A48605D183B6590245EE802C65F643632A3BE9BB1F313C5
                                                                      SHA-512:8FD794657A9F80FDBC2350DC26A2C82DFD82266B934A4472B3319FDB870841C832137D4F5CE41D518859B8B1DA63031C6B7E750D301F87D6ECA45B958B147FCD
                                                                      Malicious:false
                                                                      Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                      C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):353
                                                                      Entropy (8bit):5.344344152055427
                                                                      Encrypted:false
                                                                      SSDEEP:6:YEb9zqvous9pL56s/ub9TPLi4QJjDrwv/ub9dZ+56s/C:Y2zUps9pL56s/0/i40Dkv/0S56s/C
                                                                      MD5:1DD46F067763F42410421857AB257B93
                                                                      SHA1:CDB17460CA118F389E8A9F1C8D669DD58B403BEA
                                                                      SHA-256:2657D2BE380B67D1123C6B9D846E4D7E76A2BC389BADDA1B7A6BA2A5FF730F78
                                                                      SHA-512:C9BC1EC9450F722685C16C52649D6D718754B5A4DB6A1D3CC2A208C45AED4D55993625361890B315F76A5796C6C540E6F38DBF91674F983DC95BD9087E8E96B3
                                                                      Malicious:false
                                                                      Preview:{"logTime": "0906/022907", "correlationVector":"4l+db9jfJjNAhYC0pww2bv","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "0906/022907", "correlationVector":"3BB5F9D9D37A4F0D859998296AD215D0","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "0906/022907", "correlationVector":"hTbIEGYFFur6PbAV4JOVir","action":"EXTENSION_UPDATER", "result":""}.

                                                                      C:\Users\user\AppData\Local\Temp\d1428e12-6bf8-48b3-8b23-203c2c4ca26e.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:Google Chrome extension, version 3
                                                                      Category:dropped
                                                                      Size (bytes):135751
                                                                      Entropy (8bit):7.804610863392373
                                                                      Encrypted:false
                                                                      SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                      MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                      SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                      SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                      SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                      Malicious:false
                                                                      Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                      C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                      Category:dropped
                                                                      Size (bytes):32768
                                                                      Entropy (8bit):0.4593089050301797
                                                                      Encrypted:false
                                                                      SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                      MD5:D910AD167F0217587501FDCDB33CC544
                                                                      SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                      SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                      SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                      Malicious:false
                                                                      Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\128.png

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                      Category:dropped
                                                                      Size (bytes):4982
                                                                      Entropy (8bit):7.929761711048726
                                                                      Encrypted:false
                                                                      SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                      MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                      SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                      SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                      SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                      Malicious:false
                                                                      Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\af\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):908
                                                                      Entropy (8bit):4.512512697156616
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                      MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                      SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                      SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                      SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\am\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1285
                                                                      Entropy (8bit):4.702209356847184
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                      MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                      SHA1:58979859B28513608626B563138097DC19236F1F
                                                                      SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                      SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\ar\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1244
                                                                      Entropy (8bit):4.5533961615623735
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                      MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                      SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                      SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                      SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\az\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):977
                                                                      Entropy (8bit):4.867640976960053
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                      MD5:9A798FD298008074E59ECC253E2F2933
                                                                      SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                      SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                      SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\be\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):3107
                                                                      Entropy (8bit):3.535189746470889
                                                                      Encrypted:false
                                                                      SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                      MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                      SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                      SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                      SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                      Malicious:false
                                                                      Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\bg\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1389
                                                                      Entropy (8bit):4.561317517930672
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                      MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                      SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                      SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                      SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\bn\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1763
                                                                      Entropy (8bit):4.25392954144533
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                      MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                      SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                      SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                      SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\ca\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):930
                                                                      Entropy (8bit):4.569672473374877
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                      MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                      SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                      SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                      SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\cs\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):913
                                                                      Entropy (8bit):4.947221919047
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                      MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                      SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                      SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                      SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\cy\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):806
                                                                      Entropy (8bit):4.815663786215102
                                                                      Encrypted:false
                                                                      SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                      MD5:A86407C6F20818972B80B9384ACFBBED
                                                                      SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                      SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                      SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                      Malicious:false
                                                                      Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\da\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):883
                                                                      Entropy (8bit):4.5096240460083905
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                      MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                      SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                      SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                      SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\de\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1031
                                                                      Entropy (8bit):4.621865814402898
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                      MD5:D116453277CC860D196887CEC6432FFE
                                                                      SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                      SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                      SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\el\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1613
                                                                      Entropy (8bit):4.618182455684241
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                      MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                      SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                      SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                      SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\en\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):851
                                                                      Entropy (8bit):4.4858053753176526
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\en_CA\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):851
                                                                      Entropy (8bit):4.4858053753176526
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\en_GB\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):848
                                                                      Entropy (8bit):4.494568170878587
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                      MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                      SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                      SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                      SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\en_US\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1425
                                                                      Entropy (8bit):4.461560329690825
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                      MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                      SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                      SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                      SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                      Malicious:false
                                                                      Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\es\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):961
                                                                      Entropy (8bit):4.537633413451255
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                      MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                      SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                      SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                      SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\es_419\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):959
                                                                      Entropy (8bit):4.570019855018913
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                      MD5:535331F8FB98894877811B14994FEA9D
                                                                      SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                      SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                      SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\et\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):968
                                                                      Entropy (8bit):4.633956349931516
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                      MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                      SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                      SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                      SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\eu\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):838
                                                                      Entropy (8bit):4.4975520913636595
                                                                      Encrypted:false
                                                                      SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                      MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                      SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                      SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                      SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                      Malicious:false
                                                                      Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\fa\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1305
                                                                      Entropy (8bit):4.673517697192589
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                      MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                      SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                      SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                      SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\fi\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):911
                                                                      Entropy (8bit):4.6294343834070935
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                      MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                      SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                      SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                      SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\fil\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):939
                                                                      Entropy (8bit):4.451724169062555
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                      MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                      SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                      SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                      SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\fr\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):977
                                                                      Entropy (8bit):4.622066056638277
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                      MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                      SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                      SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                      SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):972
                                                                      Entropy (8bit):4.621319511196614
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                      MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                      SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                      SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                      SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\gl\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):990
                                                                      Entropy (8bit):4.497202347098541
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                      MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                      SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                      SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                      SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\gu\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1658
                                                                      Entropy (8bit):4.294833932445159
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                      MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                      SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                      SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                      SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\hi\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1672
                                                                      Entropy (8bit):4.314484457325167
                                                                      Encrypted:false
                                                                      SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                      MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                      SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                      SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                      SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\hr\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):935
                                                                      Entropy (8bit):4.6369398601609735
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                      MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                      SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                      SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                      SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\hu\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1065
                                                                      Entropy (8bit):4.816501737523951
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                      MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                      SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                      SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                      SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\hy\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2771
                                                                      Entropy (8bit):3.7629875118570055
                                                                      Encrypted:false
                                                                      SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                      MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                      SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                      SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                      SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                      Malicious:false
                                                                      Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\id\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):858
                                                                      Entropy (8bit):4.474411340525479
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                      MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                      SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                      SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                      SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\is\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):954
                                                                      Entropy (8bit):4.631887382471946
                                                                      Encrypted:false
                                                                      SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                                      MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                                      SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                                      SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                                      SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                                      Malicious:false
                                                                      Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\it\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):899
                                                                      Entropy (8bit):4.474743599345443
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                      MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                      SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                      SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                      SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\iw\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2230
                                                                      Entropy (8bit):3.8239097369647634
                                                                      Encrypted:false
                                                                      SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                      MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                      SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                      SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                      SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                      Malicious:false
                                                                      Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\ja\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1160
                                                                      Entropy (8bit):5.292894989863142
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                      MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                      SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                      SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                      SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\ka\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):3264
                                                                      Entropy (8bit):3.586016059431306
                                                                      Encrypted:false
                                                                      SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                      MD5:83F81D30913DC4344573D7A58BD20D85
                                                                      SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                      SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                      SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                      Malicious:false
                                                                      Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\kk\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):3235
                                                                      Entropy (8bit):3.6081439490236464
                                                                      Encrypted:false
                                                                      SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                      MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                      SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                      SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                      SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                      Malicious:false
                                                                      Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\km\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):3122
                                                                      Entropy (8bit):3.891443295908904
                                                                      Encrypted:false
                                                                      SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                      MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                      SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                      SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                      SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                      Malicious:false
                                                                      Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\kn\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1880
                                                                      Entropy (8bit):4.295185867329351
                                                                      Encrypted:false
                                                                      SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                                      MD5:8E16966E815C3C274EEB8492B1EA6648
                                                                      SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                                      SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                                      SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\ko\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1042
                                                                      Entropy (8bit):5.3945675025513955
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                      MD5:F3E59EEEB007144EA26306C20E04C292
                                                                      SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                      SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                      SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\lo\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2535
                                                                      Entropy (8bit):3.8479764584971368
                                                                      Encrypted:false
                                                                      SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                      MD5:E20D6C27840B406555E2F5091B118FC5
                                                                      SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                      SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                      SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                      Malicious:false
                                                                      Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\lt\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1028
                                                                      Entropy (8bit):4.797571191712988
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                      MD5:970544AB4622701FFDF66DC556847652
                                                                      SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                      SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                      SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\lv\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):994
                                                                      Entropy (8bit):4.700308832360794
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                      MD5:A568A58817375590007D1B8ABCAEBF82
                                                                      SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                      SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                      SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\ml\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2091
                                                                      Entropy (8bit):4.358252286391144
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                      MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                      SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                      SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                      SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\mn\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2778
                                                                      Entropy (8bit):3.595196082412897
                                                                      Encrypted:false
                                                                      SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                      MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                      SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                      SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                      SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                      Malicious:false
                                                                      Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\mr\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1719
                                                                      Entropy (8bit):4.287702203591075
                                                                      Encrypted:false
                                                                      SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                      MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                      SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                      SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                      SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\ms\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):936
                                                                      Entropy (8bit):4.457879437756106
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                      MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                      SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                      SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                      SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\my\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):3830
                                                                      Entropy (8bit):3.5483353063347587
                                                                      Encrypted:false
                                                                      SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                      MD5:342335A22F1886B8BC92008597326B24
                                                                      SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                      SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                      SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                      Malicious:false
                                                                      Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\ne\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1898
                                                                      Entropy (8bit):4.187050294267571
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                      MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                      SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                      SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                      SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\nl\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):914
                                                                      Entropy (8bit):4.513485418448461
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                      MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                      SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                      SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                      SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\no\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):878
                                                                      Entropy (8bit):4.4541485835627475
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                      MD5:A1744B0F53CCF889955B95108367F9C8
                                                                      SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                      SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                      SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\pa\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2766
                                                                      Entropy (8bit):3.839730779948262
                                                                      Encrypted:false
                                                                      SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                      MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                      SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                      SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                      SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                      Malicious:false
                                                                      Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\pl\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):978
                                                                      Entropy (8bit):4.879137540019932
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                      MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                      SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                      SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                      SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):907
                                                                      Entropy (8bit):4.599411354657937
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                      MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                      SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                      SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                      SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):914
                                                                      Entropy (8bit):4.604761241355716
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                      MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                      SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                      SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                      SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\ro\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):937
                                                                      Entropy (8bit):4.686555713975264
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                      MD5:BED8332AB788098D276B448EC2B33351
                                                                      SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                      SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                      SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\ru\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1337
                                                                      Entropy (8bit):4.69531415794894
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                      MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                      SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                      SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                      SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\si\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2846
                                                                      Entropy (8bit):3.7416822879702547
                                                                      Encrypted:false
                                                                      SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                      MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                      SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                      SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                      SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                      Malicious:false
                                                                      Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\sk\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):934
                                                                      Entropy (8bit):4.882122893545996
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                      MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                      SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                      SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                      SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\sl\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):963
                                                                      Entropy (8bit):4.6041913416245
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                      MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                      SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                      SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                      SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\sr\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1320
                                                                      Entropy (8bit):4.569671329405572
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                      MD5:7F5F8933D2D078618496C67526A2B066
                                                                      SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                      SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                      SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\sv\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):884
                                                                      Entropy (8bit):4.627108704340797
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                      MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                      SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                      SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                      SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\sw\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):980
                                                                      Entropy (8bit):4.50673686618174
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                      MD5:D0579209686889E079D87C23817EDDD5
                                                                      SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                      SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                      SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\ta\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1941
                                                                      Entropy (8bit):4.132139619026436
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                      MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                      SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                      SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                      SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\te\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1969
                                                                      Entropy (8bit):4.327258153043599
                                                                      Encrypted:false
                                                                      SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                      MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                      SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                      SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                      SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\th\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1674
                                                                      Entropy (8bit):4.343724179386811
                                                                      Encrypted:false
                                                                      SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                      MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                      SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                      SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                      SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\tr\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1063
                                                                      Entropy (8bit):4.853399816115876
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                      MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                      SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                      SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                      SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\uk\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1333
                                                                      Entropy (8bit):4.686760246306605
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                      MD5:970963C25C2CEF16BB6F60952E103105
                                                                      SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                      SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                      SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\ur\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1263
                                                                      Entropy (8bit):4.861856182762435
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                      MD5:8B4DF6A9281333341C939C244DDB7648
                                                                      SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                      SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                      SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\vi\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1074
                                                                      Entropy (8bit):5.062722522759407
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                      MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                      SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                      SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                      SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):879
                                                                      Entropy (8bit):5.7905809868505544
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                      MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                      SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                      SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                      SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1205
                                                                      Entropy (8bit):4.50367724745418
                                                                      Encrypted:false
                                                                      SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                      MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                      SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                      SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                      SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                      Malicious:false
                                                                      Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):843
                                                                      Entropy (8bit):5.76581227215314
                                                                      Encrypted:false
                                                                      SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                      MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                      SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                      SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                      SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                      Malicious:false
                                                                      Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_locales\zu\messages.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):912
                                                                      Entropy (8bit):4.65963951143349
                                                                      Encrypted:false
                                                                      SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                      MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                      SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                      SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                      SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                      Malicious:false
                                                                      Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\_metadata\verified_contents.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):11280
                                                                      Entropy (8bit):5.754230909218899
                                                                      Encrypted:false
                                                                      SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                                      MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                                      SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                                      SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                                      SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                                      Malicious:false
                                                                      Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\dasherSettingSchema.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):854
                                                                      Entropy (8bit):4.284628987131403
                                                                      Encrypted:false
                                                                      SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                      MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                      SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                      SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                      SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                      Malicious:false
                                                                      Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\manifest.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):2525
                                                                      Entropy (8bit):5.417689528134667
                                                                      Encrypted:false
                                                                      SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                                      MD5:10FF8E5B674311683D27CE1879384954
                                                                      SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                                      SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                                      SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                                      Malicious:false
                                                                      Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\offscreendocument.html

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:HTML document, ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):97
                                                                      Entropy (8bit):4.862433271815736
                                                                      Encrypted:false
                                                                      SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                      MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                      SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                      SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                      SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                      Malicious:false
                                                                      Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\offscreendocument_main.js

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text, with very long lines (4369)
                                                                      Category:dropped
                                                                      Size (bytes):95567
                                                                      Entropy (8bit):5.4016395763198135
                                                                      Encrypted:false
                                                                      SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                                      MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                                      SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                                      SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                                      SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                                      Malicious:false
                                                                      Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\page_embed_script.js

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):291
                                                                      Entropy (8bit):4.65176400421739
                                                                      Encrypted:false
                                                                      SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                      MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                      SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                      SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                      SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                      Malicious:false
                                                                      Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\CRX_INSTALL\service_worker_bin_prod.js

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:ASCII text, with very long lines (4369)
                                                                      Category:dropped
                                                                      Size (bytes):103988
                                                                      Entropy (8bit):5.389407461078688
                                                                      Encrypted:false
                                                                      SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                                      MD5:EA946F110850F17E637B15CF22B82837
                                                                      SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                                      SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                                      SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                                      Malicious:false
                                                                      Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1574420711\d1428e12-6bf8-48b3-8b23-203c2c4ca26e.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:Google Chrome extension, version 3
                                                                      Category:dropped
                                                                      Size (bytes):135751
                                                                      Entropy (8bit):7.804610863392373
                                                                      Encrypted:false
                                                                      SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                      MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                      SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                      SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                      SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                      Malicious:false
                                                                      Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1704894893\79e4f584-66b6-46cf-83f9-52390069a8a4.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:Google Chrome extension, version 3
                                                                      Category:dropped
                                                                      Size (bytes):11185
                                                                      Entropy (8bit):7.951995436832936
                                                                      Encrypted:false
                                                                      SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                      MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                      SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                      SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                      SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                      Malicious:false
                                                                      Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1704894893\CRX_INSTALL\_metadata\verified_contents.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):1753
                                                                      Entropy (8bit):5.8889033066924155
                                                                      Encrypted:false
                                                                      SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                      MD5:738E757B92939B24CDBBD0EFC2601315
                                                                      SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                      SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                      SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                      Malicious:false
                                                                      Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1704894893\CRX_INSTALL\content.js

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):9815
                                                                      Entropy (8bit):6.1716321262973315
                                                                      Encrypted:false
                                                                      SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                      MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                      SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                      SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                      SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                      Malicious:false
                                                                      Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1704894893\CRX_INSTALL\content_new.js

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):10388
                                                                      Entropy (8bit):6.174387413738973
                                                                      Encrypted:false
                                                                      SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                      MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                      SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                      SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                      SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                      Malicious:false
                                                                      Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir8040_1704894893\CRX_INSTALL\manifest.json

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):962
                                                                      Entropy (8bit):5.698567446030411
                                                                      Encrypted:false
                                                                      SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                      MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                      SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                      SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                      SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                      Malicious:false
                                                                      Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                      C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                      Category:dropped
                                                                      Size (bytes):453023
                                                                      Entropy (8bit):7.997718157581587
                                                                      Encrypted:true
                                                                      SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                      MD5:85430BAED3398695717B0263807CF97C
                                                                      SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                      SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                      SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                      Malicious:false
                                                                      Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):24
                                                                      Entropy (8bit):3.91829583405449
                                                                      Encrypted:false
                                                                      SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                      MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                      SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                      SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                      SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                      Malicious:false
                                                                      Preview:{"schema":6,"addons":[]}

                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):24
                                                                      Entropy (8bit):3.91829583405449
                                                                      Encrypted:false
                                                                      SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                      MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                      SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                      SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                      SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                      Malicious:false
                                                                      Preview:{"schema":6,"addons":[]}

                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                      Category:dropped
                                                                      Size (bytes):66
                                                                      Entropy (8bit):4.837595020998689
                                                                      Encrypted:false
                                                                      SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                      MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                      SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                      SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                      SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                      Malicious:false
                                                                      Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                      Category:dropped
                                                                      Size (bytes):66
                                                                      Entropy (8bit):4.837595020998689
                                                                      Encrypted:false
                                                                      SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                      MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                      SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                      SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                      SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                      Malicious:false
                                                                      Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):36830
                                                                      Entropy (8bit):5.185924656884556
                                                                      Encrypted:false
                                                                      SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                      MD5:5656BA69BD2966108A461AAE35F60226
                                                                      SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                      SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                      SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                      Malicious:false
                                                                      Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):36830
                                                                      Entropy (8bit):5.185924656884556
                                                                      Encrypted:false
                                                                      SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                      MD5:5656BA69BD2966108A461AAE35F60226
                                                                      SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                      SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                      SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                      Malicious:false
                                                                      Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):1021904
                                                                      Entropy (8bit):6.648417932394748
                                                                      Encrypted:false
                                                                      SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                      MD5:FE3355639648C417E8307C6D051E3E37
                                                                      SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                      SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                      SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      Joe Sandbox View:
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):1021904
                                                                      Entropy (8bit):6.648417932394748
                                                                      Encrypted:false
                                                                      SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                      MD5:FE3355639648C417E8307C6D051E3E37
                                                                      SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                      SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                      SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      Joe Sandbox View:
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):116
                                                                      Entropy (8bit):4.968220104601006
                                                                      Encrypted:false
                                                                      SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                      MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                      SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                      SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                      SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                      Malicious:false
                                                                      Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):116
                                                                      Entropy (8bit):4.968220104601006
                                                                      Encrypted:false
                                                                      SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                      MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                      SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                      SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                      SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                      Malicious:false
                                                                      Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):11292
                                                                      Entropy (8bit):5.531010059020438
                                                                      Encrypted:false
                                                                      SSDEEP:192:lnaRtZYbBp6ihj4qyaaXF6KPOkfGNBw8rYSl:UegqbgTcwp0
                                                                      MD5:464A8E303050DA7BEA2C0B96CCE535B7
                                                                      SHA1:9F4C333E2E3EC32FC7EED09D8EC8393B5BF634C6
                                                                      SHA-256:62B9932D974AE33FCFEA00ED8E894265761189A5159D6E2091D308131957CFA4
                                                                      SHA-512:8AAD3AF428EE020158BF462530DA2A7CF6B3C80430B38BA648D8C7D7835D2C95D7A25646BA5976EA865697B8868630330CAC4DCF0D7AEF185AD0147F9CCC2001
                                                                      Malicious:false
                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725594521);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725594521);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):11292
                                                                      Entropy (8bit):5.531010059020438
                                                                      Encrypted:false
                                                                      SSDEEP:192:lnaRtZYbBp6ihj4qyaaXF6KPOkfGNBw8rYSl:UegqbgTcwp0
                                                                      MD5:464A8E303050DA7BEA2C0B96CCE535B7
                                                                      SHA1:9F4C333E2E3EC32FC7EED09D8EC8393B5BF634C6
                                                                      SHA-256:62B9932D974AE33FCFEA00ED8E894265761189A5159D6E2091D308131957CFA4
                                                                      SHA-512:8AAD3AF428EE020158BF462530DA2A7CF6B3C80430B38BA648D8C7D7835D2C95D7A25646BA5976EA865697B8868630330CAC4DCF0D7AEF185AD0147F9CCC2001
                                                                      Malicious:false
                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725594521);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725594521);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):53
                                                                      Entropy (8bit):4.136624295551173
                                                                      Encrypted:false
                                                                      SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                      MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                      SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                      SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                      SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                      Malicious:false
                                                                      Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:JSON data
                                                                      Category:dropped
                                                                      Size (bytes):53
                                                                      Entropy (8bit):4.136624295551173
                                                                      Encrypted:false
                                                                      SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                      MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                      SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                      SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                      SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                      Malicious:false
                                                                      Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                      Category:dropped
                                                                      Size (bytes):272
                                                                      Entropy (8bit):5.488001430896289
                                                                      Encrypted:false
                                                                      SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3S0EcptVnhBNzdDdCQ:vLz2S+EWDDoWqC+bfPK32cpLd9
                                                                      MD5:10CC40001267B7CA643B78BF8449DA01
                                                                      SHA1:22A87BE8F6F3B516587BBA2C7799AB4A9B92CC09
                                                                      SHA-256:F576CE0DD2B754ABD4F18835D2A64E9B0E30E495B1BD56433509052F8034C2D6
                                                                      SHA-512:8D4354943CBAFE92728F3F0CC1B29D05512326670685F6ADE5F3359FD76ADF5C6C1DE4E07C3DA2359958FBBA118DE10BB79D0568FA578EDA9BFC311804FAB174
                                                                      Malicious:false
                                                                      Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1725594509058,"startTim...$489294,"recentCrashes":0},"global":{},"cookies":[]}

                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                      Download File
                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                      Category:dropped
                                                                      Size (bytes):272
                                                                      Entropy (8bit):5.488001430896289
                                                                      Encrypted:false
                                                                      SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3S0EcptVnhBNzdDdCQ:vLz2S+EWDDoWqC+bfPK32cpLd9
                                                                      MD5:10CC40001267B7CA643B78BF8449DA01
                                                                      SHA1:22A87BE8F6F3B516587BBA2C7799AB4A9B92CC09
                                                                      SHA-256:F576CE0DD2B754ABD4F18835D2A64E9B0E30E495B1BD56433509052F8034C2D6
                                                                      SHA-512:8D4354943CBAFE92728F3F0CC1B29D05512326670685F6ADE5F3359FD76ADF5C6C1DE4E07C3DA2359958FBBA118DE10BB79D0568FA578EDA9BFC311804FAB174
                                                                      Malicious:false
                                                                      Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1725594509058,"startTim...$489294,"recentCrashes":0},"global":{},"cookies":[]}

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Entropy (8bit):6.57957349819099
                                                                      TrID:
                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                      File name:file.exe
                                                                      File size:917'504 bytes
                                                                      MD5:cf73057ebaa15bfad9eb26c58673a09f
                                                                      SHA1:3022deaa181fff7fe21b48a8017b7c184fc431e2
                                                                      SHA256:942a8b027add73486e63e0565d9a51f7d15f6db2e793c008d711d56f58d00000
                                                                      SHA512:afa8ee64ecd2dc0bb669ecec2675a62ea40c59ee8034e87565cbcbe70c635c392ebb515d175a3193aed556f3971b88ae7bcecc32852bc3a1eb2d0dfe04983843
                                                                      SSDEEP:12288:hqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTF:hqDEvCTbMWu7rQYlBQcBiT6rprG8avF
                                                                      TLSH:85159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                      File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                      File Icon

                                                                      Icon Hash:aaf3e3e3938382a0

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x420577
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                      Time Stamp:0x66DA646C [Fri Sep 6 02:09:48 2024 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:5
                                                                      OS Version Minor:1
                                                                      File Version Major:5
                                                                      File Version Minor:1
                                                                      Subsystem Version Major:5
                                                                      Subsystem Version Minor:1
                                                                      Import Hash:948cc502fe9226992dce9417f952fce3

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      call 00007F4F409174B3h
                                                                      jmp 00007F4F40916DBFh
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      push esi
                                                                      push dword ptr [ebp+08h]
                                                                      mov esi, ecx
                                                                      call 00007F4F40916F9Dh
                                                                      mov dword ptr [esi], 0049FDF0h
                                                                      mov eax, esi
                                                                      pop esi
                                                                      pop ebp
                                                                      retn 0004h
                                                                      and dword ptr [ecx+04h], 00000000h
                                                                      mov eax, ecx
                                                                      and dword ptr [ecx+08h], 00000000h
                                                                      mov dword ptr [ecx+04h], 0049FDF8h
                                                                      mov dword ptr [ecx], 0049FDF0h
                                                                      ret
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      push esi
                                                                      push dword ptr [ebp+08h]
                                                                      mov esi, ecx
                                                                      call 00007F4F40916F6Ah
                                                                      mov dword ptr [esi], 0049FE0Ch
                                                                      mov eax, esi
                                                                      pop esi
                                                                      pop ebp
                                                                      retn 0004h
                                                                      and dword ptr [ecx+04h], 00000000h
                                                                      mov eax, ecx
                                                                      and dword ptr [ecx+08h], 00000000h
                                                                      mov dword ptr [ecx+04h], 0049FE14h
                                                                      mov dword ptr [ecx], 0049FE0Ch
                                                                      ret
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      push esi
                                                                      mov esi, ecx
                                                                      lea eax, dword ptr [esi+04h]
                                                                      mov dword ptr [esi], 0049FDD0h
                                                                      and dword ptr [eax], 00000000h
                                                                      and dword ptr [eax+04h], 00000000h
                                                                      push eax
                                                                      mov eax, dword ptr [ebp+08h]
                                                                      add eax, 04h
                                                                      push eax
                                                                      call 00007F4F40919B5Dh
                                                                      pop ecx
                                                                      pop ecx
                                                                      mov eax, esi
                                                                      pop esi
                                                                      pop ebp
                                                                      retn 0004h
                                                                      lea eax, dword ptr [ecx+04h]
                                                                      mov dword ptr [ecx], 0049FDD0h
                                                                      push eax
                                                                      call 00007F4F40919BA8h
                                                                      pop ecx
                                                                      ret
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      push esi
                                                                      mov esi, ecx
                                                                      lea eax, dword ptr [esi+04h]
                                                                      mov dword ptr [esi], 0049FDD0h
                                                                      push eax
                                                                      call 00007F4F40919B91h
                                                                      test byte ptr [ebp+08h], 00000001h
                                                                      pop ecx

                                                                      Rich Headers

                                                                      Programming Language:
                                                                      • [ C ] VS2008 SP1 build 30729
                                                                      • [IMP] VS2008 SP1 build 30729

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                      .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      .rsrc0xd40000x95000x96008ba857d132bf127cc4342a008281c480False0.28109375data5.160881070509042IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                      Resources

                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                      RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                      RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                      RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                      RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                      RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                      RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                      RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                      RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                      RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                      RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                      RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                      RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                      RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                      RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                      RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                      RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                      RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                      RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                      RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                      RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                                                      RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                                                      RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                                                      RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                                                      RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                                                      RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                                                      RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                      Imports

                                                                      DLLImport
                                                                      WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                      VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                      WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                      COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                      MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                      WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                      PSAPI.DLLGetProcessMemoryInfo
                                                                      IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                      USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                      UxTheme.dllIsThemeActive
                                                                      KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                      USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                      GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                      COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                      ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                      SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                      ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                      OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                      Possible Origin

                                                                      Language of compilation systemCountry where language is spokenMap
                                                                      EnglishGreat Britain

                                                                      Network Behavior

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Sep 6, 2024 04:29:03.360739946 CEST49675443192.168.2.4173.222.162.32
                                                                      Sep 6, 2024 04:29:04.642638922 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:04.642687082 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:04.642751932 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:04.645639896 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:04.645658016 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.461913109 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.464308977 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.464330912 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.464734077 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.464747906 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.464839935 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.464848042 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.464911938 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.465461016 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.496943951 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.497086048 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.497745991 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.497751951 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.672832966 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.736376047 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.736829996 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.736943007 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.736960888 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.739335060 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.739459991 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.739466906 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.745570898 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.745646954 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.745656013 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.752049923 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.752295971 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.752302885 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.758234024 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.758294106 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.758301020 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.764853954 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.765160084 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.765166998 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.770704985 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.770812988 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.770818949 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.777019978 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.777129889 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.777137995 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.823334932 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.823637009 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.823647022 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.825128078 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.825233936 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.825239897 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.832439899 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.832573891 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.832581997 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.837743998 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.838036060 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.838043928 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.844017029 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.844121933 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.844129086 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.850336075 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.850472927 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.850481033 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.856924057 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.856983900 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.856992960 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.863099098 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.863522053 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.863528967 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.869223118 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.869319916 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.869327068 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.875258923 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.875399113 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.875405073 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.881088018 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.881460905 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.881468058 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.888801098 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.888864040 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.888870001 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.891732931 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.891942024 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.891947985 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.896951914 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.897308111 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.897314072 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.902420044 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.902508974 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.902513981 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.907740116 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.907815933 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.907823086 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.914207935 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.914285898 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.914293051 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.917390108 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.917476892 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.917481899 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.921720028 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.923978090 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.923984051 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.925970078 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.929384947 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.929390907 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.930479050 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.933149099 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.933233023 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.933239937 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.933279991 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.933335066 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.936521053 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.936599016 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.936604977 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.938987970 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.939181089 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.939187050 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.942102909 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.942337990 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.942343950 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.945487022 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.948934078 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.948965073 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.949964046 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.949975967 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.952753067 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.952891111 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.952898979 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.955873013 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.956377029 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.956382990 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.959755898 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.959950924 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.959956884 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.962838888 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.963004112 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.963009119 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.966466904 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.966922998 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.966928005 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.969815016 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.972179890 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.972187042 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.973251104 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.973308086 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.973315001 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.976603985 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.976969957 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.976977110 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.980051041 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.980122089 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.980127096 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.985255003 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.985315084 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.985321045 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.986612082 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.986826897 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.986831903 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.990190029 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.990269899 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.990276098 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.993112087 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.993146896 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.993252039 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.993257999 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.993308067 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.996216059 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.999162912 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.999377012 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:05.999383926 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:05.999521971 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:06.001285076 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:06.001293898 CEST44349742142.250.181.225192.168.2.4
                                                                      Sep 6, 2024 04:29:06.001372099 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:06.001372099 CEST49742443192.168.2.4142.250.181.225
                                                                      Sep 6, 2024 04:29:06.675945997 CEST49751443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:06.675980091 CEST44349751162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:06.676040888 CEST49751443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:06.676605940 CEST49751443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:06.676620007 CEST44349751162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:06.677685976 CEST49752443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:06.677695036 CEST44349752162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:06.677751064 CEST49752443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:06.678447008 CEST49752443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:06.678458929 CEST44349752162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:06.732278109 CEST49753443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:06.732321978 CEST44349753162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:06.732403040 CEST49753443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:06.734420061 CEST49753443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:06.734432936 CEST44349753162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.017700911 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.017728090 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.017785072 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.018018007 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.018026114 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.140062094 CEST44349751162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.140280008 CEST49751443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.140290022 CEST44349751162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.141239882 CEST44349752162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.141432047 CEST44349751162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.141483068 CEST49751443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.143395901 CEST49752443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.143404961 CEST44349752162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.143668890 CEST49751443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.143733025 CEST44349751162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.143826962 CEST49751443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.143834114 CEST44349751162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.144583941 CEST44349752162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.144639969 CEST49752443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.145863056 CEST49752443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.145935059 CEST44349752162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.146183014 CEST49752443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.146188021 CEST44349752162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.195342064 CEST44349753162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.195753098 CEST49753443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.195761919 CEST44349753162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.196806908 CEST44349753162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.196868896 CEST49753443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.197890043 CEST49753443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.197953939 CEST44349753162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.198070049 CEST49753443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.198076010 CEST44349753162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.264659882 CEST44349751162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.264718056 CEST49751443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.265239954 CEST44349752162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.265292883 CEST49752443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.266272068 CEST49752443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.266283989 CEST44349752162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.268048048 CEST49751443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.268052101 CEST44349751162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.333728075 CEST44349753162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.333851099 CEST49753443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.333967924 CEST49753443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.333978891 CEST44349753162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.537708998 CEST49758443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.537738085 CEST44349758162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.537822962 CEST49758443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.538381100 CEST49759443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.538414001 CEST44349759162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.538469076 CEST49759443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.539030075 CEST49758443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.539041996 CEST44349758162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.539498091 CEST49759443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.539511919 CEST44349759162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.609033108 CEST49760443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.609069109 CEST44349760162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.609224081 CEST49760443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.609915018 CEST49761443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.609951973 CEST44349761162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.610192060 CEST49762443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.610202074 CEST44349762162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.610214949 CEST49761443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.610245943 CEST49762443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.610651016 CEST49763443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.610661983 CEST44349763162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.610729933 CEST49763443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.610968113 CEST49764443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.610974073 CEST44349764162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.611020088 CEST49764443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.611234903 CEST49760443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.611249924 CEST44349760162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.611643076 CEST49765443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.611649036 CEST44349765162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.611702919 CEST49765443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.612006903 CEST49761443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.612020969 CEST44349761162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.612168074 CEST49762443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.612179995 CEST44349762162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.612253904 CEST49763443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.612267017 CEST44349763162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.612395048 CEST49764443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.612402916 CEST44349764162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.612517118 CEST49765443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.612526894 CEST44349765162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.687979937 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.688375950 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.688395023 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.689434052 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.689493895 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.690650940 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.690706968 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.690867901 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.690875053 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.794028044 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.794044971 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.794087887 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.794097900 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.794118881 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.794123888 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.794146061 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.859936953 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.883593082 CEST49767443192.168.2.423.96.180.189
                                                                      Sep 6, 2024 04:29:07.883625984 CEST4434976723.96.180.189192.168.2.4
                                                                      Sep 6, 2024 04:29:07.883675098 CEST49767443192.168.2.423.96.180.189
                                                                      Sep 6, 2024 04:29:07.884134054 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.884143114 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.884172916 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.884186029 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.884197950 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.884203911 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.884212971 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.884232044 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.884254932 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.884602070 CEST49767443192.168.2.423.96.180.189
                                                                      Sep 6, 2024 04:29:07.884609938 CEST4434976723.96.180.189192.168.2.4
                                                                      Sep 6, 2024 04:29:07.885862112 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.885869026 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.885891914 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.885898113 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.885935068 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.885941982 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.885973930 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.886004925 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.974406004 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.974423885 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.974459887 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.974495888 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.974505901 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.974533081 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.974539042 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.974565029 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.974592924 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.994869947 CEST49754443192.168.2.413.107.246.57
                                                                      Sep 6, 2024 04:29:07.994882107 CEST4434975413.107.246.57192.168.2.4
                                                                      Sep 6, 2024 04:29:07.995377064 CEST44349758162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.995624065 CEST49758443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.995630980 CEST44349758162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.995954990 CEST44349758162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.996411085 CEST49758443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.996493101 CEST44349758162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.000297070 CEST49768443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:08.000334978 CEST4434976813.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.000396013 CEST49768443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:08.000581980 CEST49768443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:08.000593901 CEST4434976813.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.013385057 CEST44349759162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.013725042 CEST49759443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.013742924 CEST44349759162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.014020920 CEST44349759162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.014394999 CEST49759443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.014451981 CEST44349759162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.071633101 CEST49759443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.077450991 CEST44349764162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.077694893 CEST44349761162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.078416109 CEST49761443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.078432083 CEST44349761162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.078510046 CEST49764443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.078516960 CEST44349764162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.078692913 CEST44349760162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.078763962 CEST44349761162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.079137087 CEST49760443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.079153061 CEST44349760162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.079363108 CEST49761443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.079433918 CEST44349761162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.079456091 CEST44349763162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.079477072 CEST44349760162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.079525948 CEST44349764162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.079582930 CEST49764443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.079718113 CEST49760443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.079782009 CEST44349760162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.079937935 CEST49763443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.079945087 CEST44349763162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.080142975 CEST49758443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.080182076 CEST49764443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.080246925 CEST44349764162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.081034899 CEST44349763162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.081087112 CEST49763443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.081342936 CEST49763443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.081404924 CEST44349763162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.083216906 CEST44349762162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.083484888 CEST49762443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.083492994 CEST44349762162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.084563971 CEST44349762162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.084614992 CEST49762443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.084945917 CEST49762443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.085012913 CEST44349762162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.088171959 CEST44349765162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.088485003 CEST49765443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.088493109 CEST44349765162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.089467049 CEST44349765162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.089526892 CEST49765443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.089828968 CEST49765443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.089886904 CEST44349765162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.132029057 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:08.132076025 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.132155895 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:08.132386923 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:08.132400036 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.182117939 CEST49761443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.182208061 CEST49764443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.182208061 CEST49762443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.182215929 CEST44349764162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.182226896 CEST44349762162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.198777914 CEST49771443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.198812008 CEST44349771142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.199016094 CEST49771443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.199018002 CEST49772443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.199043036 CEST44349772142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.199127913 CEST49773443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.199136019 CEST44349773142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.199186087 CEST49773443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.199201107 CEST49772443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.199369907 CEST49771443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.199383974 CEST44349771142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.199465990 CEST49773443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.199475050 CEST44349773142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.199559927 CEST49772443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.199570894 CEST44349772142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.259867907 CEST49760443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.259867907 CEST49763443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.259867907 CEST49765443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.259886026 CEST44349763162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.259905100 CEST44349765162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.373616934 CEST49764443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.373616934 CEST49762443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.373616934 CEST49763443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.373616934 CEST49765443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.682504892 CEST49774443192.168.2.435.190.72.216
                                                                      Sep 6, 2024 04:29:08.682545900 CEST4434977435.190.72.216192.168.2.4
                                                                      Sep 6, 2024 04:29:08.682893991 CEST4434976723.96.180.189192.168.2.4
                                                                      Sep 6, 2024 04:29:08.684644938 CEST4434976813.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.684695959 CEST44349771142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.684813023 CEST44349772142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.684854984 CEST44349773142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.686022043 CEST49774443192.168.2.435.190.72.216
                                                                      Sep 6, 2024 04:29:08.688208103 CEST49771443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.688225031 CEST44349771142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.688323975 CEST49768443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:08.688334942 CEST4434976813.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.688493013 CEST49767443192.168.2.423.96.180.189
                                                                      Sep 6, 2024 04:29:08.688500881 CEST4434976723.96.180.189192.168.2.4
                                                                      Sep 6, 2024 04:29:08.688570023 CEST44349771142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.688683987 CEST4434976813.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.688858032 CEST49773443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.688869953 CEST44349773142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.688996077 CEST49772443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.689002991 CEST44349772142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.689227104 CEST44349773142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.689563990 CEST4434976723.96.180.189192.168.2.4
                                                                      Sep 6, 2024 04:29:08.690017939 CEST44349772142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.691379070 CEST49774443192.168.2.435.190.72.216
                                                                      Sep 6, 2024 04:29:08.691391945 CEST4434977435.190.72.216192.168.2.4
                                                                      Sep 6, 2024 04:29:08.692203999 CEST49767443192.168.2.423.96.180.189
                                                                      Sep 6, 2024 04:29:08.692203999 CEST49772443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.692877054 CEST49768443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:08.693116903 CEST49771443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.693118095 CEST4434976813.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.693188906 CEST44349771142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.693330050 CEST49773443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.693396091 CEST44349773142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.693592072 CEST49772443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.693650007 CEST44349772142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.694483995 CEST49767443192.168.2.423.96.180.189
                                                                      Sep 6, 2024 04:29:08.694545031 CEST4434976723.96.180.189192.168.2.4
                                                                      Sep 6, 2024 04:29:08.695030928 CEST49768443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:08.695147038 CEST49767443192.168.2.423.96.180.189
                                                                      Sep 6, 2024 04:29:08.736509085 CEST4434976813.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.740509987 CEST4434976723.96.180.189192.168.2.4
                                                                      Sep 6, 2024 04:29:08.783191919 CEST49768443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:08.783227921 CEST49771443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.783227921 CEST49773443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.860975981 CEST49767443192.168.2.423.96.180.189
                                                                      Sep 6, 2024 04:29:08.860975981 CEST49772443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.860991955 CEST4434976723.96.180.189192.168.2.4
                                                                      Sep 6, 2024 04:29:08.861005068 CEST44349772142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.969314098 CEST49767443192.168.2.423.96.180.189
                                                                      Sep 6, 2024 04:29:08.969314098 CEST49772443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.983604908 CEST4434976813.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983624935 CEST4434976813.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983632088 CEST4434976813.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983654022 CEST4434976813.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983666897 CEST4434976813.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983680964 CEST4434976813.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983697891 CEST4434976813.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984285116 CEST4434976723.96.180.189192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984299898 CEST4434976723.96.180.189192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984343052 CEST4434976723.96.180.189192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984678984 CEST49768443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:08.984721899 CEST49768443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:08.984879017 CEST49767443192.168.2.423.96.180.189
                                                                      Sep 6, 2024 04:29:08.984950066 CEST49767443192.168.2.423.96.180.189
                                                                      Sep 6, 2024 04:29:08.985938072 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.987539053 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:08.987559080 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.987919092 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.988768101 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:08.988825083 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:08.989037037 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:08.992405891 CEST49767443192.168.2.423.96.180.189
                                                                      Sep 6, 2024 04:29:08.992422104 CEST4434976723.96.180.189192.168.2.4
                                                                      Sep 6, 2024 04:29:08.997975111 CEST49768443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:08.997989893 CEST4434976813.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.032497883 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.098762035 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.098792076 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.104500055 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.107182026 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.107199907 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.110666037 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.119909048 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.166152954 CEST4434977435.190.72.216192.168.2.4
                                                                      Sep 6, 2024 04:29:09.166301966 CEST49774443192.168.2.435.190.72.216
                                                                      Sep 6, 2024 04:29:09.173435926 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.187561989 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.187570095 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.187587023 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.187594891 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.187621117 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.187629938 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.188338041 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.188560963 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.189923048 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.189929962 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.189954996 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.189965010 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.190406084 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.190418005 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.191760063 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.195691109 CEST49774443192.168.2.435.190.72.216
                                                                      Sep 6, 2024 04:29:09.195704937 CEST4434977435.190.72.216192.168.2.4
                                                                      Sep 6, 2024 04:29:09.195825100 CEST49774443192.168.2.435.190.72.216
                                                                      Sep 6, 2024 04:29:09.195877075 CEST4434977435.190.72.216192.168.2.4
                                                                      Sep 6, 2024 04:29:09.197834969 CEST49774443192.168.2.435.190.72.216
                                                                      Sep 6, 2024 04:29:09.275301933 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.275312901 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.275341988 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.275367975 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.276499987 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.276514053 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.276844025 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.276875019 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.276901007 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.277262926 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.277652979 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.277658939 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.277828932 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.277863979 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.277875900 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.277890921 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.278347015 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.278357029 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.279622078 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.279648066 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.279658079 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.279670954 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.279861927 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.280117989 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.280123949 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.281563997 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.281591892 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.364037037 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.364056110 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.364170074 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.364182949 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.364379883 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.365767002 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.365782022 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.366750956 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.366784096 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.366869926 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.366878033 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.367835999 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.368441105 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.368681908 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.368695974 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.369066954 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.369072914 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.369654894 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.369673967 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.370629072 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.370635986 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.371454954 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.371632099 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.371650934 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.372184038 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.372189045 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.372597933 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.372616053 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.374423981 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.374432087 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.376298904 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.409101009 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.409122944 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.409708023 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.409719944 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.410347939 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.452636957 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.452653885 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.452956915 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.452991009 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.453516960 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.453532934 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.458096981 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.458106995 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.460408926 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.460807085 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.465400934 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.465895891 CEST49770443192.168.2.413.107.246.40
                                                                      Sep 6, 2024 04:29:09.465912104 CEST4434977013.107.246.40192.168.2.4
                                                                      Sep 6, 2024 04:29:09.618613005 CEST6402253192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:09.623404026 CEST53640221.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:09.625638008 CEST6402253192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:09.684808969 CEST6402253192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:09.690771103 CEST53640221.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:10.055526018 CEST64023443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.055550098 CEST44364023142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.057511091 CEST64023443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.061351061 CEST64024443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.061359882 CEST44364024142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.075421095 CEST64024443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.080976009 CEST53640221.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:10.101809978 CEST64023443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.101826906 CEST44364023142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.101932049 CEST64024443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.101943016 CEST44364024142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.111296892 CEST6402580192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:10.115457058 CEST6402253192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:10.115839958 CEST64026443192.168.2.4152.195.19.97
                                                                      Sep 6, 2024 04:29:10.115869999 CEST44364026152.195.19.97192.168.2.4
                                                                      Sep 6, 2024 04:29:10.118706942 CEST806402534.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:10.119018078 CEST64026443192.168.2.4152.195.19.97
                                                                      Sep 6, 2024 04:29:10.119031906 CEST6402580192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:10.119365931 CEST64026443192.168.2.4152.195.19.97
                                                                      Sep 6, 2024 04:29:10.119378090 CEST44364026152.195.19.97192.168.2.4
                                                                      Sep 6, 2024 04:29:10.119533062 CEST6402580192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:10.122495890 CEST53640221.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:10.126477957 CEST806402534.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:10.136635065 CEST6402253192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:10.573756933 CEST44364023142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.575212002 CEST64023443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.575226068 CEST44364023142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.575594902 CEST44364023142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.575733900 CEST64023443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.576318979 CEST44364023142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.576381922 CEST64023443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.577476025 CEST64023443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.577541113 CEST44364023142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.577841043 CEST64023443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.585355997 CEST44364024142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.588234901 CEST806402534.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:10.590967894 CEST64024443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.590976000 CEST44364024142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.591289043 CEST44364024142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.591299057 CEST44364024142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.591393948 CEST64024443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.591897011 CEST44364024142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.595657110 CEST64024443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.595876932 CEST64024443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.595931053 CEST44364024142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.596019983 CEST64024443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.620505095 CEST44364023142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.635503054 CEST6402780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:10.640502930 CEST44364024142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.640521049 CEST806402734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:10.641087055 CEST6402780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:10.641316891 CEST6402780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:10.646347046 CEST806402734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:10.672941923 CEST64023443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.672950983 CEST44364023142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.680366993 CEST64028443192.168.2.4142.250.80.68
                                                                      Sep 6, 2024 04:29:10.680385113 CEST44364028142.250.80.68192.168.2.4
                                                                      Sep 6, 2024 04:29:10.680465937 CEST64028443192.168.2.4142.250.80.68
                                                                      Sep 6, 2024 04:29:10.680727005 CEST64028443192.168.2.4142.250.80.68
                                                                      Sep 6, 2024 04:29:10.680741072 CEST44364028142.250.80.68192.168.2.4
                                                                      Sep 6, 2024 04:29:10.681263924 CEST44364026152.195.19.97192.168.2.4
                                                                      Sep 6, 2024 04:29:10.682836056 CEST64026443192.168.2.4152.195.19.97
                                                                      Sep 6, 2024 04:29:10.682843924 CEST44364026152.195.19.97192.168.2.4
                                                                      Sep 6, 2024 04:29:10.683845043 CEST44364026152.195.19.97192.168.2.4
                                                                      Sep 6, 2024 04:29:10.686331987 CEST64026443192.168.2.4152.195.19.97
                                                                      Sep 6, 2024 04:29:10.687062979 CEST6402580192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:10.687077045 CEST64024443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.687082052 CEST44364024142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.687484980 CEST64026443192.168.2.4152.195.19.97
                                                                      Sep 6, 2024 04:29:10.687545061 CEST44364026152.195.19.97192.168.2.4
                                                                      Sep 6, 2024 04:29:10.687628984 CEST64026443192.168.2.4152.195.19.97
                                                                      Sep 6, 2024 04:29:10.688210011 CEST44364023142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.688862085 CEST64023443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.689862967 CEST64023443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.689874887 CEST44364023142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.704798937 CEST64029443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:10.704807043 CEST44364029184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:10.705303907 CEST64029443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:10.708503008 CEST64029443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:10.708513975 CEST44364029184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:10.712172985 CEST44364024142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.712992907 CEST64024443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.713433027 CEST64024443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:10.713438034 CEST44364024142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:10.728497028 CEST44364026152.195.19.97192.168.2.4
                                                                      Sep 6, 2024 04:29:10.826874971 CEST44364026152.195.19.97192.168.2.4
                                                                      Sep 6, 2024 04:29:10.826888084 CEST44364026152.195.19.97192.168.2.4
                                                                      Sep 6, 2024 04:29:10.826951027 CEST44364026152.195.19.97192.168.2.4
                                                                      Sep 6, 2024 04:29:10.828569889 CEST64026443192.168.2.4152.195.19.97
                                                                      Sep 6, 2024 04:29:10.828700066 CEST64026443192.168.2.4152.195.19.97
                                                                      Sep 6, 2024 04:29:10.835988045 CEST64026443192.168.2.4152.195.19.97
                                                                      Sep 6, 2024 04:29:10.836007118 CEST44364026152.195.19.97192.168.2.4
                                                                      Sep 6, 2024 04:29:11.025070906 CEST64030443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.025094032 CEST44364030142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.025243044 CEST64031443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.025258064 CEST44364031142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.025304079 CEST64030443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.025613070 CEST64030443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.025628090 CEST44364030142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.025705099 CEST64031443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.028367996 CEST64031443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.028379917 CEST44364031142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.118792057 CEST806402734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:11.178155899 CEST44364028142.250.80.68192.168.2.4
                                                                      Sep 6, 2024 04:29:11.224643946 CEST64028443192.168.2.4142.250.80.68
                                                                      Sep 6, 2024 04:29:11.224653959 CEST44364028142.250.80.68192.168.2.4
                                                                      Sep 6, 2024 04:29:11.225946903 CEST44364028142.250.80.68192.168.2.4
                                                                      Sep 6, 2024 04:29:11.226898909 CEST64028443192.168.2.4142.250.80.68
                                                                      Sep 6, 2024 04:29:11.229072094 CEST64028443192.168.2.4142.250.80.68
                                                                      Sep 6, 2024 04:29:11.229140997 CEST44364028142.250.80.68192.168.2.4
                                                                      Sep 6, 2024 04:29:11.229242086 CEST64028443192.168.2.4142.250.80.68
                                                                      Sep 6, 2024 04:29:11.265492916 CEST6402780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:11.272506952 CEST44364028142.250.80.68192.168.2.4
                                                                      Sep 6, 2024 04:29:11.328960896 CEST44364028142.250.80.68192.168.2.4
                                                                      Sep 6, 2024 04:29:11.328999043 CEST44364028142.250.80.68192.168.2.4
                                                                      Sep 6, 2024 04:29:11.329288960 CEST64028443192.168.2.4142.250.80.68
                                                                      Sep 6, 2024 04:29:11.329301119 CEST44364028142.250.80.68192.168.2.4
                                                                      Sep 6, 2024 04:29:11.329389095 CEST44364028142.250.80.68192.168.2.4
                                                                      Sep 6, 2024 04:29:11.329396009 CEST64028443192.168.2.4142.250.80.68
                                                                      Sep 6, 2024 04:29:11.329402924 CEST44364028142.250.80.68192.168.2.4
                                                                      Sep 6, 2024 04:29:11.329444885 CEST64028443192.168.2.4142.250.80.68
                                                                      Sep 6, 2024 04:29:11.329452038 CEST44364028142.250.80.68192.168.2.4
                                                                      Sep 6, 2024 04:29:11.329463005 CEST44364028142.250.80.68192.168.2.4
                                                                      Sep 6, 2024 04:29:11.329718113 CEST64028443192.168.2.4142.250.80.68
                                                                      Sep 6, 2024 04:29:11.331331015 CEST64028443192.168.2.4142.250.80.68
                                                                      Sep 6, 2024 04:29:11.331340075 CEST44364028142.250.80.68192.168.2.4
                                                                      Sep 6, 2024 04:29:11.385407925 CEST44364029184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:11.385974884 CEST64029443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:11.390084982 CEST64029443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:11.390089989 CEST44364029184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:11.390338898 CEST44364029184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:11.440776110 CEST64029443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:11.484502077 CEST44364029184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:11.492022038 CEST44364031142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.492923021 CEST44364030142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.497531891 CEST64030443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.497548103 CEST44364030142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.497633934 CEST64031443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.497642040 CEST44364031142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.497878075 CEST44364030142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.498039007 CEST44364031142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.498486996 CEST44364030142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.498728991 CEST44364031142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.501046896 CEST64031443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.501046896 CEST64030443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.501054049 CEST44364031142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.501055002 CEST44364030142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.501081944 CEST64031443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.503531933 CEST64031443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.503613949 CEST44364031142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.508408070 CEST64030443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.508464098 CEST44364030142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.576877117 CEST64031443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.576884031 CEST44364031142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.664906979 CEST44364029184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:11.664968967 CEST44364029184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:11.665035963 CEST64029443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:11.665271997 CEST64029443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:11.665282011 CEST44364029184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:11.665294886 CEST64029443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:11.665299892 CEST44364029184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:11.679743052 CEST64031443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.679795980 CEST64030443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.679805040 CEST44364030142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.735049009 CEST64032443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:11.735085011 CEST44364032184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:11.735373020 CEST64032443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:11.735678911 CEST64032443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:11.735690117 CEST44364032184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:11.780639887 CEST64030443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:12.378464937 CEST44364032184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:12.381850958 CEST64032443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:12.388092041 CEST64032443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:12.388106108 CEST44364032184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:12.388344049 CEST44364032184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:12.392431974 CEST64032443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:12.436503887 CEST44364032184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:12.726608038 CEST44364032184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:12.726660013 CEST44364032184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:12.726744890 CEST64032443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:12.728643894 CEST64032443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:12.728660107 CEST44364032184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:12.728672028 CEST64032443192.168.2.4184.28.90.27
                                                                      Sep 6, 2024 04:29:12.728677034 CEST44364032184.28.90.27192.168.2.4
                                                                      Sep 6, 2024 04:29:13.038392067 CEST64035443192.168.2.4142.251.40.234
                                                                      Sep 6, 2024 04:29:13.038415909 CEST44364035142.251.40.234192.168.2.4
                                                                      Sep 6, 2024 04:29:13.038475990 CEST64035443192.168.2.4142.251.40.234
                                                                      Sep 6, 2024 04:29:13.038710117 CEST64035443192.168.2.4142.251.40.234
                                                                      Sep 6, 2024 04:29:13.038719893 CEST44364035142.251.40.234192.168.2.4
                                                                      Sep 6, 2024 04:29:13.506922960 CEST44364035142.251.40.234192.168.2.4
                                                                      Sep 6, 2024 04:29:13.510538101 CEST64035443192.168.2.4142.251.40.234
                                                                      Sep 6, 2024 04:29:13.510550022 CEST44364035142.251.40.234192.168.2.4
                                                                      Sep 6, 2024 04:29:13.511567116 CEST44364035142.251.40.234192.168.2.4
                                                                      Sep 6, 2024 04:29:13.511621952 CEST64035443192.168.2.4142.251.40.234
                                                                      Sep 6, 2024 04:29:13.515949965 CEST64035443192.168.2.4142.251.40.234
                                                                      Sep 6, 2024 04:29:13.516032934 CEST44364035142.251.40.234192.168.2.4
                                                                      Sep 6, 2024 04:29:13.516160011 CEST64035443192.168.2.4142.251.40.234
                                                                      Sep 6, 2024 04:29:13.556502104 CEST44364035142.251.40.234192.168.2.4
                                                                      Sep 6, 2024 04:29:13.578767061 CEST64035443192.168.2.4142.251.40.234
                                                                      Sep 6, 2024 04:29:13.578789949 CEST44364035142.251.40.234192.168.2.4
                                                                      Sep 6, 2024 04:29:13.659321070 CEST44364035142.251.40.234192.168.2.4
                                                                      Sep 6, 2024 04:29:13.677882910 CEST64035443192.168.2.4142.251.40.234
                                                                      Sep 6, 2024 04:29:13.692679882 CEST64035443192.168.2.4142.251.40.234
                                                                      Sep 6, 2024 04:29:13.692697048 CEST44364035142.251.40.234192.168.2.4
                                                                      Sep 6, 2024 04:29:15.511575937 CEST64036443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:15.511612892 CEST4436403640.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:15.511691093 CEST64036443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:15.512732029 CEST64036443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:15.512747049 CEST4436403640.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:16.296809912 CEST4436403640.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:16.296922922 CEST64036443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:16.299407959 CEST64036443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:16.299417019 CEST4436403640.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:16.299758911 CEST4436403640.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:16.348273039 CEST64036443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:17.038907051 CEST64036443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:17.084501028 CEST4436403640.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:17.297627926 CEST4436403640.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:17.297651052 CEST4436403640.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:17.297657013 CEST4436403640.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:17.297669888 CEST4436403640.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:17.297692060 CEST4436403640.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:17.297724962 CEST64036443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:17.297749043 CEST4436403640.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:17.297761917 CEST64036443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:17.297867060 CEST64036443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:17.302423954 CEST4436403640.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:17.302509069 CEST4436403640.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:17.302632093 CEST64036443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:17.982429981 CEST64036443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:17.982456923 CEST4436403640.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:17.982471943 CEST64036443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:17.982479095 CEST4436403640.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:20.598289967 CEST6402580192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:20.603177071 CEST806402534.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:21.130970001 CEST6402780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:21.135994911 CEST806402734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:22.904551983 CEST44349758162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:22.904632092 CEST44349758162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:22.919928074 CEST49758443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:22.920073986 CEST44349759162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:22.920135975 CEST44349759162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:22.940135956 CEST49759443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:22.976691008 CEST44349764162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:22.976749897 CEST44349764162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:22.977402925 CEST44349761162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:22.977475882 CEST44349761162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:22.977751017 CEST44349760162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:22.977807999 CEST44349760162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:22.982235909 CEST49764443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:22.983437061 CEST49761443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:22.983443022 CEST49760443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:22.984410048 CEST44349763162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:22.984466076 CEST44349763162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:22.986593962 CEST49763443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:22.991847038 CEST44349762162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:22.991897106 CEST44349762162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:22.992057085 CEST49762443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:22.994044065 CEST44349765162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:22.994096994 CEST44349765162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:22.994148970 CEST49765443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:30.605909109 CEST6402580192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:30.610749960 CEST806402534.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:31.138587952 CEST6402780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:31.143583059 CEST806402734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:37.458204985 CEST64042443192.168.2.435.190.72.216
                                                                      Sep 6, 2024 04:29:37.458254099 CEST4436404235.190.72.216192.168.2.4
                                                                      Sep 6, 2024 04:29:37.460066080 CEST64042443192.168.2.435.190.72.216
                                                                      Sep 6, 2024 04:29:37.461564064 CEST64042443192.168.2.435.190.72.216
                                                                      Sep 6, 2024 04:29:37.461575031 CEST4436404235.190.72.216192.168.2.4
                                                                      Sep 6, 2024 04:29:37.466270924 CEST64043443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:37.466279984 CEST4436404335.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:37.466509104 CEST64043443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:37.466612101 CEST64043443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:37.466620922 CEST4436404335.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:37.475267887 CEST64044443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:37.475274086 CEST4436404434.149.100.209192.168.2.4
                                                                      Sep 6, 2024 04:29:37.475589991 CEST64044443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:37.475718021 CEST64044443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:37.475727081 CEST4436404434.149.100.209192.168.2.4
                                                                      Sep 6, 2024 04:29:37.921288013 CEST4436404235.190.72.216192.168.2.4
                                                                      Sep 6, 2024 04:29:37.921655893 CEST64042443192.168.2.435.190.72.216
                                                                      Sep 6, 2024 04:29:37.954530001 CEST4436404434.149.100.209192.168.2.4
                                                                      Sep 6, 2024 04:29:37.954596996 CEST64044443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:37.955955029 CEST4436404335.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:37.956010103 CEST64043443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:38.065313101 CEST64043443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:38.065335989 CEST4436404335.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:38.065707922 CEST4436404335.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:38.068104029 CEST64044443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:38.068114996 CEST4436404434.149.100.209192.168.2.4
                                                                      Sep 6, 2024 04:29:38.068361044 CEST4436404434.149.100.209192.168.2.4
                                                                      Sep 6, 2024 04:29:38.069035053 CEST64045443192.168.2.452.222.236.120
                                                                      Sep 6, 2024 04:29:38.069065094 CEST4436404552.222.236.120192.168.2.4
                                                                      Sep 6, 2024 04:29:38.069713116 CEST64045443192.168.2.452.222.236.120
                                                                      Sep 6, 2024 04:29:38.070555925 CEST64045443192.168.2.452.222.236.120
                                                                      Sep 6, 2024 04:29:38.070565939 CEST4436404552.222.236.120192.168.2.4
                                                                      Sep 6, 2024 04:29:38.073451996 CEST64042443192.168.2.435.190.72.216
                                                                      Sep 6, 2024 04:29:38.073462963 CEST4436404235.190.72.216192.168.2.4
                                                                      Sep 6, 2024 04:29:38.073556900 CEST64042443192.168.2.435.190.72.216
                                                                      Sep 6, 2024 04:29:38.073664904 CEST64043443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:38.073688984 CEST4436404235.190.72.216192.168.2.4
                                                                      Sep 6, 2024 04:29:38.073740005 CEST64043443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:38.073802948 CEST64044443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:38.073836088 CEST64042443192.168.2.435.190.72.216
                                                                      Sep 6, 2024 04:29:38.073836088 CEST4436404335.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:38.073889971 CEST64044443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:38.073951960 CEST4436404434.149.100.209192.168.2.4
                                                                      Sep 6, 2024 04:29:38.074007988 CEST64043443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:38.074160099 CEST64044443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:38.074217081 CEST64046443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:38.074225903 CEST4436404634.149.100.209192.168.2.4
                                                                      Sep 6, 2024 04:29:38.074317932 CEST64046443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:38.074440002 CEST64046443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:38.074450016 CEST4436404634.149.100.209192.168.2.4
                                                                      Sep 6, 2024 04:29:38.126040936 CEST6402780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:38.126077890 CEST6402580192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:38.133066893 CEST806402734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:38.133668900 CEST6402780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:38.133795023 CEST806402534.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:38.134651899 CEST6402580192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:38.141204119 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:38.146079063 CEST806404734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:38.146131992 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:38.146255970 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:38.151195049 CEST806404734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:38.529047966 CEST4436404634.149.100.209192.168.2.4
                                                                      Sep 6, 2024 04:29:38.529112101 CEST64046443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:38.531697989 CEST64046443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:38.531703949 CEST4436404634.149.100.209192.168.2.4
                                                                      Sep 6, 2024 04:29:38.531897068 CEST4436404634.149.100.209192.168.2.4
                                                                      Sep 6, 2024 04:29:38.533561945 CEST64046443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:38.533647060 CEST64046443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:38.533687115 CEST4436404634.149.100.209192.168.2.4
                                                                      Sep 6, 2024 04:29:38.536340952 CEST64046443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:38.536361933 CEST64046443192.168.2.434.149.100.209
                                                                      Sep 6, 2024 04:29:38.593826056 CEST806404734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:38.599385977 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:38.604285002 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:38.604356050 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:38.604568005 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:38.609736919 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:38.641900063 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:38.821288109 CEST4436404552.222.236.120192.168.2.4
                                                                      Sep 6, 2024 04:29:38.821360111 CEST64045443192.168.2.452.222.236.120
                                                                      Sep 6, 2024 04:29:38.824271917 CEST64045443192.168.2.452.222.236.120
                                                                      Sep 6, 2024 04:29:38.824276924 CEST4436404552.222.236.120192.168.2.4
                                                                      Sep 6, 2024 04:29:38.824490070 CEST4436404552.222.236.120192.168.2.4
                                                                      Sep 6, 2024 04:29:38.826606035 CEST64045443192.168.2.452.222.236.120
                                                                      Sep 6, 2024 04:29:38.826750994 CEST64045443192.168.2.452.222.236.120
                                                                      Sep 6, 2024 04:29:38.826915979 CEST4436404552.222.236.120192.168.2.4
                                                                      Sep 6, 2024 04:29:38.827037096 CEST64045443192.168.2.452.222.236.120
                                                                      Sep 6, 2024 04:29:38.827332020 CEST64049443192.168.2.452.222.236.120
                                                                      Sep 6, 2024 04:29:38.827366114 CEST4436404952.222.236.120192.168.2.4
                                                                      Sep 6, 2024 04:29:38.827430010 CEST64049443192.168.2.452.222.236.120
                                                                      Sep 6, 2024 04:29:38.827548981 CEST64049443192.168.2.452.222.236.120
                                                                      Sep 6, 2024 04:29:38.827560902 CEST4436404952.222.236.120192.168.2.4
                                                                      Sep 6, 2024 04:29:39.050201893 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:39.112063885 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:39.572438002 CEST4436404952.222.236.120192.168.2.4
                                                                      Sep 6, 2024 04:29:39.572877884 CEST64049443192.168.2.452.222.236.120
                                                                      Sep 6, 2024 04:29:39.576061964 CEST64049443192.168.2.452.222.236.120
                                                                      Sep 6, 2024 04:29:39.576071024 CEST4436404952.222.236.120192.168.2.4
                                                                      Sep 6, 2024 04:29:39.576291084 CEST4436404952.222.236.120192.168.2.4
                                                                      Sep 6, 2024 04:29:39.579363108 CEST64049443192.168.2.452.222.236.120
                                                                      Sep 6, 2024 04:29:39.579451084 CEST64049443192.168.2.452.222.236.120
                                                                      Sep 6, 2024 04:29:39.579499960 CEST4436404952.222.236.120192.168.2.4
                                                                      Sep 6, 2024 04:29:39.581020117 CEST64049443192.168.2.452.222.236.120
                                                                      Sep 6, 2024 04:29:39.588227034 CEST64050443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:39.588254929 CEST4436405035.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:39.589421988 CEST64050443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:39.589585066 CEST64050443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:39.589596987 CEST4436405035.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:39.592905045 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:39.597904921 CEST806404734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:39.599477053 CEST64051443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:39.599498987 CEST4436405135.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:39.599802971 CEST64052443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:39.599812031 CEST4436405235.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:39.600142002 CEST64051443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:39.600167036 CEST64052443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:39.600327969 CEST64051443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:39.600337982 CEST4436405135.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:39.600460052 CEST64052443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:39.600470066 CEST4436405235.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:39.687216997 CEST806404734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:39.689903021 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:39.695000887 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:39.737674952 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:39.784760952 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:39.830718994 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:40.055183887 CEST4436405235.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:40.055258989 CEST64052443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:40.056005001 CEST4436405135.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:40.056068897 CEST64051443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:40.058428049 CEST64052443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:40.058434963 CEST4436405235.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:40.058675051 CEST4436405235.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:40.060915947 CEST64051443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:40.060924053 CEST4436405135.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:40.061172009 CEST4436405135.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:40.063474894 CEST4436405035.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:40.065041065 CEST64052443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:40.065123081 CEST64052443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:40.065198898 CEST4436405235.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:40.066390038 CEST64051443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:40.066454887 CEST64051443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:40.066551924 CEST4436405135.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:40.071127892 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:40.076004982 CEST806404734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:40.076189995 CEST64052443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:40.076205015 CEST64051443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:40.076219082 CEST64050443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:40.079269886 CEST64050443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:40.079284906 CEST4436405035.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:40.079597950 CEST4436405035.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:40.088073015 CEST64050443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:40.088186026 CEST64050443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:40.088254929 CEST4436405035.244.181.201192.168.2.4
                                                                      Sep 6, 2024 04:29:40.088438988 CEST64050443192.168.2.435.244.181.201
                                                                      Sep 6, 2024 04:29:40.165177107 CEST806404734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:40.167314053 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:40.172360897 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:40.212291956 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:40.262439013 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:40.312581062 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:50.173363924 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:50.178783894 CEST806404734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:50.273340940 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:29:50.278239012 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:29:53.715274096 CEST49771443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:53.715295076 CEST44349771142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:53.715328932 CEST49773443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:53.715333939 CEST44349773142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:53.868947029 CEST49772443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:53.868957043 CEST44349772142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:54.643836975 CEST64054443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:54.643887997 CEST4436405440.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:54.644026995 CEST64054443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:54.644330978 CEST64054443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:54.644344091 CEST4436405440.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:55.429501057 CEST4436405440.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:55.429594040 CEST64054443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:55.433206081 CEST64054443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:55.433214903 CEST4436405440.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:55.433442116 CEST4436405440.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:55.441443920 CEST64054443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:55.488511086 CEST4436405440.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:55.757818937 CEST4436405440.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:55.757838964 CEST4436405440.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:55.757852077 CEST4436405440.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:55.758044958 CEST64054443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:55.758058071 CEST4436405440.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:55.758111954 CEST64054443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:55.759144068 CEST4436405440.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:55.759181976 CEST4436405440.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:55.759282112 CEST64054443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:55.759289980 CEST4436405440.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:55.759407997 CEST4436405440.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:55.761066914 CEST64054443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:55.763199091 CEST64054443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:55.763211012 CEST4436405440.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:55.763221979 CEST64054443192.168.2.440.127.169.103
                                                                      Sep 6, 2024 04:29:55.763226986 CEST4436405440.127.169.103192.168.2.4
                                                                      Sep 6, 2024 04:29:56.592932940 CEST64031443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:56.592953920 CEST44364031142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:56.693202972 CEST64030443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:56.693217993 CEST44364030142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:30:00.185787916 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:30:00.190618992 CEST806404734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:30:00.286231041 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:30:00.291026115 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:30:01.893579006 CEST49758443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:01.893610954 CEST44349758162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:01.893625021 CEST49759443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:01.893645048 CEST44349759162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.312984943 CEST49761443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:04.313004017 CEST44349761162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.313035965 CEST49760443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:04.313060045 CEST44349760162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.313065052 CEST49764443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:04.313070059 CEST44349764162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.313091040 CEST49763443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:04.313096046 CEST44349763162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.313122034 CEST49762443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:04.313126087 CEST44349762162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.313158035 CEST49765443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:04.313162088 CEST44349765162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.977051020 CEST64056443192.168.2.423.43.85.147
                                                                      Sep 6, 2024 04:30:04.977089882 CEST4436405623.43.85.147192.168.2.4
                                                                      Sep 6, 2024 04:30:04.977319002 CEST64056443192.168.2.423.43.85.147
                                                                      Sep 6, 2024 04:30:04.977507114 CEST64056443192.168.2.423.43.85.147
                                                                      Sep 6, 2024 04:30:04.977520943 CEST4436405623.43.85.147192.168.2.4
                                                                      Sep 6, 2024 04:30:05.437889099 CEST4436405623.43.85.147192.168.2.4
                                                                      Sep 6, 2024 04:30:05.438144922 CEST64056443192.168.2.423.43.85.147
                                                                      Sep 6, 2024 04:30:05.438163996 CEST4436405623.43.85.147192.168.2.4
                                                                      Sep 6, 2024 04:30:05.438452005 CEST4436405623.43.85.147192.168.2.4
                                                                      Sep 6, 2024 04:30:05.438739061 CEST64056443192.168.2.423.43.85.147
                                                                      Sep 6, 2024 04:30:05.438790083 CEST4436405623.43.85.147192.168.2.4
                                                                      Sep 6, 2024 04:30:05.438862085 CEST64056443192.168.2.423.43.85.147
                                                                      Sep 6, 2024 04:30:05.480505943 CEST4436405623.43.85.147192.168.2.4
                                                                      Sep 6, 2024 04:30:05.488675117 CEST64056443192.168.2.423.43.85.147
                                                                      Sep 6, 2024 04:30:05.575437069 CEST4436405623.43.85.147192.168.2.4
                                                                      Sep 6, 2024 04:30:05.575495005 CEST4436405623.43.85.147192.168.2.4
                                                                      Sep 6, 2024 04:30:05.575701952 CEST64056443192.168.2.423.43.85.147
                                                                      Sep 6, 2024 04:30:05.575716019 CEST4436405623.43.85.147192.168.2.4
                                                                      Sep 6, 2024 04:30:05.576277018 CEST64056443192.168.2.423.43.85.147
                                                                      Sep 6, 2024 04:30:05.576291084 CEST64056443192.168.2.423.43.85.147
                                                                      Sep 6, 2024 04:30:09.184094906 CEST64057443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.184133053 CEST4436405734.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.184353113 CEST64058443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.184360981 CEST4436405834.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.184509039 CEST64059443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.184540987 CEST4436405934.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.184616089 CEST64057443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.184639931 CEST64058443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.184649944 CEST64059443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.184796095 CEST64057443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.184808969 CEST4436405734.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.184933901 CEST64058443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.184942007 CEST4436405834.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.185026884 CEST64059443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.185040951 CEST4436405934.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.648950100 CEST4436405834.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.655453920 CEST64058443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.657593012 CEST4436405734.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.657672882 CEST64057443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.659184933 CEST64058443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.659198046 CEST4436405834.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.659444094 CEST4436405834.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.661921024 CEST64057443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.661926031 CEST4436405734.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.662182093 CEST4436405734.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.665369987 CEST64058443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.665518045 CEST4436405834.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.665714979 CEST64058443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.665723085 CEST4436405834.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.666294098 CEST64057443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.666313887 CEST64058443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.666373014 CEST64057443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.666429043 CEST4436405734.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.666568995 CEST64057443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.668600082 CEST4436405934.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.668659925 CEST64059443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.932619095 CEST64059443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.932636023 CEST4436405934.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.932848930 CEST4436405934.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.936033964 CEST64059443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.936115026 CEST64059443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.936175108 CEST4436405934.120.208.123192.168.2.4
                                                                      Sep 6, 2024 04:30:09.936261892 CEST64059443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.936276913 CEST64059443192.168.2.434.120.208.123
                                                                      Sep 6, 2024 04:30:09.940689087 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:30:09.945736885 CEST806404734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:30:10.035060883 CEST806404734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:30:10.053066015 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:30:10.057837963 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:30:10.094059944 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:30:10.348259926 CEST4972380192.168.2.4199.232.214.172
                                                                      Sep 6, 2024 04:30:10.348335028 CEST4972480192.168.2.4199.232.214.172
                                                                      Sep 6, 2024 04:30:10.655834913 CEST4972380192.168.2.4199.232.214.172
                                                                      Sep 6, 2024 04:30:10.655836105 CEST4972480192.168.2.4199.232.214.172
                                                                      Sep 6, 2024 04:30:11.171634912 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:30:11.172090054 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:30:11.172143936 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:30:11.172158957 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:30:11.172210932 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:30:11.172570944 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:30:11.172619104 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:30:11.173665047 CEST8049723199.232.214.172192.168.2.4
                                                                      Sep 6, 2024 04:30:11.173676014 CEST8049724199.232.214.172192.168.2.4
                                                                      Sep 6, 2024 04:30:11.173727989 CEST8049723199.232.214.172192.168.2.4
                                                                      Sep 6, 2024 04:30:11.173773050 CEST4972380192.168.2.4199.232.214.172
                                                                      Sep 6, 2024 04:30:11.174329042 CEST8049724199.232.214.172192.168.2.4
                                                                      Sep 6, 2024 04:30:11.174375057 CEST4972480192.168.2.4199.232.214.172
                                                                      Sep 6, 2024 04:30:20.062231064 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:30:20.067262888 CEST806404734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:30:21.186815023 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:30:21.310801029 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:30:30.069235086 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:30:30.074183941 CEST806404734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:30:31.319645882 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:30:31.324480057 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:30:38.718636036 CEST49771443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:30:38.718657970 CEST44349771142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:30:38.718689919 CEST49773443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:30:38.718697071 CEST44349773142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:30:38.875174999 CEST49772443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:30:38.875195026 CEST44349772142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:30:40.074071884 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:30:40.078995943 CEST806404734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:30:41.328587055 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:30:41.333643913 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:30:41.602263927 CEST64031443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:30:41.602282047 CEST44364031142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:30:41.702527046 CEST64030443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:30:41.702545881 CEST44364030142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:30:50.091520071 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:30:50.096364975 CEST806404734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:30:51.347214937 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:30:51.352119923 CEST806404834.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:31:00.106580019 CEST6404780192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:31:00.111484051 CEST806404734.107.221.82192.168.2.4
                                                                      Sep 6, 2024 04:31:01.356749058 CEST6404880192.168.2.434.107.221.82
                                                                      Sep 6, 2024 04:31:01.361526012 CEST806404834.107.221.82192.168.2.4

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Sep 6, 2024 04:29:02.393168926 CEST53523201.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:04.296601057 CEST5044053192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:04.297689915 CEST6248553192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:04.596182108 CEST6292153192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:04.596616983 CEST5793353192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:04.603163004 CEST53629211.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:04.603849888 CEST53579331.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:05.504674911 CEST53653661.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:05.750560999 CEST53533771.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:06.662662983 CEST5553753192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:06.662903070 CEST5354553192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:06.663228035 CEST5048653192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:06.663556099 CEST6060353192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:06.674096107 CEST53555371.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:06.675292015 CEST53535451.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:06.675987959 CEST53504861.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:06.676992893 CEST53606031.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:06.720736980 CEST5136953192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:06.721143961 CEST6276753192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:06.727274895 CEST53513691.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:06.727564096 CEST53627671.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:07.294977903 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.536966085 CEST59455443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.608309031 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.764226913 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.764241934 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.764251947 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.764326096 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.764338017 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.768590927 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.770504951 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.770605087 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.771028996 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.771141052 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.771229029 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.771440983 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.771441936 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.771528006 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.844433069 CEST59455443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.868155956 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.868185043 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.871655941 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.871670961 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.872025013 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.872212887 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.872457027 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.872821093 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.873402119 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.873656034 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.876957893 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.877516985 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.877701998 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.877824068 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.877928019 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.884018898 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:07.889983892 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.890122890 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.974843979 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.978310108 CEST44359455162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.978991985 CEST44359455162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.979060888 CEST44359455162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.979070902 CEST44359455162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.979458094 CEST59455443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.981654882 CEST59455443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.981760025 CEST59455443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.982214928 CEST59455443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.982323885 CEST59455443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.989245892 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.991198063 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:07.991415024 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:07.999742985 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.040994883 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.077373028 CEST44359455162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.077384949 CEST44359455162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.077393055 CEST44359455162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.077404022 CEST44359455162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.077413082 CEST44359455162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.077838898 CEST44359455162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.078099966 CEST59455443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.078205109 CEST59455443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.078634977 CEST44359455162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.079727888 CEST44359455162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.079941034 CEST59455443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.172399998 CEST44359455162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:08.198400974 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.199222088 CEST59455443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:08.354403019 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.354520082 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.355169058 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.361093044 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.361104965 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.361115932 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.363325119 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.364583015 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.364696026 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.365144014 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.365156889 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.374072075 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.374093056 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.676059961 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.676071882 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.676090002 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.676105976 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.676116943 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.676136017 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.676156998 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.676167011 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.676178932 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.676192045 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.676203012 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.676212072 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.676223993 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.676234961 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.676244974 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.676400900 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.676767111 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.676851988 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.677025080 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.677079916 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.677130938 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.677217007 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.677453995 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.677516937 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.677614927 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.683068037 CEST5657553192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:08.690390110 CEST53565751.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:08.696602106 CEST5856353192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:08.704309940 CEST53585631.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983206987 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983220100 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983253956 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983267069 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983283043 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983300924 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983320951 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983350992 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983438015 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983510971 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983521938 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983532906 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983681917 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983691931 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983701944 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983716011 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983747005 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983757019 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983767033 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983777046 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983788013 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983803034 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983813047 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983822107 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983833075 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983844042 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983860970 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.983871937 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984042883 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984052896 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984085083 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984105110 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984114885 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984123945 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984134912 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984158039 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984194994 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984205008 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984220982 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984241009 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984251022 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984272003 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984285116 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984294891 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984304905 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984314919 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984327078 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984380007 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984390974 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984400034 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984457016 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984467983 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984477043 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984496117 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984505892 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:08.984916925 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.985212088 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.985280037 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.985341072 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.985400915 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.985450029 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.985496044 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.985557079 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.985599995 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.985646009 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.985693932 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.985734940 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.985788107 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.985836029 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.985887051 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.985928059 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.985975981 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.986018896 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.986851931 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.986903906 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.986969948 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.987020016 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.987061977 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.987134933 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.987179041 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.987245083 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.987293959 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.987354994 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:08.987399101 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.083476067 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.086097002 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.087325096 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.088607073 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.094727039 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.094748974 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.097045898 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.098840952 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.098891020 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.104821920 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.104892969 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.108143091 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.108203888 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.111726046 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.111876011 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.116141081 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.116152048 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.119884014 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.120023966 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.120161057 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.120254993 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.120312929 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.120371103 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.120501995 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.123868942 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.124016047 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.124445915 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.128283024 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.128531933 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.128689051 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.133430004 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.133445024 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.133646011 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.136847973 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.137005091 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.137358904 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.141357899 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.141371965 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.141928911 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.144237041 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.144254923 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.149904013 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.149979115 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.155376911 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.155476093 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.159554958 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.159605980 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.162875891 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.162996054 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.163140059 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.169030905 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.169049025 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.169064999 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.169182062 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.172765970 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.172777891 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.176172972 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.176224947 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.180385113 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.180461884 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.181452990 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.185240984 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.185385942 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.189850092 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.189860106 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.192939997 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.193001032 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.197644949 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.197730064 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.203449011 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.203603029 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.204966068 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.208018064 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.208208084 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.210215092 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.210661888 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.213978052 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.213989019 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.217506886 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.217545986 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.221051931 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.221116066 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.221451044 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.225070953 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.225147963 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.229065895 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.229139090 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.235367060 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.235411882 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.237344980 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.237430096 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.242175102 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.242252111 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.243038893 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.245378017 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.245452881 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.249877930 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.249972105 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.253462076 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.253549099 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.256964922 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.257026911 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.261720896 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.261913061 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.262408972 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.265710115 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.265824080 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.270931959 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.271032095 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.273307085 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.273318052 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.277172089 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.277378082 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.280674934 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.280788898 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.281805038 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.288687944 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.288701057 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.292126894 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.292292118 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.293186903 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.293282032 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.297799110 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.297894001 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.301657915 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.301754951 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.303107023 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.304368973 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.304438114 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.308454037 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.308505058 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.308515072 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.308523893 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.310347080 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.310364008 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.310374975 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.335668087 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.338176966 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.364046097 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.365268946 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.393620014 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.395097017 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.398562908 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.398588896 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.441164970 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.441179037 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.441188097 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.441200018 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.441210985 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.441293001 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.441303015 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.442045927 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.463778973 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.463798046 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.464978933 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.467396975 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.468339920 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.468497038 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.494265079 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.494277000 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.494709969 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.495217085 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.495237112 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.497756958 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.497921944 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.502728939 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.503668070 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.530664921 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:09.530937910 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:09.566071987 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.566633940 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.598730087 CEST53609901.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:09.601252079 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.630376101 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:09.632652998 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:09.635037899 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:09.635309935 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:09.642792940 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:09.912290096 CEST6236453192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:09.935410976 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.935453892 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:09.939197063 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:09.939295053 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:10.017589092 CEST6376553192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:10.027089119 CEST53637651.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:10.038255930 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:10.038547993 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:10.038671970 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:10.040477991 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:10.041580915 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:10.041860104 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:10.042768002 CEST5530953192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:10.052170992 CEST53553091.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:10.053661108 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:10.053832054 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:10.102459908 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:10.181452036 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:10.196767092 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:10.197081089 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:10.378113985 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:10.378180981 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:10.481750965 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:10.481769085 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:10.482076883 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:10.493791103 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:10.519098043 CEST56532443192.168.2.4142.251.40.163
                                                                      Sep 6, 2024 04:29:10.575962067 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:10.576071024 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:10.606019020 CEST5617553192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:10.612772942 CEST53561751.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:10.619016886 CEST5174853192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:10.620255947 CEST4962053192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:10.620559931 CEST44356532142.251.40.163192.168.2.4
                                                                      Sep 6, 2024 04:29:10.631947041 CEST53517481.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:10.676182985 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:10.677611113 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:10.677675962 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:10.679742098 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:10.691101074 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.024676085 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.163820028 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.164319038 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.169778109 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.169903994 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.170377016 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.170521021 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.176016092 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.179874897 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.225996971 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.226115942 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.226253986 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.226457119 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.226594925 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.322216988 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.322408915 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.322418928 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.322665930 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.337276936 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.337734938 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.337743998 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.337753057 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.338393927 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.338453054 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.338520050 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.366746902 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:11.435273886 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:11.959563017 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:11.960283041 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:12.060703039 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:12.061532974 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:12.061804056 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:12.062700987 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:12.935203075 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:12.935604095 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:13.035317898 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:13.036736965 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:13.037775993 CEST44357568162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:29:13.037951946 CEST57568443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:29:19.417016983 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:19.417062044 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:19.513506889 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:19.547441006 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:19.551239014 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:19.551446915 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:19.551661015 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:19.578660965 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:19.672770023 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:21.939855099 CEST138138192.168.2.4192.168.2.255
                                                                      Sep 6, 2024 04:29:37.464822054 CEST6514753192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:37.466635942 CEST5862053192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:37.473371029 CEST53651471.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:37.475034952 CEST53586201.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:37.475425005 CEST5023253192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:37.476087093 CEST5191753192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:37.482443094 CEST53502321.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:37.483180046 CEST6310853192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:37.483336926 CEST53519171.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:37.491589069 CEST53631081.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:37.574651957 CEST5798153192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:37.584449053 CEST53579811.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:38.061057091 CEST6043153192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:38.068660021 CEST53604311.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:38.072010040 CEST5155453192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:38.079256058 CEST53515541.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:29:38.133320093 CEST5039753192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:29:40.378123999 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:40.477560997 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:40.496475935 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:40.496761084 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:40.589005947 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:40.589165926 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:40.589693069 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:40.618343115 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:29:40.618521929 CEST65236443192.168.2.4142.250.65.174
                                                                      Sep 6, 2024 04:29:40.710474014 CEST44365236142.250.65.174192.168.2.4
                                                                      Sep 6, 2024 04:30:04.314021111 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:04.314166069 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:04.314480066 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:04.314585924 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:04.677850962 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:04.763708115 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.764233112 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:04.775211096 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.775413036 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:04.776403904 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.776412964 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.776416063 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.776567936 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:04.776607990 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:04.859875917 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.871939898 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.872291088 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:04.973973989 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.974018097 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.974061966 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:04.976404905 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:05.420670033 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:05.420763016 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:05.517565012 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:05.517885923 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:05.518496037 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:05.518627882 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:05.519530058 CEST56718443192.168.2.423.44.201.16
                                                                      Sep 6, 2024 04:30:05.820899963 CEST56718443192.168.2.423.44.201.16
                                                                      Sep 6, 2024 04:30:05.963681936 CEST4435671823.44.201.16192.168.2.4
                                                                      Sep 6, 2024 04:30:05.964379072 CEST4435671823.44.201.16192.168.2.4
                                                                      Sep 6, 2024 04:30:05.964512110 CEST4435671823.44.201.16192.168.2.4
                                                                      Sep 6, 2024 04:30:05.964526892 CEST4435671823.44.201.16192.168.2.4
                                                                      Sep 6, 2024 04:30:05.964540005 CEST4435671823.44.201.16192.168.2.4
                                                                      Sep 6, 2024 04:30:05.964996099 CEST56718443192.168.2.423.44.201.16
                                                                      Sep 6, 2024 04:30:05.966969967 CEST56718443192.168.2.423.44.201.16
                                                                      Sep 6, 2024 04:30:05.967078924 CEST56718443192.168.2.423.44.201.16
                                                                      Sep 6, 2024 04:30:06.062129021 CEST4435671823.44.201.16192.168.2.4
                                                                      Sep 6, 2024 04:30:06.062141895 CEST4435671823.44.201.16192.168.2.4
                                                                      Sep 6, 2024 04:30:06.062254906 CEST4435671823.44.201.16192.168.2.4
                                                                      Sep 6, 2024 04:30:06.062268972 CEST4435671823.44.201.16192.168.2.4
                                                                      Sep 6, 2024 04:30:06.062401056 CEST56718443192.168.2.423.44.201.16
                                                                      Sep 6, 2024 04:30:06.062561989 CEST56718443192.168.2.423.44.201.16
                                                                      Sep 6, 2024 04:30:06.087321043 CEST4435671823.44.201.16192.168.2.4
                                                                      Sep 6, 2024 04:30:09.184566021 CEST6449453192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:30:09.191081047 CEST53644941.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:30:09.191682100 CEST6162453192.168.2.41.1.1.1
                                                                      Sep 6, 2024 04:30:09.198251963 CEST53616241.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:30:12.416397095 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:12.416523933 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:13.326641083 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:13.426985025 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:13.427036047 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:13.427478075 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:13.427504063 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:13.433962107 CEST53533361.1.1.1192.168.2.4
                                                                      Sep 6, 2024 04:30:13.508012056 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:13.509130955 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:13.509577036 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:13.509691954 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:13.523107052 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:13.523118019 CEST44359947162.159.61.3192.168.2.4
                                                                      Sep 6, 2024 04:30:13.523336887 CEST59947443192.168.2.4162.159.61.3
                                                                      Sep 6, 2024 04:30:26.061811924 CEST4435671823.44.201.16192.168.2.4
                                                                      Sep 6, 2024 04:30:26.105348110 CEST56718443192.168.2.423.44.201.16
                                                                      Sep 6, 2024 04:30:26.572873116 CEST4435671823.44.201.16192.168.2.4
                                                                      Sep 6, 2024 04:30:26.706636906 CEST56718443192.168.2.423.44.201.16
                                                                      Sep 6, 2024 04:30:26.723673105 CEST4435671823.44.201.16192.168.2.4
                                                                      Sep 6, 2024 04:30:26.723862886 CEST56718443192.168.2.423.44.201.16
                                                                      Sep 6, 2024 04:30:36.061327934 CEST4435671823.44.201.16192.168.2.4
                                                                      Sep 6, 2024 04:31:05.471843958 CEST60012443192.168.2.423.44.201.16
                                                                      Sep 6, 2024 04:31:05.922040939 CEST4436001223.44.201.16192.168.2.4
                                                                      Sep 6, 2024 04:31:05.922055960 CEST4436001223.44.201.16192.168.2.4
                                                                      Sep 6, 2024 04:31:06.220568895 CEST4436001223.44.201.16192.168.2.4

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                      Sep 6, 2024 04:29:04.296601057 CEST192.168.2.41.1.1.10x74b8Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:04.297689915 CEST192.168.2.41.1.1.10x26cfStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                      Sep 6, 2024 04:29:04.596182108 CEST192.168.2.41.1.1.10x287cStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:04.596616983 CEST192.168.2.41.1.1.10x8ceeStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.662662983 CEST192.168.2.41.1.1.10x1e92Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.662903070 CEST192.168.2.41.1.1.10x9fadStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.663228035 CEST192.168.2.41.1.1.10x1e7eStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.663556099 CEST192.168.2.41.1.1.10xd008Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.720736980 CEST192.168.2.41.1.1.10xf985Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.721143961 CEST192.168.2.41.1.1.10x60c2Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                      Sep 6, 2024 04:29:08.683068037 CEST192.168.2.41.1.1.10xf741Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:08.696602106 CEST192.168.2.41.1.1.10x670aStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                      Sep 6, 2024 04:29:09.912290096 CEST192.168.2.41.1.1.10xe3c8Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:10.017589092 CEST192.168.2.41.1.1.10xe18Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:10.042768002 CEST192.168.2.41.1.1.10xfc54Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                      Sep 6, 2024 04:29:10.606019020 CEST192.168.2.41.1.1.10x8c95Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:10.619016886 CEST192.168.2.41.1.1.10xd8c8Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:10.620255947 CEST192.168.2.41.1.1.10xf38Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:37.464822054 CEST192.168.2.41.1.1.10xc2ffStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:37.466635942 CEST192.168.2.41.1.1.10x2285Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:37.475425005 CEST192.168.2.41.1.1.10xd18aStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:37.476087093 CEST192.168.2.41.1.1.10x19b2Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                      Sep 6, 2024 04:29:37.483180046 CEST192.168.2.41.1.1.10xf261Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                      Sep 6, 2024 04:29:37.574651957 CEST192.168.2.41.1.1.10x9986Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:38.061057091 CEST192.168.2.41.1.1.10x762cStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:38.072010040 CEST192.168.2.41.1.1.10x18e8Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                      Sep 6, 2024 04:29:38.133320093 CEST192.168.2.41.1.1.10x9395Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:30:09.184566021 CEST192.168.2.41.1.1.10x6089Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:30:09.191682100 CEST192.168.2.41.1.1.10x22fbStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                      Sep 6, 2024 04:29:04.303318024 CEST1.1.1.1192.168.2.40x74b8No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:04.305565119 CEST1.1.1.1192.168.2.40x26cfNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:04.603163004 CEST1.1.1.1192.168.2.40x287cNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:04.603163004 CEST1.1.1.1192.168.2.40x287cNo error (0)googlehosted.l.googleusercontent.com142.250.181.225A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:04.603849888 CEST1.1.1.1192.168.2.40x8ceeNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.030375004 CEST1.1.1.1192.168.2.40xbc59No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.030375004 CEST1.1.1.1192.168.2.40xbc59No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.063096046 CEST1.1.1.1192.168.2.40xfa55No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.674096107 CEST1.1.1.1192.168.2.40x1e92No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.674096107 CEST1.1.1.1192.168.2.40x1e92No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.675292015 CEST1.1.1.1192.168.2.40x9fadNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.675987959 CEST1.1.1.1192.168.2.40x1e7eNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.675987959 CEST1.1.1.1192.168.2.40x1e7eNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.676992893 CEST1.1.1.1192.168.2.40xd008No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.727274895 CEST1.1.1.1192.168.2.40xf985No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.727274895 CEST1.1.1.1192.168.2.40xf985No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:06.727564096 CEST1.1.1.1192.168.2.40x60c2No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                      Sep 6, 2024 04:29:07.017205954 CEST1.1.1.1192.168.2.40x61bbNo error (0)shed.dual-low.s-part-0029.t-0009.t-msedge.nets-part-0029.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:07.017205954 CEST1.1.1.1192.168.2.40x61bbNo error (0)s-part-0029.t-0009.t-msedge.net13.107.246.57A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:07.040390015 CEST1.1.1.1192.168.2.40x93a7No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:07.040390015 CEST1.1.1.1192.168.2.40x93a7No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:07.080949068 CEST1.1.1.1192.168.2.40x7ac7No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:08.679117918 CEST1.1.1.1192.168.2.40x7ef2No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:08.690390110 CEST1.1.1.1192.168.2.40xf741No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:09.919533968 CEST1.1.1.1192.168.2.40xe3c8No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:09.919533968 CEST1.1.1.1192.168.2.40xe3c8No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:10.027089119 CEST1.1.1.1192.168.2.40xe18No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:10.052170992 CEST1.1.1.1192.168.2.40xfc54No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                      Sep 6, 2024 04:29:10.080976009 CEST1.1.1.1192.168.2.40x1No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:10.080976009 CEST1.1.1.1192.168.2.40x1No error (0)sni1gl.wpc.nucdn.net152.195.19.97A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:10.612772942 CEST1.1.1.1192.168.2.40x8c95No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:10.631947041 CEST1.1.1.1192.168.2.40xd8c8No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:10.631947041 CEST1.1.1.1192.168.2.40xd8c8No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:10.631958008 CEST1.1.1.1192.168.2.40xf38No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:10.631958008 CEST1.1.1.1192.168.2.40xf38No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:37.463407040 CEST1.1.1.1192.168.2.40x29f2No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:37.463407040 CEST1.1.1.1192.168.2.40x29f2No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:37.473371029 CEST1.1.1.1192.168.2.40xc2ffNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:37.473371029 CEST1.1.1.1192.168.2.40xc2ffNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:37.475034952 CEST1.1.1.1192.168.2.40x2285No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:37.482443094 CEST1.1.1.1192.168.2.40xd18aNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:37.584449053 CEST1.1.1.1192.168.2.40x9986No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:37.584449053 CEST1.1.1.1192.168.2.40x9986No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:37.584449053 CEST1.1.1.1192.168.2.40x9986No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:37.584449053 CEST1.1.1.1192.168.2.40x9986No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:38.068660021 CEST1.1.1.1192.168.2.40x762cNo error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:38.068660021 CEST1.1.1.1192.168.2.40x762cNo error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:38.068660021 CEST1.1.1.1192.168.2.40x762cNo error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:38.068660021 CEST1.1.1.1192.168.2.40x762cNo error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:38.140516043 CEST1.1.1.1192.168.2.40x9395No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:38.140516043 CEST1.1.1.1192.168.2.40x9395No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:39.598031044 CEST1.1.1.1192.168.2.40xf661No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:39.598031044 CEST1.1.1.1192.168.2.40xf661No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:40.099490881 CEST1.1.1.1192.168.2.40x3925No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:29:40.099490881 CEST1.1.1.1192.168.2.40x3925No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                      Sep 6, 2024 04:30:09.183048964 CEST1.1.1.1192.168.2.40xb999No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                      Sep 6, 2024 04:30:09.191081047 CEST1.1.1.1192.168.2.40x6089No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false

                                                                      HTTP Request Dependency Graph

                                                                      • clients2.googleusercontent.com
                                                                      • chrome.cloudflare-dns.com
                                                                      • edgeassetservice.azureedge.net
                                                                      • arc.msn.com
                                                                      • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                      • https:
                                                                        • www.google.com
                                                                      • fs.microsoft.com
                                                                      • www.googleapis.com
                                                                      • slscr.update.microsoft.com
                                                                      • detectportal.firefox.com

                                                                      HTTP Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      0192.168.2.46402534.107.221.82807944C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Sep 6, 2024 04:29:10.119533062 CEST303OUTGET /canonical.html HTTP/1.1
                                                                      Host: detectportal.firefox.com
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                      Accept: */*
                                                                      Accept-Language: en-US,en;q=0.5
                                                                      Accept-Encoding: gzip, deflate
                                                                      Cache-Control: no-cache
                                                                      Pragma: no-cache
                                                                      Connection: keep-alive
                                                                      Sep 6, 2024 04:29:10.588234901 CEST298INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Content-Length: 90
                                                                      Via: 1.1 google
                                                                      Date: Thu, 05 Sep 2024 09:12:43 GMT
                                                                      Age: 62187
                                                                      Content-Type: text/html
                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                      Sep 6, 2024 04:29:20.598289967 CEST6OUTData Raw: 00
                                                                      Data Ascii:
                                                                      Sep 6, 2024 04:29:30.605909109 CEST6OUTData Raw: 00
                                                                      Data Ascii:


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      1192.168.2.46402734.107.221.82807944C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Sep 6, 2024 04:29:10.641316891 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                      Host: detectportal.firefox.com
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                      Accept: */*
                                                                      Accept-Language: en-US,en;q=0.5
                                                                      Accept-Encoding: gzip, deflate
                                                                      Connection: keep-alive
                                                                      Pragma: no-cache
                                                                      Cache-Control: no-cache
                                                                      Sep 6, 2024 04:29:11.118792057 CEST216INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Content-Length: 8
                                                                      Via: 1.1 google
                                                                      Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                      Age: 65026
                                                                      Content-Type: text/plain
                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                      Data Ascii: success
                                                                      Sep 6, 2024 04:29:21.130970001 CEST6OUTData Raw: 00
                                                                      Data Ascii:
                                                                      Sep 6, 2024 04:29:31.138587952 CEST6OUTData Raw: 00
                                                                      Data Ascii:


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      2192.168.2.46404734.107.221.82807944C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Sep 6, 2024 04:29:38.146255970 CEST303OUTGET /canonical.html HTTP/1.1
                                                                      Host: detectportal.firefox.com
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                      Accept: */*
                                                                      Accept-Language: en-US,en;q=0.5
                                                                      Accept-Encoding: gzip, deflate
                                                                      Cache-Control: no-cache
                                                                      Pragma: no-cache
                                                                      Connection: keep-alive
                                                                      Sep 6, 2024 04:29:38.593826056 CEST298INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Content-Length: 90
                                                                      Via: 1.1 google
                                                                      Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                      Age: 73344
                                                                      Content-Type: text/html
                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                      Sep 6, 2024 04:29:39.592905045 CEST303OUTGET /canonical.html HTTP/1.1
                                                                      Host: detectportal.firefox.com
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                      Accept: */*
                                                                      Accept-Language: en-US,en;q=0.5
                                                                      Accept-Encoding: gzip, deflate
                                                                      Cache-Control: no-cache
                                                                      Pragma: no-cache
                                                                      Connection: keep-alive
                                                                      Sep 6, 2024 04:29:39.687216997 CEST298INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Content-Length: 90
                                                                      Via: 1.1 google
                                                                      Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                      Age: 73345
                                                                      Content-Type: text/html
                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                      Sep 6, 2024 04:29:40.071127892 CEST303OUTGET /canonical.html HTTP/1.1
                                                                      Host: detectportal.firefox.com
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                      Accept: */*
                                                                      Accept-Language: en-US,en;q=0.5
                                                                      Accept-Encoding: gzip, deflate
                                                                      Cache-Control: no-cache
                                                                      Pragma: no-cache
                                                                      Connection: keep-alive
                                                                      Sep 6, 2024 04:29:40.165177107 CEST298INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Content-Length: 90
                                                                      Via: 1.1 google
                                                                      Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                      Age: 73346
                                                                      Content-Type: text/html
                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                      Sep 6, 2024 04:29:50.173363924 CEST6OUTData Raw: 00
                                                                      Data Ascii:
                                                                      Sep 6, 2024 04:30:00.185787916 CEST6OUTData Raw: 00
                                                                      Data Ascii:
                                                                      Sep 6, 2024 04:30:09.940689087 CEST303OUTGET /canonical.html HTTP/1.1
                                                                      Host: detectportal.firefox.com
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                      Accept: */*
                                                                      Accept-Language: en-US,en;q=0.5
                                                                      Accept-Encoding: gzip, deflate
                                                                      Cache-Control: no-cache
                                                                      Pragma: no-cache
                                                                      Connection: keep-alive
                                                                      Sep 6, 2024 04:30:10.035060883 CEST298INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Content-Length: 90
                                                                      Via: 1.1 google
                                                                      Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                      Age: 73375
                                                                      Content-Type: text/html
                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                      Sep 6, 2024 04:30:20.062231064 CEST6OUTData Raw: 00
                                                                      Data Ascii:
                                                                      Sep 6, 2024 04:30:30.069235086 CEST6OUTData Raw: 00
                                                                      Data Ascii:
                                                                      Sep 6, 2024 04:30:40.074071884 CEST6OUTData Raw: 00
                                                                      Data Ascii:
                                                                      Sep 6, 2024 04:30:50.091520071 CEST6OUTData Raw: 00
                                                                      Data Ascii:
                                                                      Sep 6, 2024 04:31:00.106580019 CEST6OUTData Raw: 00
                                                                      Data Ascii:


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      3192.168.2.46404834.107.221.82807944C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Sep 6, 2024 04:29:38.604568005 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                      Host: detectportal.firefox.com
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                      Accept: */*
                                                                      Accept-Language: en-US,en;q=0.5
                                                                      Accept-Encoding: gzip, deflate
                                                                      Connection: keep-alive
                                                                      Pragma: no-cache
                                                                      Cache-Control: no-cache
                                                                      Sep 6, 2024 04:29:39.050201893 CEST215INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Content-Length: 8
                                                                      Via: 1.1 google
                                                                      Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                      Content-Type: text/plain
                                                                      Age: 9864
                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                      Data Ascii: success
                                                                      Sep 6, 2024 04:29:39.689903021 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                      Host: detectportal.firefox.com
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                      Accept: */*
                                                                      Accept-Language: en-US,en;q=0.5
                                                                      Accept-Encoding: gzip, deflate
                                                                      Connection: keep-alive
                                                                      Pragma: no-cache
                                                                      Cache-Control: no-cache
                                                                      Sep 6, 2024 04:29:39.784760952 CEST215INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Content-Length: 8
                                                                      Via: 1.1 google
                                                                      Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                      Content-Type: text/plain
                                                                      Age: 9864
                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                      Data Ascii: success
                                                                      Sep 6, 2024 04:29:40.167314053 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                      Host: detectportal.firefox.com
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                      Accept: */*
                                                                      Accept-Language: en-US,en;q=0.5
                                                                      Accept-Encoding: gzip, deflate
                                                                      Connection: keep-alive
                                                                      Pragma: no-cache
                                                                      Cache-Control: no-cache
                                                                      Sep 6, 2024 04:29:40.262439013 CEST215INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Content-Length: 8
                                                                      Via: 1.1 google
                                                                      Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                      Content-Type: text/plain
                                                                      Age: 9865
                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                      Data Ascii: success
                                                                      Sep 6, 2024 04:29:50.273340940 CEST6OUTData Raw: 00
                                                                      Data Ascii:
                                                                      Sep 6, 2024 04:30:00.286231041 CEST6OUTData Raw: 00
                                                                      Data Ascii:
                                                                      Sep 6, 2024 04:30:10.053066015 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                      Host: detectportal.firefox.com
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                      Accept: */*
                                                                      Accept-Language: en-US,en;q=0.5
                                                                      Accept-Encoding: gzip, deflate
                                                                      Connection: keep-alive
                                                                      Pragma: no-cache
                                                                      Cache-Control: no-cache
                                                                      Sep 6, 2024 04:30:11.171634912 CEST215INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Content-Length: 8
                                                                      Via: 1.1 google
                                                                      Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                      Content-Type: text/plain
                                                                      Age: 9895
                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                      Data Ascii: success
                                                                      Sep 6, 2024 04:30:11.172090054 CEST215INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Content-Length: 8
                                                                      Via: 1.1 google
                                                                      Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                      Content-Type: text/plain
                                                                      Age: 9895
                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                      Data Ascii: success
                                                                      Sep 6, 2024 04:30:11.172158957 CEST215INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Content-Length: 8
                                                                      Via: 1.1 google
                                                                      Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                      Content-Type: text/plain
                                                                      Age: 9895
                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                      Data Ascii: success
                                                                      Sep 6, 2024 04:30:11.172570944 CEST215INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Content-Length: 8
                                                                      Via: 1.1 google
                                                                      Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                      Content-Type: text/plain
                                                                      Age: 9895
                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                      Data Ascii: success
                                                                      Sep 6, 2024 04:30:21.186815023 CEST6OUTData Raw: 00
                                                                      Data Ascii:
                                                                      Sep 6, 2024 04:30:31.319645882 CEST6OUTData Raw: 00
                                                                      Data Ascii:
                                                                      Sep 6, 2024 04:30:41.328587055 CEST6OUTData Raw: 00
                                                                      Data Ascii:
                                                                      Sep 6, 2024 04:30:51.347214937 CEST6OUTData Raw: 00
                                                                      Data Ascii:
                                                                      Sep 6, 2024 04:31:01.356749058 CEST6OUTData Raw: 00
                                                                      Data Ascii:


                                                                      HTTPS Proxied Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      0192.168.2.449742142.250.181.225443980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:05 UTC594OUTGET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                                      Host: clients2.googleusercontent.com
                                                                      Connection: keep-alive
                                                                      Sec-Fetch-Site: none
                                                                      Sec-Fetch-Mode: no-cors
                                                                      Sec-Fetch-Dest: empty
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                      2024-09-06 02:29:05 UTC566INHTTP/1.1 200 OK
                                                                      Accept-Ranges: bytes
                                                                      Content-Length: 135751
                                                                      X-GUploader-UploadID: AD-8ljt_O5XMJoPXlP6Q8KGWegLxpoAv8Lc1GNJdQ3ftIxlOhGAnKSjCUCnfhK-XxvEt00jIhvM
                                                                      X-Goog-Hash: crc32c=IDdmTg==
                                                                      Server: UploadServer
                                                                      Date: Thu, 05 Sep 2024 19:26:09 GMT
                                                                      Expires: Fri, 05 Sep 2025 19:26:09 GMT
                                                                      Cache-Control: public, max-age=31536000
                                                                      Age: 25376
                                                                      Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                                      ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                                      Content-Type: application/x-chrome-extension
                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                      Connection: close
                                                                      2024-09-06 02:29:05 UTC824INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                      Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                      2024-09-06 02:29:05 UTC1390INData Raw: cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87
                                                                      Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>J:9
                                                                      2024-09-06 02:29:05 UTC1390INData Raw: fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35
                                                                      Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewWe5
                                                                      2024-09-06 02:29:05 UTC1390INData Raw: a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c
                                                                      Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](|
                                                                      2024-09-06 02:29:05 UTC1390INData Raw: f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe
                                                                      Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
                                                                      2024-09-06 02:29:05 UTC1390INData Raw: ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99
                                                                      Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,p
                                                                      2024-09-06 02:29:05 UTC1390INData Raw: 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50
                                                                      Data Ascii: 4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$MmDhP
                                                                      2024-09-06 02:29:05 UTC1390INData Raw: 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0
                                                                      Data Ascii: nh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u,2
                                                                      2024-09-06 02:29:05 UTC1390INData Raw: 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23
                                                                      Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
                                                                      2024-09-06 02:29:05 UTC1390INData Raw: 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f
                                                                      Data Ascii: ^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      1192.168.2.449751162.159.61.3443980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:07 UTC245OUTPOST /dns-query HTTP/1.1
                                                                      Host: chrome.cloudflare-dns.com
                                                                      Connection: keep-alive
                                                                      Content-Length: 128
                                                                      Accept: application/dns-message
                                                                      Accept-Language: *
                                                                      User-Agent: Chrome
                                                                      Accept-Encoding: identity
                                                                      Content-Type: application/dns-message
                                                                      2024-09-06 02:29:07 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                      Data Ascii: wwwgstaticcom)TP
                                                                      2024-09-06 02:29:07 UTC247INHTTP/1.1 200 OK
                                                                      Server: cloudflare
                                                                      Date: Fri, 06 Sep 2024 02:29:07 GMT
                                                                      Content-Type: application/dns-message
                                                                      Connection: close
                                                                      Access-Control-Allow-Origin: *
                                                                      Content-Length: 468
                                                                      CF-RAY: 8beb07901c977cf6-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      2024-09-06 02:29:07 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 24 00 04 8e fb 28 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                      Data Ascii: wwwgstaticcom$()


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      2192.168.2.449752162.159.61.3443980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:07 UTC245OUTPOST /dns-query HTTP/1.1
                                                                      Host: chrome.cloudflare-dns.com
                                                                      Connection: keep-alive
                                                                      Content-Length: 128
                                                                      Accept: application/dns-message
                                                                      Accept-Language: *
                                                                      User-Agent: Chrome
                                                                      Accept-Encoding: identity
                                                                      Content-Type: application/dns-message
                                                                      2024-09-06 02:29:07 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                      Data Ascii: wwwgstaticcom)TP
                                                                      2024-09-06 02:29:07 UTC247INHTTP/1.1 200 OK
                                                                      Server: cloudflare
                                                                      Date: Fri, 06 Sep 2024 02:29:07 GMT
                                                                      Content-Type: application/dns-message
                                                                      Connection: close
                                                                      Access-Control-Allow-Origin: *
                                                                      Content-Length: 468
                                                                      CF-RAY: 8beb07901d668ce6-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      2024-09-06 02:29:07 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 24 00 04 8e fb 28 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                      Data Ascii: wwwgstaticcom$()


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      3192.168.2.449753162.159.61.3443980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:07 UTC245OUTPOST /dns-query HTTP/1.1
                                                                      Host: chrome.cloudflare-dns.com
                                                                      Connection: keep-alive
                                                                      Content-Length: 128
                                                                      Accept: application/dns-message
                                                                      Accept-Language: *
                                                                      User-Agent: Chrome
                                                                      Accept-Encoding: identity
                                                                      Content-Type: application/dns-message
                                                                      2024-09-06 02:29:07 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                      Data Ascii: wwwgstaticcom)TP
                                                                      2024-09-06 02:29:07 UTC247INHTTP/1.1 200 OK
                                                                      Server: cloudflare
                                                                      Date: Fri, 06 Sep 2024 02:29:07 GMT
                                                                      Content-Type: application/dns-message
                                                                      Connection: close
                                                                      Access-Control-Allow-Origin: *
                                                                      Content-Length: 468
                                                                      CF-RAY: 8beb07908cdd439d-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      2024-09-06 02:29:07 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1d 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                      Data Ascii: wwwgstaticcomA)


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      4192.168.2.44975413.107.246.57443980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:07 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                                      Host: edgeassetservice.azureedge.net
                                                                      Connection: keep-alive
                                                                      Edge-Asset-Group: EntityExtractionDomainsConfig
                                                                      Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                                      Sec-Mesh-Client-Edge-Channel: stable
                                                                      Sec-Mesh-Client-OS: Windows
                                                                      Sec-Mesh-Client-OS-Version: 10.0.19045
                                                                      Sec-Mesh-Client-Arch: x86_64
                                                                      Sec-Mesh-Client-WebView: 0
                                                                      Sec-Fetch-Site: none
                                                                      Sec-Fetch-Mode: no-cors
                                                                      Sec-Fetch-Dest: empty
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                      2024-09-06 02:29:07 UTC583INHTTP/1.1 200 OK
                                                                      Date: Fri, 06 Sep 2024 02:29:07 GMT
                                                                      Content-Type: application/octet-stream
                                                                      Content-Length: 70207
                                                                      Connection: close
                                                                      Content-Encoding: gzip
                                                                      Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                                                      ETag: 0x8DCB31E67C22927
                                                                      x-ms-request-id: ed2d6e16-301e-006f-0748-ffc0d3000000
                                                                      x-ms-version: 2009-09-19
                                                                      x-ms-lease-status: unlocked
                                                                      x-ms-blob-type: BlockBlob
                                                                      x-azure-ref: 20240906T022907Z-165795675762h26c6ze2t4q7600000000d9000000000hk1k
                                                                      Cache-Control: public, max-age=604800
                                                                      x-fd-int-roxy-purgeid: 69316365
                                                                      X-Cache: TCP_HIT
                                                                      X-Cache-Info: L1_T2
                                                                      Accept-Ranges: bytes
                                                                      2024-09-06 02:29:07 UTC15801INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                                      Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                                      2024-09-06 02:29:07 UTC16384INData Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31
                                                                      Data Ascii: JEq*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
                                                                      2024-09-06 02:29:07 UTC16384INData Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63
                                                                      Data Ascii: /M5?Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|c
                                                                      2024-09-06 02:29:07 UTC16384INData Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81
                                                                      Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
                                                                      2024-09-06 02:29:07 UTC5254INData Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83
                                                                      Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      5192.168.2.44976813.107.246.40443980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:08 UTC486OUTGET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1
                                                                      Host: edgeassetservice.azureedge.net
                                                                      Connection: keep-alive
                                                                      Edge-Asset-Group: ArbitrationService
                                                                      Sec-Fetch-Site: none
                                                                      Sec-Fetch-Mode: no-cors
                                                                      Sec-Fetch-Dest: empty
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                      2024-09-06 02:29:08 UTC552INHTTP/1.1 200 OK
                                                                      Date: Fri, 06 Sep 2024 02:29:08 GMT
                                                                      Content-Type: application/octet-stream
                                                                      Content-Length: 11989
                                                                      Connection: close
                                                                      Last-Modified: Wed, 04 Sep 2024 17:17:44 GMT
                                                                      ETag: 0x8DCCD057D8088C1
                                                                      x-ms-request-id: f7ce689d-701e-002c-4072-ffea3a000000
                                                                      x-ms-version: 2009-09-19
                                                                      x-ms-lease-status: unlocked
                                                                      x-ms-blob-type: BlockBlob
                                                                      x-azure-ref: 20240906T022908Z-16579567576l8zffr7mt4xy2un0000000cwg00000000fewc
                                                                      Cache-Control: public, max-age=604800
                                                                      x-fd-int-roxy-purgeid: 0
                                                                      X-Cache-Info: L1_T2
                                                                      X-Cache: TCP_HIT
                                                                      Accept-Ranges: bytes
                                                                      2024-09-06 02:29:08 UTC11989INData Raw: 7b 0d 0a 20 20 22 63 6f 6e 66 69 67 56 65 72 73 69 6f 6e 22 3a 20 33 32 2c 0d 0a 20 20 22 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 73 22 3a 20 5b 0d 0a 20 20 20 20 22 53 68 6f 72 65 6c 69 6e 65 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 49 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 43 4f 55 50 4f 4e 53 5f 43 48 45 43 4b 4f 55 54 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 4c 4f 57 45 52 5f 50 52 49 43 45 5f 46 4f 55 4e 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 42 49 4e 47 5f 53 45 41 52 43 48 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 52 45 42 41 54 45
                                                                      Data Ascii: { "configVersion": 32, "PrivilegedExperiences": [ "ShorelinePrivilegedExperienceID", "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT", "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND", "SHOPPING_AUTO_SHOW_BING_SEARCH", "SHOPPING_AUTO_SHOW_REBATE


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      6192.168.2.44976723.96.180.189443980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:08 UTC616OUTGET /v4/api/selection?placement=88000360&nct=1&fmt=json&ADEFAB=1&OPSYS=WIN10&locale=en-GB&country=CH&edgeid=8684241135348538038&ACHANNEL=4&ABUILD=117.0.5938.132&poptin=0&devosver=10.0.19045.2006&clr=esdk&UITHEME=light&EPCON=0&AMAJOR=117&AMINOR=0&ABLD=5938&APATCH=132 HTTP/1.1
                                                                      Host: arc.msn.com
                                                                      Connection: keep-alive
                                                                      Sec-Fetch-Site: none
                                                                      Sec-Fetch-Mode: no-cors
                                                                      Sec-Fetch-Dest: empty
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                      2024-09-06 02:29:08 UTC633INHTTP/1.1 200 OK
                                                                      Cache-Control: max-age=86400, private
                                                                      Content-Length: 2061
                                                                      Content-Type: application/json; charset=utf-8
                                                                      Expires: Mon, 01 Jan 0001 00:00:00 GMT
                                                                      Server: Microsoft-IIS/10.0
                                                                      ARC-RSP-DBG: [{"X-RADID":"P425775005-T700421790-C128000000003081749"},{"BATCH_REDIRECT_STORE":"B128000000003081749+P0+S0"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}]
                                                                      Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version
                                                                      X-AspNet-Version: 4.0.30319
                                                                      X-Powered-By: ASP.NET
                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                      Date: Fri, 06 Sep 2024 02:29:08 GMT
                                                                      Connection: close
                                                                      2024-09-06 02:29:08 UTC2061INData Raw: 7b 22 66 22 3a 22 72 61 66 22 2c 22 76 22 3a 22 31 2e 30 22 2c 22 72 64 72 22 3a 5b 7b 22 63 22 3a 22 41 6e 61 68 65 69 6d 20 50 61 73 73 77 6f 72 64 20 4d 6f 6e 69 74 6f 72 22 2c 22 75 22 3a 22 43 6f 6e 73 65 6e 74 20 53 61 76 65 20 50 61 73 73 77 6f 72 64 22 7d 5d 2c 22 61 64 22 3a 7b 22 54 49 54 4c 45 5f 53 41 56 45 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 55 50 44 41 54 45 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 53 41 56 45 44 5f 50 41 53 53 57 4f 52 44 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 4e 4f 5f 53 41 56 45 44 5f 50 41 53 53 57 4f 52 44 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64
                                                                      Data Ascii: {"f":"raf","v":"1.0","rdr":[{"c":"Anaheim Password Monitor","u":"Consent Save Password"}],"ad":{"TITLE_SAVE":"Save your password","TITLE_UPDATE":"Save your password","TITLE_SAVED_PASSWORD":"Save your password","TITLE_NO_SAVED_PASSWORD":"Save your password


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      7192.168.2.44977013.107.246.40443980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:08 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                                      Host: edgeassetservice.azureedge.net
                                                                      Connection: keep-alive
                                                                      Edge-Asset-Group: Shoreline
                                                                      Sec-Fetch-Site: none
                                                                      Sec-Fetch-Mode: no-cors
                                                                      Sec-Fetch-Dest: empty
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                      2024-09-06 02:29:09 UTC577INHTTP/1.1 200 OK
                                                                      Date: Fri, 06 Sep 2024 02:29:09 GMT
                                                                      Content-Type: application/octet-stream
                                                                      Content-Length: 306698
                                                                      Connection: close
                                                                      Content-Encoding: gzip
                                                                      Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                                      ETag: 0x8DBC9B5C40EBFF4
                                                                      x-ms-request-id: a05cbbc2-a01e-0025-3785-fef0b4000000
                                                                      x-ms-version: 2009-09-19
                                                                      x-ms-lease-status: unlocked
                                                                      x-ms-blob-type: BlockBlob
                                                                      x-azure-ref: 20240906T022909Z-16579567576pg4fvvmc18u0v4g0000000d9000000000hqqd
                                                                      Cache-Control: public, max-age=604800
                                                                      x-fd-int-roxy-purgeid: 0
                                                                      X-Cache-Info: L1_T2
                                                                      X-Cache: TCP_HIT
                                                                      Accept-Ranges: bytes
                                                                      2024-09-06 02:29:09 UTC15807INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                                      Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                                      2024-09-06 02:29:09 UTC16384INData Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c
                                                                      Data Ascii: u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp
                                                                      2024-09-06 02:29:09 UTC16384INData Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d
                                                                      Data Ascii: ,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-
                                                                      2024-09-06 02:29:09 UTC16384INData Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80
                                                                      Data Ascii: *B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqP
                                                                      2024-09-06 02:29:09 UTC16384INData Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e
                                                                      Data Ascii: kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.V
                                                                      2024-09-06 02:29:09 UTC16384INData Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7
                                                                      Data Ascii: {M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
                                                                      2024-09-06 02:29:09 UTC16384INData Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1
                                                                      Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
                                                                      2024-09-06 02:29:09 UTC16384INData Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03
                                                                      Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                                                                      2024-09-06 02:29:09 UTC16384INData Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40
                                                                      Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@
                                                                      2024-09-06 02:29:09 UTC16384INData Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6
                                                                      Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      8192.168.2.464023142.250.65.174443980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:10 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                      Host: play.google.com
                                                                      Connection: keep-alive
                                                                      Accept: */*
                                                                      Access-Control-Request-Method: POST
                                                                      Access-Control-Request-Headers: x-goog-authuser
                                                                      Origin: https://accounts.google.com
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                      Sec-Fetch-Mode: cors
                                                                      Sec-Fetch-Site: same-site
                                                                      Sec-Fetch-Dest: empty
                                                                      Referer: https://accounts.google.com/
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                      2024-09-06 02:29:10 UTC520INHTTP/1.1 200 OK
                                                                      Access-Control-Allow-Origin: https://accounts.google.com
                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                      Access-Control-Max-Age: 86400
                                                                      Access-Control-Allow-Credentials: true
                                                                      Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                      Content-Type: text/plain; charset=UTF-8
                                                                      Date: Fri, 06 Sep 2024 02:29:10 GMT
                                                                      Server: Playlog
                                                                      Content-Length: 0
                                                                      X-XSS-Protection: 0
                                                                      X-Frame-Options: SAMEORIGIN
                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                      Connection: close


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      9192.168.2.464024142.250.65.174443980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:10 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                      Host: play.google.com
                                                                      Connection: keep-alive
                                                                      Accept: */*
                                                                      Access-Control-Request-Method: POST
                                                                      Access-Control-Request-Headers: x-goog-authuser
                                                                      Origin: https://accounts.google.com
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                      Sec-Fetch-Mode: cors
                                                                      Sec-Fetch-Site: same-site
                                                                      Sec-Fetch-Dest: empty
                                                                      Referer: https://accounts.google.com/
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                      2024-09-06 02:29:10 UTC520INHTTP/1.1 200 OK
                                                                      Access-Control-Allow-Origin: https://accounts.google.com
                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                      Access-Control-Max-Age: 86400
                                                                      Access-Control-Allow-Credentials: true
                                                                      Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                      Content-Type: text/plain; charset=UTF-8
                                                                      Date: Fri, 06 Sep 2024 02:29:10 GMT
                                                                      Server: Playlog
                                                                      Content-Length: 0
                                                                      X-XSS-Protection: 0
                                                                      X-Frame-Options: SAMEORIGIN
                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                      Connection: close


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      10192.168.2.464026152.195.19.97443980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:10 UTC618OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726194545&P2=404&P3=2&P4=ivlTTU8PJHcO%2bYUXZdv9L2b%2bcXx377nank8KX5knyJZ%2bbXDAq0tO4gj9zf4x2xw4MoxU1wef1XjsggZSzUWgzQ%3d%3d HTTP/1.1
                                                                      Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                      Connection: keep-alive
                                                                      MS-CV: hTbIEGYFFur6PbAV4JOVir
                                                                      Sec-Fetch-Site: none
                                                                      Sec-Fetch-Mode: no-cors
                                                                      Sec-Fetch-Dest: empty
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                      2024-09-06 02:29:10 UTC632INHTTP/1.1 200 OK
                                                                      Accept-Ranges: bytes
                                                                      Age: 5516281
                                                                      Cache-Control: public, max-age=17280000
                                                                      Content-Type: application/x-chrome-extension
                                                                      Date: Fri, 06 Sep 2024 02:29:10 GMT
                                                                      Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                                      Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                                      MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                                      MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                                      MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                                      Server: ECAcc (nyd/D11E)
                                                                      X-AspNet-Version: 4.0.30319
                                                                      X-AspNetMvc-Version: 5.3
                                                                      X-Cache: HIT
                                                                      X-CCC: US
                                                                      X-CID: 11
                                                                      X-Powered-By: ASP.NET
                                                                      X-Powered-By: ARR/3.0
                                                                      X-Powered-By: ASP.NET
                                                                      Content-Length: 11185
                                                                      Connection: close
                                                                      2024-09-06 02:29:10 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                                      Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      11192.168.2.464028142.250.80.68443980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:11 UTC899OUTGET /favicon.ico HTTP/1.1
                                                                      Host: www.google.com
                                                                      Connection: keep-alive
                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                      sec-ch-ua-mobile: ?0
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                      sec-ch-ua-arch: "x86"
                                                                      sec-ch-ua-full-version: "117.0.2045.47"
                                                                      sec-ch-ua-platform-version: "10.0.0"
                                                                      sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                                      sec-ch-ua-bitness: "64"
                                                                      sec-ch-ua-model: ""
                                                                      sec-ch-ua-wow64: ?0
                                                                      sec-ch-ua-platform: "Windows"
                                                                      Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                      Sec-Fetch-Site: same-site
                                                                      Sec-Fetch-Mode: no-cors
                                                                      Sec-Fetch-Dest: image
                                                                      Referer: https://accounts.google.com/
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                      2024-09-06 02:29:11 UTC704INHTTP/1.1 200 OK
                                                                      Accept-Ranges: bytes
                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                      Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                      Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                      Content-Length: 5430
                                                                      X-Content-Type-Options: nosniff
                                                                      Server: sffe
                                                                      X-XSS-Protection: 0
                                                                      Date: Fri, 06 Sep 2024 02:18:15 GMT
                                                                      Expires: Sat, 14 Sep 2024 02:18:15 GMT
                                                                      Cache-Control: public, max-age=691200
                                                                      Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                      Content-Type: image/x-icon
                                                                      Vary: Accept-Encoding
                                                                      Age: 656
                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                      Connection: close
                                                                      2024-09-06 02:29:11 UTC686INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                                      Data Ascii: h& ( 0.v]X:X:rY
                                                                      2024-09-06 02:29:11 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb
                                                                      Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                                      2024-09-06 02:29:11 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc
                                                                      Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                                      2024-09-06 02:29:11 UTC1390INData Raw: f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                      Data Ascii: BBBBBBF!4I
                                                                      2024-09-06 02:29:11 UTC574INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                      Data Ascii: $'


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      12192.168.2.464029184.28.90.27443
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:11 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      User-Agent: Microsoft BITS/7.8
                                                                      Host: fs.microsoft.com
                                                                      2024-09-06 02:29:11 UTC466INHTTP/1.1 200 OK
                                                                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                      Content-Type: application/octet-stream
                                                                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                      Server: ECAcc (lpl/EF67)
                                                                      X-CID: 11
                                                                      X-Ms-ApiVersion: Distribute 1.2
                                                                      X-Ms-Region: prod-weu-z1
                                                                      Cache-Control: public, max-age=51389
                                                                      Date: Fri, 06 Sep 2024 02:29:11 GMT
                                                                      Connection: close
                                                                      X-CID: 2


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      13192.168.2.464032184.28.90.27443
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:12 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                      Range: bytes=0-2147483646
                                                                      User-Agent: Microsoft BITS/7.8
                                                                      Host: fs.microsoft.com
                                                                      2024-09-06 02:29:12 UTC514INHTTP/1.1 200 OK
                                                                      ApiVersion: Distribute 1.1
                                                                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                      Content-Type: application/octet-stream
                                                                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                      Server: ECAcc (lpl/EF06)
                                                                      X-CID: 11
                                                                      X-Ms-ApiVersion: Distribute 1.2
                                                                      X-Ms-Region: prod-weu-z1
                                                                      Cache-Control: public, max-age=51442
                                                                      Date: Fri, 06 Sep 2024 02:29:12 GMT
                                                                      Content-Length: 55
                                                                      Connection: close
                                                                      X-CID: 2
                                                                      2024-09-06 02:29:12 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      14192.168.2.464035142.251.40.234443980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:13 UTC448OUTPOST /chromewebstore/v1.1/items/verify HTTP/1.1
                                                                      Host: www.googleapis.com
                                                                      Connection: keep-alive
                                                                      Content-Length: 119
                                                                      Content-Type: application/json
                                                                      Sec-Fetch-Site: none
                                                                      Sec-Fetch-Mode: no-cors
                                                                      Sec-Fetch-Dest: empty
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                      2024-09-06 02:29:13 UTC119OUTData Raw: 7b 22 68 61 73 68 22 3a 22 49 35 6b 61 61 70 6b 30 4c 67 52 6c 64 36 6e 62 6b 62 44 34 51 78 54 38 71 32 6e 4b 6e 6a 30 4f 56 61 61 68 49 6e 57 52 70 4a 77 3d 22 2c 22 69 64 73 22 3a 5b 22 67 68 62 6d 6e 6e 6a 6f 6f 65 6b 70 6d 6f 65 63 6e 6e 6e 69 6c 6e 6e 62 64 6c 6f 6c 68 6b 68 69 22 5d 2c 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 31 7d
                                                                      Data Ascii: {"hash":"I5kaapk0LgRld6nbkbD4QxT8q2nKnj0OVaahInWRpJw=","ids":["ghbmnnjooekpmoecnnnilnnbdlolhkhi"],"protocol_version":1}
                                                                      2024-09-06 02:29:13 UTC341INHTTP/1.1 200 OK
                                                                      Content-Type: application/json; charset=UTF-8
                                                                      Vary: Origin
                                                                      Vary: X-Origin
                                                                      Vary: Referer
                                                                      Date: Fri, 06 Sep 2024 02:29:13 GMT
                                                                      Server: ESF
                                                                      Content-Length: 483
                                                                      X-XSS-Protection: 0
                                                                      X-Frame-Options: SAMEORIGIN
                                                                      X-Content-Type-Options: nosniff
                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                      Connection: close
                                                                      2024-09-06 02:29:13 UTC483INData Raw: 7b 0a 20 20 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 20 31 2c 0a 20 20 22 73 69 67 6e 61 74 75 72 65 22 3a 20 22 56 58 6d 6e 56 74 4a 4e 4a 35 59 47 63 61 56 6f 32 51 4f 34 75 72 65 72 44 4b 6a 4e 45 4b 46 63 76 4c 6b 65 47 34 57 35 33 6b 6e 51 36 76 62 34 72 67 74 48 6a 4e 62 61 65 35 31 54 64 48 70 39 7a 37 52 39 71 7a 61 36 2b 42 4d 59 4c 35 36 54 35 61 70 56 4a 5a 67 73 5a 6c 69 45 76 56 5a 55 48 4e 78 4b 62 79 39 67 4a 43 46 50 52 75 44 44 37 4e 64 69 64 51 42 6e 50 2b 5a 59 39 69 49 43 4d 77 65 49 66 79 38 73 35 75 46 6b 51 7a 33 2b 6e 73 6b 36 68 4d 4f 62 74 63 31 61 38 46 43 6a 79 33 66 64 52 72 5a 45 56 63 6b 38 43 72 32 4d 36 41 69 52 2f 4f 4f 63 4e 56 2f 47 7a 44 30 67 77 2b 4a 69 68 46 74 43 67 51 6d 77 70 72 46 77 6a 6e 43 6c
                                                                      Data Ascii: { "protocol_version": 1, "signature": "VXmnVtJNJ5YGcaVo2QO4urerDKjNEKFcvLkeG4W53knQ6vb4rgtHjNbae51TdHp9z7R9qza6+BMYL56T5apVJZgsZliEvVZUHNxKby9gJCFPRuDD7NdidQBnP+ZY9iICMweIfy8s5uFkQz3+nsk6hMObtc1a8FCjy3fdRrZEVck8Cr2M6AiR/OOcNV/GzD0gw+JihFtCgQmwprFwjnCl


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      15192.168.2.46403640.127.169.103443
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:17 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8SeTfecz+acdClL&MD=oBV8zNce HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Accept: */*
                                                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                      Host: slscr.update.microsoft.com
                                                                      2024-09-06 02:29:17 UTC560INHTTP/1.1 200 OK
                                                                      Cache-Control: no-cache
                                                                      Pragma: no-cache
                                                                      Content-Type: application/octet-stream
                                                                      Expires: -1
                                                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                      MS-CorrelationId: 6761b624-830a-4c27-b119-0510164cb5ce
                                                                      MS-RequestId: 30e9bc7f-cf6e-419f-9cbd-8087759547e3
                                                                      MS-CV: FuBGjR/OZkGrweUW.0
                                                                      X-Microsoft-SLSClientCache: 2880
                                                                      Content-Disposition: attachment; filename=environment.cab
                                                                      X-Content-Type-Options: nosniff
                                                                      Date: Fri, 06 Sep 2024 02:29:16 GMT
                                                                      Connection: close
                                                                      Content-Length: 24490
                                                                      2024-09-06 02:29:17 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                      2024-09-06 02:29:17 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      16192.168.2.46405440.127.169.103443
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:29:55 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8SeTfecz+acdClL&MD=oBV8zNce HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Accept: */*
                                                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                      Host: slscr.update.microsoft.com
                                                                      2024-09-06 02:29:55 UTC560INHTTP/1.1 200 OK
                                                                      Cache-Control: no-cache
                                                                      Pragma: no-cache
                                                                      Content-Type: application/octet-stream
                                                                      Expires: -1
                                                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                      ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                      MS-CorrelationId: 88d403bd-6f87-4079-8441-4c4b83f857b8
                                                                      MS-RequestId: 8ac48efb-0e71-466d-abda-75edee02bf97
                                                                      MS-CV: 9VzuVnq6QEqcs7Sp.0
                                                                      X-Microsoft-SLSClientCache: 1440
                                                                      Content-Disposition: attachment; filename=environment.cab
                                                                      X-Content-Type-Options: nosniff
                                                                      Date: Fri, 06 Sep 2024 02:29:54 GMT
                                                                      Connection: close
                                                                      Content-Length: 30005
                                                                      2024-09-06 02:29:55 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                      Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                      2024-09-06 02:29:55 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                      Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      17192.168.2.46405623.43.85.147443980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-06 02:30:05 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                                      Host: bzib.nelreports.net
                                                                      Connection: keep-alive
                                                                      Origin: https://business.bing.com
                                                                      Access-Control-Request-Method: POST
                                                                      Access-Control-Request-Headers: content-type
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                      2024-09-06 02:30:05 UTC331INHTTP/1.1 429 Too Many Requests
                                                                      Content-Length: 0
                                                                      Date: Fri, 06 Sep 2024 02:30:05 GMT
                                                                      Connection: close
                                                                      PMUSER_FORMAT_QS:
                                                                      X-CDN-TraceId: 0.d398d817.1725589805.db626e7
                                                                      Access-Control-Allow-Credentials: false
                                                                      Access-Control-Allow-Methods: *
                                                                      Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                      Access-Control-Allow-Origin: *


                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:22:28:57
                                                                      Start date:05/09/2024
                                                                      Path:C:\Users\user\Desktop\file.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user\Desktop\file.exe"
                                                                      Imagebase:0x890000
                                                                      File size:917'504 bytes
                                                                      MD5 hash:CF73057EBAA15BFAD9EB26C58673A09F
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:1
                                                                      Start time:22:28:57
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                      Imagebase:0x7ff67dcd0000
                                                                      File size:4'210'216 bytes
                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:2
                                                                      Start time:22:28:57
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                      Imagebase:0x7ff6bf500000
                                                                      File size:676'768 bytes
                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:3
                                                                      Start time:22:28:58
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                                      Imagebase:0x7ff6bf500000
                                                                      File size:676'768 bytes
                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:5
                                                                      Start time:22:28:58
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                      Imagebase:0x7ff6bf500000
                                                                      File size:676'768 bytes
                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:6
                                                                      Start time:22:28:58
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                      Imagebase:0x7ff67dcd0000
                                                                      File size:4'210'216 bytes
                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:7
                                                                      Start time:22:28:58
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2160,i,12230124346350487686,4586289073362470680,262144 /prefetch:3
                                                                      Imagebase:0x7ff67dcd0000
                                                                      File size:4'210'216 bytes
                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:8
                                                                      Start time:22:29:00
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2612 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:3
                                                                      Imagebase:0x7ff67dcd0000
                                                                      File size:4'210'216 bytes
                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:10
                                                                      Start time:22:29:04
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6460 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8
                                                                      Imagebase:0x7ff67dcd0000
                                                                      File size:4'210'216 bytes
                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:11
                                                                      Start time:22:29:04
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6660 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8
                                                                      Imagebase:0x7ff67dcd0000
                                                                      File size:4'210'216 bytes
                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:12
                                                                      Start time:22:29:04
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2272 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2208 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60045bef-c6b5-4b83-a1d5-475441a028f4} 7944 "\\.\pipe\gecko-crash-server-pipe.7944" 13c7826b310 socket
                                                                      Imagebase:0x7ff6bf500000
                                                                      File size:676'768 bytes
                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:14
                                                                      Start time:22:29:06
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7236 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8
                                                                      Imagebase:0x7ff768a60000
                                                                      File size:1'255'976 bytes
                                                                      MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:15
                                                                      Start time:22:29:06
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7236 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8
                                                                      Imagebase:0x7ff768a60000
                                                                      File size:1'255'976 bytes
                                                                      MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:16
                                                                      Start time:22:29:08
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4136 -parentBuildID 20230927232528 -prefsHandle 4144 -prefMapHandle 4140 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fc346fd-9362-40ab-a4e2-817e26eddda9} 7944 "\\.\pipe\gecko-crash-server-pipe.7944" 13c0a450f10 rdd
                                                                      Imagebase:0x7ff6bf500000
                                                                      File size:676'768 bytes
                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:18
                                                                      Start time:22:29:17
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                      Imagebase:0x7ff67dcd0000
                                                                      File size:4'210'216 bytes
                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:19
                                                                      Start time:22:29:17
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2024,i,1286031549067182449,3591622684880589910,262144 /prefetch:3
                                                                      Imagebase:0x7ff67dcd0000
                                                                      File size:4'210'216 bytes
                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:22
                                                                      Start time:22:29:25
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                      Imagebase:0x7ff67dcd0000
                                                                      File size:4'210'216 bytes
                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:23
                                                                      Start time:22:29:25
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2020,i,4537570677945774766,5280682517865062505,262144 /prefetch:3
                                                                      Imagebase:0x7ff67dcd0000
                                                                      File size:4'210'216 bytes
                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:24
                                                                      Start time:22:29:59
                                                                      Start date:05/09/2024
                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6456 --field-trial-handle=2468,i,7130470849918700907,4548319949972494757,262144 /prefetch:8
                                                                      Imagebase:0x7ff67dcd0000
                                                                      File size:4'210'216 bytes
                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:false

                                                                      Disassembly

                                                                      Reset < >

                                                                        Execution Graph

                                                                        Execution Coverage:1.9%
                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                        Signature Coverage:4.7%
                                                                        Total number of Nodes:1406
                                                                        Total number of Limit Nodes:37
                                                                        execution_graph 95690 891cad SystemParametersInfoW 95691 8d2ba5 95692 8d2baf 95691->95692 95693 892b25 95691->95693 95737 893a5a 95692->95737 95719 892b83 7 API calls 95693->95719 95697 8d2bb8 95744 899cb3 95697->95744 95700 892b2f 95706 892b44 95700->95706 95723 893837 95700->95723 95701 8d2bc6 95702 8d2bce 95701->95702 95703 8d2bf5 95701->95703 95750 8933c6 95702->95750 95704 8933c6 22 API calls 95703->95704 95708 8d2bf1 GetForegroundWindow ShellExecuteW 95704->95708 95710 892b5f 95706->95710 95733 8930f2 95706->95733 95715 8d2c26 95708->95715 95717 892b66 SetCurrentDirectoryW 95710->95717 95714 8d2be7 95716 8933c6 22 API calls 95714->95716 95715->95710 95716->95708 95718 892b7a 95717->95718 95760 892cd4 7 API calls 95719->95760 95721 892b2a 95722 892c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95721->95722 95722->95700 95724 893862 ___scrt_fastfail 95723->95724 95761 894212 95724->95761 95728 8d3386 Shell_NotifyIconW 95729 893906 Shell_NotifyIconW 95765 893923 95729->95765 95730 8938e8 95730->95728 95730->95729 95732 89391c 95732->95706 95734 893154 95733->95734 95735 893104 ___scrt_fastfail 95733->95735 95734->95710 95736 893123 Shell_NotifyIconW 95735->95736 95736->95734 95854 8d1f50 95737->95854 95740 899cb3 22 API calls 95741 893a8d 95740->95741 95856 893aa2 95741->95856 95743 893a97 95743->95697 95745 899cc2 _wcslen 95744->95745 95746 8afe0b 22 API calls 95745->95746 95747 899cea __fread_nolock 95746->95747 95748 8afddb 22 API calls 95747->95748 95749 899d00 95748->95749 95749->95701 95751 8933dd 95750->95751 95752 8d30bb 95750->95752 95876 8933ee 95751->95876 95754 8afddb 22 API calls 95752->95754 95756 8d30c5 _wcslen 95754->95756 95755 8933e8 95759 896350 22 API calls 95755->95759 95757 8afe0b 22 API calls 95756->95757 95758 8d30fe __fread_nolock 95757->95758 95759->95714 95760->95721 95762 8d35a4 95761->95762 95763 8938b7 95761->95763 95762->95763 95764 8d35ad DestroyIcon 95762->95764 95763->95730 95787 8fc874 42 API calls _strftime 95763->95787 95764->95763 95766 89393f 95765->95766 95784 893a13 95765->95784 95788 896270 95766->95788 95769 89395a 95793 896b57 95769->95793 95770 8d3393 LoadStringW 95772 8d33ad 95770->95772 95780 893994 ___scrt_fastfail 95772->95780 95806 89a8c7 22 API calls __fread_nolock 95772->95806 95773 89396f 95774 8d33c9 95773->95774 95775 89397c 95773->95775 95807 896350 22 API calls 95774->95807 95775->95772 95777 893986 95775->95777 95805 896350 22 API calls 95777->95805 95783 8939f9 Shell_NotifyIconW 95780->95783 95781 8d33d7 95781->95780 95782 8933c6 22 API calls 95781->95782 95785 8d33f9 95782->95785 95783->95784 95784->95732 95786 8933c6 22 API calls 95785->95786 95786->95780 95787->95730 95808 8afe0b 95788->95808 95790 896295 95818 8afddb 95790->95818 95792 89394d 95792->95769 95792->95770 95794 8d4ba1 95793->95794 95795 896b67 _wcslen 95793->95795 95844 8993b2 95794->95844 95798 896b7d 95795->95798 95799 896ba2 95795->95799 95797 8d4baa 95797->95797 95843 896f34 22 API calls 95798->95843 95801 8afddb 22 API calls 95799->95801 95802 896bae 95801->95802 95804 8afe0b 22 API calls 95802->95804 95803 896b85 __fread_nolock 95803->95773 95804->95803 95805->95780 95806->95780 95807->95781 95811 8afddb 95808->95811 95810 8afdfa 95810->95790 95811->95810 95813 8afdfc 95811->95813 95828 8bea0c 95811->95828 95835 8b4ead 7 API calls 2 library calls 95811->95835 95814 8b066d 95813->95814 95836 8b32a4 RaiseException 95813->95836 95837 8b32a4 RaiseException 95814->95837 95816 8b068a 95816->95790 95821 8afde0 95818->95821 95819 8bea0c ___std_exception_copy 21 API calls 95819->95821 95820 8afdfa 95820->95792 95821->95819 95821->95820 95823 8afdfc 95821->95823 95840 8b4ead 7 API calls 2 library calls 95821->95840 95824 8b066d 95823->95824 95841 8b32a4 RaiseException 95823->95841 95842 8b32a4 RaiseException 95824->95842 95826 8b068a 95826->95792 95833 8c3820 __dosmaperr 95828->95833 95829 8c385e 95839 8bf2d9 20 API calls __dosmaperr 95829->95839 95831 8c3849 RtlAllocateHeap 95832 8c385c 95831->95832 95831->95833 95832->95811 95833->95829 95833->95831 95838 8b4ead 7 API calls 2 library calls 95833->95838 95835->95811 95836->95814 95837->95816 95838->95833 95839->95832 95840->95821 95841->95824 95842->95826 95843->95803 95845 8993c0 95844->95845 95846 8993c9 __fread_nolock 95844->95846 95845->95846 95848 89aec9 95845->95848 95846->95797 95846->95846 95849 89aed9 __fread_nolock 95848->95849 95850 89aedc 95848->95850 95849->95846 95851 8afddb 22 API calls 95850->95851 95852 89aee7 95851->95852 95853 8afe0b 22 API calls 95852->95853 95853->95849 95855 893a67 GetModuleFileNameW 95854->95855 95855->95740 95857 8d1f50 __wsopen_s 95856->95857 95858 893aaf GetFullPathNameW 95857->95858 95859 893ae9 95858->95859 95860 893ace 95858->95860 95870 89a6c3 95859->95870 95861 896b57 22 API calls 95860->95861 95863 893ada 95861->95863 95866 8937a0 95863->95866 95867 8937ae 95866->95867 95868 8993b2 22 API calls 95867->95868 95869 8937c2 95868->95869 95869->95743 95871 89a6dd 95870->95871 95875 89a6d0 95870->95875 95872 8afddb 22 API calls 95871->95872 95873 89a6e7 95872->95873 95874 8afe0b 22 API calls 95873->95874 95874->95875 95875->95863 95877 8933fe _wcslen 95876->95877 95878 8d311d 95877->95878 95879 893411 95877->95879 95881 8afddb 22 API calls 95878->95881 95886 89a587 95879->95886 95882 8d3127 95881->95882 95884 8afe0b 22 API calls 95882->95884 95883 89341e __fread_nolock 95883->95755 95885 8d3157 __fread_nolock 95884->95885 95887 89a59d 95886->95887 95890 89a598 __fread_nolock 95886->95890 95888 8afe0b 22 API calls 95887->95888 95889 8df80f 95887->95889 95888->95890 95890->95883 95891 892de3 95892 892df0 __wsopen_s 95891->95892 95893 892e09 95892->95893 95894 8d2c2b ___scrt_fastfail 95892->95894 95895 893aa2 23 API calls 95893->95895 95896 8d2c47 GetOpenFileNameW 95894->95896 95897 892e12 95895->95897 95898 8d2c96 95896->95898 95907 892da5 95897->95907 95900 896b57 22 API calls 95898->95900 95902 8d2cab 95900->95902 95902->95902 95904 892e27 95925 8944a8 95904->95925 95908 8d1f50 __wsopen_s 95907->95908 95909 892db2 GetLongPathNameW 95908->95909 95910 896b57 22 API calls 95909->95910 95911 892dda 95910->95911 95912 893598 95911->95912 95954 89a961 95912->95954 95915 893aa2 23 API calls 95916 8935b5 95915->95916 95917 8935c0 95916->95917 95921 8d32eb 95916->95921 95959 89515f 95917->95959 95922 8d330d 95921->95922 95971 8ace60 41 API calls 95921->95971 95924 8935df 95924->95904 95972 894ecb 95925->95972 95928 8d3833 95994 902cf9 95928->95994 95930 894ecb 94 API calls 95932 8944e1 95930->95932 95931 8d3848 95933 8d384c 95931->95933 95934 8d3869 95931->95934 95932->95928 95935 8944e9 95932->95935 96021 894f39 95933->96021 95937 8afe0b 22 API calls 95934->95937 95938 8d3854 95935->95938 95939 8944f5 95935->95939 95947 8d38ae 95937->95947 96027 8fda5a 82 API calls 95938->96027 96020 89940c 136 API calls 2 library calls 95939->96020 95942 892e31 95943 8d3862 95943->95934 95944 894f39 68 API calls 95945 8d3a5f 95944->95945 95945->95944 96033 8f989b 82 API calls __wsopen_s 95945->96033 95947->95945 95951 899cb3 22 API calls 95947->95951 96028 8f967e 22 API calls __fread_nolock 95947->96028 96029 8f95ad 42 API calls _wcslen 95947->96029 96030 900b5a 22 API calls 95947->96030 96031 89a4a1 22 API calls __fread_nolock 95947->96031 96032 893ff7 22 API calls 95947->96032 95951->95947 95955 8afe0b 22 API calls 95954->95955 95956 89a976 95955->95956 95957 8afddb 22 API calls 95956->95957 95958 8935aa 95957->95958 95958->95915 95960 89516e 95959->95960 95964 89518f __fread_nolock 95959->95964 95962 8afe0b 22 API calls 95960->95962 95961 8afddb 22 API calls 95963 8935cc 95961->95963 95962->95964 95965 8935f3 95963->95965 95964->95961 95966 893605 95965->95966 95970 893624 __fread_nolock 95965->95970 95968 8afe0b 22 API calls 95966->95968 95967 8afddb 22 API calls 95969 89363b 95967->95969 95968->95970 95969->95924 95970->95967 95971->95921 96034 894e90 LoadLibraryA 95972->96034 95977 8d3ccf 95980 894f39 68 API calls 95977->95980 95978 894ef6 LoadLibraryExW 96042 894e59 LoadLibraryA 95978->96042 95981 8d3cd6 95980->95981 95983 894e59 3 API calls 95981->95983 95987 8d3cde 95983->95987 95985 894f20 95986 894f2c 95985->95986 95985->95987 95989 894f39 68 API calls 95986->95989 96064 8950f5 95987->96064 95991 8944cd 95989->95991 95991->95928 95991->95930 95993 8d3d05 95995 902d15 95994->95995 95996 89511f 64 API calls 95995->95996 95997 902d29 95996->95997 96214 902e66 95997->96214 96000 8950f5 40 API calls 96001 902d56 96000->96001 96002 8950f5 40 API calls 96001->96002 96003 902d66 96002->96003 96004 8950f5 40 API calls 96003->96004 96005 902d81 96004->96005 96006 8950f5 40 API calls 96005->96006 96007 902d9c 96006->96007 96008 89511f 64 API calls 96007->96008 96009 902db3 96008->96009 96010 8bea0c ___std_exception_copy 21 API calls 96009->96010 96011 902dba 96010->96011 96012 8bea0c ___std_exception_copy 21 API calls 96011->96012 96013 902dc4 96012->96013 96014 8950f5 40 API calls 96013->96014 96015 902dd8 96014->96015 96016 9028fe 27 API calls 96015->96016 96018 902dee 96016->96018 96017 902d3f 96017->95931 96018->96017 96220 9022ce 79 API calls 96018->96220 96020->95942 96022 894f43 96021->96022 96024 894f4a 96021->96024 96221 8be678 96022->96221 96025 894f59 96024->96025 96026 894f6a FreeLibrary 96024->96026 96025->95938 96026->96025 96027->95943 96028->95947 96029->95947 96030->95947 96031->95947 96032->95947 96033->95945 96035 894ea8 GetProcAddress 96034->96035 96036 894ec6 96034->96036 96037 894eb8 96035->96037 96039 8be5eb 96036->96039 96037->96036 96038 894ebf FreeLibrary 96037->96038 96038->96036 96072 8be52a 96039->96072 96041 894eea 96041->95977 96041->95978 96043 894e8d 96042->96043 96044 894e6e GetProcAddress 96042->96044 96047 894f80 96043->96047 96045 894e7e 96044->96045 96045->96043 96046 894e86 FreeLibrary 96045->96046 96046->96043 96048 8afe0b 22 API calls 96047->96048 96049 894f95 96048->96049 96140 895722 96049->96140 96051 894fa1 __fread_nolock 96052 8d3d1d 96051->96052 96053 8950a5 96051->96053 96060 894fdc 96051->96060 96154 90304d 74 API calls 96052->96154 96143 8942a2 CreateStreamOnHGlobal 96053->96143 96056 8d3d22 96058 89511f 64 API calls 96056->96058 96057 8950f5 40 API calls 96057->96060 96059 8d3d45 96058->96059 96061 8950f5 40 API calls 96059->96061 96060->96056 96060->96057 96062 89506e ISource 96060->96062 96149 89511f 96060->96149 96061->96062 96062->95985 96065 895107 96064->96065 96068 8d3d70 96064->96068 96176 8be8c4 96065->96176 96069 9028fe 96197 90274e 96069->96197 96071 902919 96071->95993 96074 8be536 ___scrt_is_nonwritable_in_current_image 96072->96074 96073 8be544 96097 8bf2d9 20 API calls __dosmaperr 96073->96097 96074->96073 96076 8be574 96074->96076 96079 8be579 96076->96079 96080 8be586 96076->96080 96077 8be549 96098 8c27ec 26 API calls _abort 96077->96098 96099 8bf2d9 20 API calls __dosmaperr 96079->96099 96089 8c8061 96080->96089 96083 8be58f 96084 8be5a2 96083->96084 96085 8be595 96083->96085 96101 8be5d4 LeaveCriticalSection __fread_nolock 96084->96101 96100 8bf2d9 20 API calls __dosmaperr 96085->96100 96086 8be554 __fread_nolock 96086->96041 96090 8c806d ___scrt_is_nonwritable_in_current_image 96089->96090 96102 8c2f5e EnterCriticalSection 96090->96102 96092 8c807b 96103 8c80fb 96092->96103 96096 8c80ac __fread_nolock 96096->96083 96097->96077 96098->96086 96099->96086 96100->96086 96101->96086 96102->96092 96109 8c811e 96103->96109 96104 8c8177 96121 8c4c7d 96104->96121 96109->96104 96112 8c8088 96109->96112 96119 8b918d EnterCriticalSection 96109->96119 96120 8b91a1 LeaveCriticalSection 96109->96120 96110 8c8189 96110->96112 96134 8c3405 11 API calls 2 library calls 96110->96134 96116 8c80b7 96112->96116 96113 8c81a8 96135 8b918d EnterCriticalSection 96113->96135 96139 8c2fa6 LeaveCriticalSection 96116->96139 96118 8c80be 96118->96096 96119->96109 96120->96109 96126 8c4c8a __dosmaperr 96121->96126 96122 8c4cca 96137 8bf2d9 20 API calls __dosmaperr 96122->96137 96123 8c4cb5 RtlAllocateHeap 96124 8c4cc8 96123->96124 96123->96126 96128 8c29c8 96124->96128 96126->96122 96126->96123 96136 8b4ead 7 API calls 2 library calls 96126->96136 96129 8c29fc __dosmaperr 96128->96129 96130 8c29d3 RtlFreeHeap 96128->96130 96129->96110 96130->96129 96131 8c29e8 96130->96131 96138 8bf2d9 20 API calls __dosmaperr 96131->96138 96133 8c29ee GetLastError 96133->96129 96134->96113 96135->96112 96136->96126 96137->96124 96138->96133 96139->96118 96141 8afddb 22 API calls 96140->96141 96142 895734 96141->96142 96142->96051 96144 8942bc FindResourceExW 96143->96144 96148 8942d9 96143->96148 96145 8d35ba LoadResource 96144->96145 96144->96148 96146 8d35cf SizeofResource 96145->96146 96145->96148 96147 8d35e3 LockResource 96146->96147 96146->96148 96147->96148 96148->96060 96150 89512e 96149->96150 96153 8d3d90 96149->96153 96155 8bece3 96150->96155 96154->96056 96158 8beaaa 96155->96158 96157 89513c 96157->96060 96162 8beab6 ___scrt_is_nonwritable_in_current_image 96158->96162 96159 8beac2 96171 8bf2d9 20 API calls __dosmaperr 96159->96171 96161 8beae8 96173 8b918d EnterCriticalSection 96161->96173 96162->96159 96162->96161 96164 8beac7 96172 8c27ec 26 API calls _abort 96164->96172 96165 8beaf4 96174 8bec0a 62 API calls 2 library calls 96165->96174 96168 8beb08 96175 8beb27 LeaveCriticalSection __fread_nolock 96168->96175 96170 8bead2 __fread_nolock 96170->96157 96171->96164 96172->96170 96173->96165 96174->96168 96175->96170 96179 8be8e1 96176->96179 96178 895118 96178->96069 96180 8be8ed ___scrt_is_nonwritable_in_current_image 96179->96180 96181 8be925 __fread_nolock 96180->96181 96182 8be92d 96180->96182 96183 8be900 ___scrt_fastfail 96180->96183 96181->96178 96194 8b918d EnterCriticalSection 96182->96194 96192 8bf2d9 20 API calls __dosmaperr 96183->96192 96186 8be937 96195 8be6f8 38 API calls 4 library calls 96186->96195 96187 8be91a 96193 8c27ec 26 API calls _abort 96187->96193 96190 8be94e 96196 8be96c LeaveCriticalSection __fread_nolock 96190->96196 96192->96187 96193->96181 96194->96186 96195->96190 96196->96181 96200 8be4e8 96197->96200 96199 90275d 96199->96071 96203 8be469 96200->96203 96202 8be505 96202->96199 96204 8be478 96203->96204 96205 8be48c 96203->96205 96211 8bf2d9 20 API calls __dosmaperr 96204->96211 96210 8be488 __alldvrm 96205->96210 96213 8c333f 11 API calls 2 library calls 96205->96213 96208 8be47d 96212 8c27ec 26 API calls _abort 96208->96212 96210->96202 96211->96208 96212->96210 96213->96210 96219 902e7a 96214->96219 96215 8950f5 40 API calls 96215->96219 96216 902d3b 96216->96000 96216->96017 96217 9028fe 27 API calls 96217->96219 96218 89511f 64 API calls 96218->96219 96219->96215 96219->96216 96219->96217 96219->96218 96220->96017 96222 8be684 ___scrt_is_nonwritable_in_current_image 96221->96222 96223 8be6aa 96222->96223 96224 8be695 96222->96224 96233 8be6a5 __fread_nolock 96223->96233 96236 8b918d EnterCriticalSection 96223->96236 96234 8bf2d9 20 API calls __dosmaperr 96224->96234 96227 8be69a 96235 8c27ec 26 API calls _abort 96227->96235 96228 8be6c6 96237 8be602 96228->96237 96231 8be6d1 96253 8be6ee LeaveCriticalSection __fread_nolock 96231->96253 96233->96024 96234->96227 96235->96233 96236->96228 96238 8be60f 96237->96238 96239 8be624 96237->96239 96254 8bf2d9 20 API calls __dosmaperr 96238->96254 96245 8be61f 96239->96245 96256 8bdc0b 96239->96256 96241 8be614 96255 8c27ec 26 API calls _abort 96241->96255 96245->96231 96249 8be646 96273 8c862f 96249->96273 96252 8c29c8 _free 20 API calls 96252->96245 96253->96233 96254->96241 96255->96245 96257 8bdc1f 96256->96257 96258 8bdc23 96256->96258 96262 8c4d7a 96257->96262 96258->96257 96259 8bd955 __fread_nolock 26 API calls 96258->96259 96260 8bdc43 96259->96260 96288 8c59be 62 API calls 5 library calls 96260->96288 96263 8c4d90 96262->96263 96265 8be640 96262->96265 96264 8c29c8 _free 20 API calls 96263->96264 96263->96265 96264->96265 96266 8bd955 96265->96266 96267 8bd961 96266->96267 96268 8bd976 96266->96268 96289 8bf2d9 20 API calls __dosmaperr 96267->96289 96268->96249 96270 8bd966 96290 8c27ec 26 API calls _abort 96270->96290 96272 8bd971 96272->96249 96274 8c863e 96273->96274 96275 8c8653 96273->96275 96291 8bf2c6 20 API calls __dosmaperr 96274->96291 96277 8c868e 96275->96277 96280 8c867a 96275->96280 96296 8bf2c6 20 API calls __dosmaperr 96277->96296 96279 8c8643 96292 8bf2d9 20 API calls __dosmaperr 96279->96292 96293 8c8607 96280->96293 96281 8c8693 96297 8bf2d9 20 API calls __dosmaperr 96281->96297 96285 8be64c 96285->96245 96285->96252 96286 8c869b 96298 8c27ec 26 API calls _abort 96286->96298 96288->96257 96289->96270 96290->96272 96291->96279 96292->96285 96299 8c8585 96293->96299 96295 8c862b 96295->96285 96296->96281 96297->96286 96298->96285 96300 8c8591 ___scrt_is_nonwritable_in_current_image 96299->96300 96310 8c5147 EnterCriticalSection 96300->96310 96302 8c859f 96303 8c85c6 96302->96303 96304 8c85d1 96302->96304 96311 8c86ae 96303->96311 96326 8bf2d9 20 API calls __dosmaperr 96304->96326 96307 8c85cc 96327 8c85fb LeaveCriticalSection __wsopen_s 96307->96327 96309 8c85ee __fread_nolock 96309->96295 96310->96302 96328 8c53c4 96311->96328 96313 8c86c4 96341 8c5333 21 API calls 2 library calls 96313->96341 96314 8c86be 96314->96313 96316 8c53c4 __wsopen_s 26 API calls 96314->96316 96325 8c86f6 96314->96325 96319 8c86ed 96316->96319 96317 8c53c4 __wsopen_s 26 API calls 96320 8c8702 FindCloseChangeNotification 96317->96320 96318 8c871c 96324 8c873e 96318->96324 96342 8bf2a3 20 API calls __dosmaperr 96318->96342 96321 8c53c4 __wsopen_s 26 API calls 96319->96321 96320->96313 96322 8c870e GetLastError 96320->96322 96321->96325 96322->96313 96324->96307 96325->96313 96325->96317 96326->96307 96327->96309 96329 8c53d1 96328->96329 96331 8c53e6 96328->96331 96343 8bf2c6 20 API calls __dosmaperr 96329->96343 96336 8c540b 96331->96336 96345 8bf2c6 20 API calls __dosmaperr 96331->96345 96332 8c53d6 96344 8bf2d9 20 API calls __dosmaperr 96332->96344 96334 8c5416 96346 8bf2d9 20 API calls __dosmaperr 96334->96346 96336->96314 96338 8c53de 96338->96314 96339 8c541e 96347 8c27ec 26 API calls _abort 96339->96347 96341->96318 96342->96324 96343->96332 96344->96338 96345->96334 96346->96339 96347->96338 96348 891044 96353 8910f3 96348->96353 96350 89104a 96389 8b00a3 29 API calls __onexit 96350->96389 96352 891054 96390 891398 96353->96390 96357 89116a 96358 89a961 22 API calls 96357->96358 96359 891174 96358->96359 96360 89a961 22 API calls 96359->96360 96361 89117e 96360->96361 96362 89a961 22 API calls 96361->96362 96363 891188 96362->96363 96364 89a961 22 API calls 96363->96364 96365 8911c6 96364->96365 96366 89a961 22 API calls 96365->96366 96367 891292 96366->96367 96400 89171c 96367->96400 96371 8912c4 96372 89a961 22 API calls 96371->96372 96373 8912ce 96372->96373 96421 8a1940 96373->96421 96375 8912f9 96431 891aab 96375->96431 96377 891315 96378 891325 GetStdHandle 96377->96378 96379 8d2485 96378->96379 96381 89137a 96378->96381 96380 8d248e 96379->96380 96379->96381 96382 8afddb 22 API calls 96380->96382 96383 891387 OleInitialize 96381->96383 96384 8d2495 96382->96384 96383->96350 96438 90011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96384->96438 96386 8d249e 96439 900944 CreateThread 96386->96439 96388 8d24aa CloseHandle 96388->96381 96389->96352 96440 8913f1 96390->96440 96393 8913f1 22 API calls 96394 8913d0 96393->96394 96395 89a961 22 API calls 96394->96395 96396 8913dc 96395->96396 96397 896b57 22 API calls 96396->96397 96398 891129 96397->96398 96399 891bc3 6 API calls 96398->96399 96399->96357 96401 89a961 22 API calls 96400->96401 96402 89172c 96401->96402 96403 89a961 22 API calls 96402->96403 96404 891734 96403->96404 96405 89a961 22 API calls 96404->96405 96406 89174f 96405->96406 96407 8afddb 22 API calls 96406->96407 96408 89129c 96407->96408 96409 891b4a 96408->96409 96410 891b58 96409->96410 96411 89a961 22 API calls 96410->96411 96412 891b63 96411->96412 96413 89a961 22 API calls 96412->96413 96414 891b6e 96413->96414 96415 89a961 22 API calls 96414->96415 96416 891b79 96415->96416 96417 89a961 22 API calls 96416->96417 96418 891b84 96417->96418 96419 8afddb 22 API calls 96418->96419 96420 891b96 RegisterWindowMessageW 96419->96420 96420->96371 96422 8a195d 96421->96422 96423 8a1981 96421->96423 96430 8a196e 96422->96430 96449 8b0242 5 API calls __Init_thread_wait 96422->96449 96447 8b0242 5 API calls __Init_thread_wait 96423->96447 96425 8a198b 96425->96422 96448 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96425->96448 96427 8a8727 96427->96430 96450 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96427->96450 96430->96375 96432 8d272d 96431->96432 96433 891abb 96431->96433 96451 903209 23 API calls 96432->96451 96435 8afddb 22 API calls 96433->96435 96437 891ac3 96435->96437 96436 8d2738 96437->96377 96438->96386 96439->96388 96452 90092a 28 API calls 96439->96452 96441 89a961 22 API calls 96440->96441 96442 8913fc 96441->96442 96443 89a961 22 API calls 96442->96443 96444 891404 96443->96444 96445 89a961 22 API calls 96444->96445 96446 8913c6 96445->96446 96446->96393 96447->96425 96448->96422 96449->96427 96450->96430 96451->96436 96453 8e2a00 96454 89d7b0 ISource 96453->96454 96455 89db11 PeekMessageW 96454->96455 96456 89d807 GetInputState 96454->96456 96457 8e1cbe TranslateAcceleratorW 96454->96457 96459 89db8f PeekMessageW 96454->96459 96460 89db73 TranslateMessage DispatchMessageW 96454->96460 96461 89da04 timeGetTime 96454->96461 96462 89dbaf Sleep 96454->96462 96463 8e2b74 Sleep 96454->96463 96464 8e1dda timeGetTime 96454->96464 96474 89d9d5 96454->96474 96485 89dd50 96454->96485 96492 8a1310 96454->96492 96546 89dfd0 185 API calls 3 library calls 96454->96546 96547 89bf40 96454->96547 96605 8aedf6 IsDialogMessageW GetClassLongW 96454->96605 96607 903a2a 23 API calls 96454->96607 96608 89ec40 96454->96608 96632 90359c 82 API calls __wsopen_s 96454->96632 96455->96454 96456->96454 96456->96455 96457->96454 96459->96454 96460->96459 96461->96454 96479 89dbc0 96462->96479 96463->96479 96606 8ae300 23 API calls 96464->96606 96465 8ae551 timeGetTime 96465->96479 96468 8e2c0b GetExitCodeProcess 96470 8e2c37 CloseHandle 96468->96470 96471 8e2c21 WaitForSingleObject 96468->96471 96470->96479 96471->96454 96471->96470 96472 8e2a31 96472->96474 96473 9229bf GetForegroundWindow 96473->96479 96475 8e2ca9 Sleep 96475->96454 96479->96454 96479->96465 96479->96468 96479->96472 96479->96473 96479->96474 96479->96475 96633 915658 23 API calls 96479->96633 96634 8fe97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96479->96634 96635 8fd4dc CreateToolhelp32Snapshot Process32FirstW 96479->96635 96486 89dd6f 96485->96486 96487 89dd83 96485->96487 96645 89d260 96486->96645 96677 90359c 82 API calls __wsopen_s 96487->96677 96490 89dd7a 96490->96454 96491 8e2f75 96491->96491 96493 8a17b0 96492->96493 96494 8a1376 96492->96494 96699 8b0242 5 API calls __Init_thread_wait 96493->96699 96495 8a1390 96494->96495 96496 8e6331 96494->96496 96498 8a1940 9 API calls 96495->96498 96499 8e633d 96496->96499 96704 91709c 185 API calls 96496->96704 96502 8a13a0 96498->96502 96499->96454 96501 8a17ba 96503 8a17fb 96501->96503 96505 899cb3 22 API calls 96501->96505 96504 8a1940 9 API calls 96502->96504 96507 8e6346 96503->96507 96509 8a182c 96503->96509 96506 8a13b6 96504->96506 96512 8a17d4 96505->96512 96506->96503 96508 8a13ec 96506->96508 96705 90359c 82 API calls __wsopen_s 96507->96705 96508->96507 96532 8a1408 __fread_nolock 96508->96532 96701 89aceb 23 API calls ISource 96509->96701 96700 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96512->96700 96513 8e6369 96513->96454 96514 8a1839 96702 8ad217 185 API calls 96514->96702 96517 8e636e 96706 90359c 82 API calls __wsopen_s 96517->96706 96518 8a152f 96520 8a153c 96518->96520 96521 8e63d1 96518->96521 96523 8a1940 9 API calls 96520->96523 96708 915745 54 API calls _wcslen 96521->96708 96524 8a1549 96523->96524 96529 8a1940 9 API calls 96524->96529 96534 8e64fa 96524->96534 96525 8afddb 22 API calls 96525->96532 96526 8a1872 96703 8afaeb 23 API calls 96526->96703 96527 8afe0b 22 API calls 96527->96532 96530 8a1563 96529->96530 96530->96534 96539 8a15c7 ISource 96530->96539 96709 89a8c7 22 API calls __fread_nolock 96530->96709 96532->96513 96532->96514 96532->96517 96532->96518 96532->96525 96532->96527 96533 89ec40 185 API calls 96532->96533 96535 8e63b2 96532->96535 96533->96532 96534->96513 96710 90359c 82 API calls __wsopen_s 96534->96710 96707 90359c 82 API calls __wsopen_s 96535->96707 96538 8a1940 9 API calls 96538->96539 96539->96513 96539->96526 96539->96534 96539->96538 96541 8a167b ISource 96539->96541 96685 91ac5b 96539->96685 96688 91a2ea 96539->96688 96693 905c5a 96539->96693 96540 8a171d 96540->96454 96541->96540 96698 8ace17 22 API calls ISource 96541->96698 96546->96454 96775 89adf0 96547->96775 96549 89bf9d 96550 89bfa9 96549->96550 96551 8e04b6 96549->96551 96553 8e04c6 96550->96553 96554 89c01e 96550->96554 96794 90359c 82 API calls __wsopen_s 96551->96794 96795 90359c 82 API calls __wsopen_s 96553->96795 96780 89ac91 96554->96780 96557 89c7da 96561 8afe0b 22 API calls 96557->96561 96569 89c808 __fread_nolock 96561->96569 96563 8e04f5 96566 8e055a 96563->96566 96796 8ad217 185 API calls 96563->96796 96604 89c603 96566->96604 96797 90359c 82 API calls __wsopen_s 96566->96797 96567 8afe0b 22 API calls 96595 89c350 ISource __fread_nolock 96567->96595 96568 89af8a 22 API calls 96603 89c039 ISource __fread_nolock 96568->96603 96569->96567 96570 8f7120 22 API calls 96570->96603 96571 8e091a 96807 903209 23 API calls 96571->96807 96574 89ec40 185 API calls 96574->96603 96575 8e08a5 96576 89ec40 185 API calls 96575->96576 96578 8e08cf 96576->96578 96578->96604 96805 89a81b 41 API calls 96578->96805 96579 8e0591 96798 90359c 82 API calls __wsopen_s 96579->96798 96580 8e08f6 96806 90359c 82 API calls __wsopen_s 96580->96806 96584 89bbe0 40 API calls 96584->96603 96586 89c3ac 96586->96454 96588 89c237 96589 89c253 96588->96589 96808 89a8c7 22 API calls __fread_nolock 96588->96808 96592 8e0976 96589->96592 96598 89c297 ISource 96589->96598 96591 8afe0b 22 API calls 96591->96603 96809 89aceb 23 API calls ISource 96592->96809 96594 8afddb 22 API calls 96594->96603 96595->96586 96793 8ace17 22 API calls ISource 96595->96793 96597 8e09bf 96597->96604 96810 90359c 82 API calls __wsopen_s 96597->96810 96598->96597 96791 89aceb 23 API calls ISource 96598->96791 96600 89c335 96600->96597 96601 89c342 96600->96601 96792 89a704 22 API calls ISource 96601->96792 96603->96557 96603->96563 96603->96566 96603->96568 96603->96569 96603->96570 96603->96571 96603->96574 96603->96575 96603->96579 96603->96580 96603->96584 96603->96588 96603->96591 96603->96594 96603->96597 96603->96604 96784 89ad81 96603->96784 96799 8f7099 22 API calls __fread_nolock 96603->96799 96800 915745 54 API calls _wcslen 96603->96800 96801 8aaa42 22 API calls ISource 96603->96801 96802 8ff05c 40 API calls 96603->96802 96803 89a993 41 API calls 96603->96803 96804 89aceb 23 API calls ISource 96603->96804 96604->96454 96605->96454 96606->96454 96607->96454 96626 89ec76 ISource 96608->96626 96609 8afddb 22 API calls 96609->96626 96610 89fef7 96624 89ed9d ISource 96610->96624 96823 89a8c7 22 API calls __fread_nolock 96610->96823 96613 8e4600 96613->96624 96822 89a8c7 22 API calls __fread_nolock 96613->96822 96614 8e4b0b 96825 90359c 82 API calls __wsopen_s 96614->96825 96618 89a8c7 22 API calls 96618->96626 96621 8b0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96621->96626 96622 89fbe3 96622->96624 96625 8e4bdc 96622->96625 96631 89f3ae ISource 96622->96631 96623 89a961 22 API calls 96623->96626 96624->96454 96826 90359c 82 API calls __wsopen_s 96625->96826 96626->96609 96626->96610 96626->96613 96626->96614 96626->96618 96626->96621 96626->96622 96626->96623 96626->96624 96627 8b00a3 29 API calls pre_c_initialization 96626->96627 96629 8e4beb 96626->96629 96630 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96626->96630 96626->96631 96820 8a01e0 185 API calls 2 library calls 96626->96820 96821 8a06a0 41 API calls ISource 96626->96821 96627->96626 96827 90359c 82 API calls __wsopen_s 96629->96827 96630->96626 96631->96624 96824 90359c 82 API calls __wsopen_s 96631->96824 96632->96454 96633->96479 96634->96479 96828 8fdef7 96635->96828 96637 8fd5db FindCloseChangeNotification 96637->96479 96638 8fd529 Process32NextW 96638->96637 96639 8fd522 96638->96639 96639->96637 96639->96638 96640 89a961 22 API calls 96639->96640 96641 899cb3 22 API calls 96639->96641 96834 89525f 22 API calls 96639->96834 96835 896350 22 API calls 96639->96835 96836 8ace60 41 API calls 96639->96836 96640->96639 96641->96639 96646 89ec40 185 API calls 96645->96646 96666 89d29d 96646->96666 96647 8e1bc4 96684 90359c 82 API calls __wsopen_s 96647->96684 96649 89d30b ISource 96649->96490 96650 89d3c3 96651 89d6d5 96650->96651 96652 89d3ce 96650->96652 96651->96649 96660 8afe0b 22 API calls 96651->96660 96654 8afddb 22 API calls 96652->96654 96653 89d5ff 96655 8e1bb5 96653->96655 96656 89d614 96653->96656 96664 89d3d5 __fread_nolock 96654->96664 96683 915705 23 API calls 96655->96683 96659 8afddb 22 API calls 96656->96659 96657 89d4b8 96661 8afe0b 22 API calls 96657->96661 96670 89d46a 96659->96670 96660->96664 96672 89d429 ISource __fread_nolock 96661->96672 96662 8afddb 22 API calls 96663 89d3f6 96662->96663 96663->96672 96678 89bec0 185 API calls 96663->96678 96664->96662 96664->96663 96665 8afddb 22 API calls 96665->96666 96666->96647 96666->96649 96666->96650 96666->96651 96666->96657 96666->96665 96666->96672 96668 8e1ba4 96682 90359c 82 API calls __wsopen_s 96668->96682 96670->96490 96672->96653 96672->96668 96672->96670 96673 8e1b7f 96672->96673 96675 8e1b5d 96672->96675 96679 891f6f 185 API calls 96672->96679 96681 90359c 82 API calls __wsopen_s 96673->96681 96680 90359c 82 API calls __wsopen_s 96675->96680 96677->96491 96678->96672 96679->96672 96680->96670 96681->96670 96682->96670 96683->96647 96684->96649 96711 91ad64 96685->96711 96687 91ac6f 96687->96539 96689 897510 53 API calls 96688->96689 96690 91a306 96689->96690 96691 8fd4dc 47 API calls 96690->96691 96692 91a315 96691->96692 96692->96539 96694 897510 53 API calls 96693->96694 96695 905c6d 96694->96695 96770 8fdbbe lstrlenW 96695->96770 96697 905c77 96697->96539 96698->96541 96699->96501 96700->96503 96701->96514 96702->96526 96703->96526 96704->96499 96705->96513 96706->96513 96707->96513 96708->96530 96709->96539 96710->96513 96712 89a961 22 API calls 96711->96712 96713 91ad77 ___scrt_fastfail 96712->96713 96714 897510 53 API calls 96713->96714 96729 91adce 96713->96729 96716 91adab 96714->96716 96715 91ae3a 96727 91ae4d ___scrt_fastfail 96715->96727 96765 89b567 39 API calls 96715->96765 96720 897510 53 API calls 96716->96720 96716->96729 96717 897510 53 API calls 96719 91ade4 96717->96719 96718 897510 53 API calls 96725 91ae04 96718->96725 96763 897620 22 API calls _wcslen 96719->96763 96722 91adc4 96720->96722 96762 897620 22 API calls _wcslen 96722->96762 96724 91adee 96724->96715 96724->96718 96725->96715 96731 897510 53 API calls 96725->96731 96739 897510 96727->96739 96729->96717 96729->96724 96732 91ae28 96731->96732 96732->96715 96764 89a8c7 22 API calls __fread_nolock 96732->96764 96734 91aec8 96734->96687 96735 91aeb0 96735->96734 96736 91af35 GetProcessId 96735->96736 96737 91af48 96736->96737 96738 91af58 CloseHandle 96737->96738 96738->96734 96740 897522 ShellExecuteExW 96739->96740 96741 897525 96739->96741 96740->96735 96742 89755b 96741->96742 96743 89752d 96741->96743 96745 8d50f6 96742->96745 96748 89756d 96742->96748 96753 8d500f 96742->96753 96766 8b51c6 26 API calls 96743->96766 96769 8b5183 26 API calls 96745->96769 96746 89753d 96752 8afddb 22 API calls 96746->96752 96767 8afb21 51 API calls 96748->96767 96749 8d510e 96749->96749 96754 897547 96752->96754 96756 8afe0b 22 API calls 96753->96756 96761 8d5088 96753->96761 96755 899cb3 22 API calls 96754->96755 96755->96740 96757 8d5058 96756->96757 96758 8afddb 22 API calls 96757->96758 96759 8d507f 96758->96759 96760 899cb3 22 API calls 96759->96760 96760->96761 96768 8afb21 51 API calls 96761->96768 96762->96729 96763->96724 96764->96715 96765->96727 96766->96746 96767->96746 96768->96745 96769->96749 96771 8fdbdc GetFileAttributesW 96770->96771 96772 8fdc06 96770->96772 96771->96772 96773 8fdbe8 FindFirstFileW 96771->96773 96772->96697 96773->96772 96774 8fdbf9 FindClose 96773->96774 96774->96772 96776 89ae01 96775->96776 96779 89ae1c ISource 96775->96779 96777 89aec9 22 API calls 96776->96777 96778 89ae09 CharUpperBuffW 96777->96778 96778->96779 96779->96549 96781 89acae 96780->96781 96782 89acd1 96781->96782 96811 90359c 82 API calls __wsopen_s 96781->96811 96782->96603 96785 8dfadb 96784->96785 96786 89ad92 96784->96786 96787 8afddb 22 API calls 96786->96787 96788 89ad99 96787->96788 96812 89adcd 96788->96812 96791->96600 96792->96595 96793->96595 96794->96553 96795->96604 96796->96566 96797->96604 96798->96604 96799->96603 96800->96603 96801->96603 96802->96603 96803->96603 96804->96603 96805->96580 96806->96604 96807->96588 96808->96589 96809->96597 96810->96604 96811->96782 96816 89addd 96812->96816 96813 89adb6 96813->96603 96814 8afddb 22 API calls 96814->96816 96815 89a961 22 API calls 96815->96816 96816->96813 96816->96814 96816->96815 96818 89adcd 22 API calls 96816->96818 96819 89a8c7 22 API calls __fread_nolock 96816->96819 96818->96816 96819->96816 96820->96626 96821->96626 96822->96624 96823->96624 96824->96624 96825->96624 96826->96629 96827->96624 96832 8fdf02 96828->96832 96829 8fdf19 96838 8b62fb 39 API calls 96829->96838 96832->96829 96833 8fdf1f 96832->96833 96837 8b63b2 GetStringTypeW _strftime 96832->96837 96833->96639 96834->96639 96835->96639 96836->96639 96837->96832 96838->96833 96839 8c8402 96844 8c81be 96839->96844 96842 8c842a 96849 8c81ef try_get_first_available_module 96844->96849 96846 8c83ee 96863 8c27ec 26 API calls _abort 96846->96863 96848 8c8343 96848->96842 96856 8d0984 96848->96856 96852 8c8338 96849->96852 96859 8b8e0b 40 API calls 2 library calls 96849->96859 96851 8c838c 96851->96852 96860 8b8e0b 40 API calls 2 library calls 96851->96860 96852->96848 96862 8bf2d9 20 API calls __dosmaperr 96852->96862 96854 8c83ab 96854->96852 96861 8b8e0b 40 API calls 2 library calls 96854->96861 96864 8d0081 96856->96864 96858 8d099f 96858->96842 96859->96851 96860->96854 96861->96852 96862->96846 96863->96848 96865 8d008d ___scrt_is_nonwritable_in_current_image 96864->96865 96866 8d009b 96865->96866 96869 8d00d4 96865->96869 96921 8bf2d9 20 API calls __dosmaperr 96866->96921 96868 8d00a0 96922 8c27ec 26 API calls _abort 96868->96922 96875 8d065b 96869->96875 96874 8d00aa __fread_nolock 96874->96858 96876 8d0678 96875->96876 96877 8d068d 96876->96877 96878 8d06a6 96876->96878 96938 8bf2c6 20 API calls __dosmaperr 96877->96938 96924 8c5221 96878->96924 96881 8d06ab 96882 8d06cb 96881->96882 96883 8d06b4 96881->96883 96937 8d039a CreateFileW 96882->96937 96940 8bf2c6 20 API calls __dosmaperr 96883->96940 96887 8d06b9 96941 8bf2d9 20 API calls __dosmaperr 96887->96941 96888 8d0704 96889 8d0781 GetFileType 96888->96889 96893 8d0756 GetLastError 96888->96893 96942 8d039a CreateFileW 96888->96942 96894 8d078c GetLastError 96889->96894 96895 8d07d3 96889->96895 96890 8d00f8 96923 8d0121 LeaveCriticalSection __wsopen_s 96890->96923 96892 8d0692 96939 8bf2d9 20 API calls __dosmaperr 96892->96939 96943 8bf2a3 20 API calls __dosmaperr 96893->96943 96944 8bf2a3 20 API calls __dosmaperr 96894->96944 96946 8c516a 21 API calls 2 library calls 96895->96946 96899 8d079a CloseHandle 96899->96892 96900 8d07c3 96899->96900 96945 8bf2d9 20 API calls __dosmaperr 96900->96945 96902 8d0749 96902->96889 96902->96893 96904 8d07f4 96906 8d0840 96904->96906 96947 8d05ab 72 API calls 3 library calls 96904->96947 96905 8d07c8 96905->96892 96910 8d086d 96906->96910 96948 8d014d 72 API calls 4 library calls 96906->96948 96909 8d0866 96909->96910 96911 8d087e 96909->96911 96912 8c86ae __wsopen_s 29 API calls 96910->96912 96911->96890 96913 8d08fc CloseHandle 96911->96913 96912->96890 96949 8d039a CreateFileW 96913->96949 96915 8d0927 96916 8d0931 GetLastError 96915->96916 96917 8d095d 96915->96917 96950 8bf2a3 20 API calls __dosmaperr 96916->96950 96917->96890 96919 8d093d 96951 8c5333 21 API calls 2 library calls 96919->96951 96921->96868 96922->96874 96923->96874 96925 8c522d ___scrt_is_nonwritable_in_current_image 96924->96925 96952 8c2f5e EnterCriticalSection 96925->96952 96927 8c527b 96953 8c532a 96927->96953 96928 8c5234 96928->96927 96929 8c5259 96928->96929 96934 8c52c7 EnterCriticalSection 96928->96934 96956 8c5000 96929->96956 96932 8c52a4 __fread_nolock 96932->96881 96934->96927 96935 8c52d4 LeaveCriticalSection 96934->96935 96935->96928 96937->96888 96938->96892 96939->96890 96940->96887 96941->96892 96942->96902 96943->96892 96944->96899 96945->96905 96946->96904 96947->96906 96948->96909 96949->96915 96950->96919 96951->96917 96952->96928 96964 8c2fa6 LeaveCriticalSection 96953->96964 96955 8c5331 96955->96932 96957 8c4c7d __dosmaperr 20 API calls 96956->96957 96958 8c5012 96957->96958 96962 8c501f 96958->96962 96965 8c3405 11 API calls 2 library calls 96958->96965 96959 8c29c8 _free 20 API calls 96961 8c5071 96959->96961 96961->96927 96963 8c5147 EnterCriticalSection 96961->96963 96962->96959 96963->96927 96964->96955 96965->96958 96966 8d2402 96969 891410 96966->96969 96970 8d24b8 DestroyWindow 96969->96970 96971 89144f mciSendStringW 96969->96971 96984 8d24c4 96970->96984 96972 89146b 96971->96972 96973 8916c6 96971->96973 96974 891479 96972->96974 96972->96984 96973->96972 96975 8916d5 UnregisterHotKey 96973->96975 97002 89182e 96974->97002 96975->96973 96977 8d24d8 96977->96984 97008 896246 CloseHandle 96977->97008 96978 8d24e2 FindClose 96978->96984 96980 8d2509 96983 8d251c FreeLibrary 96980->96983 96985 8d252d 96980->96985 96982 89148e 96982->96985 96991 89149c 96982->96991 96983->96980 96984->96977 96984->96978 96984->96980 96986 8d2541 VirtualFree 96985->96986 96993 891509 96985->96993 96986->96985 96987 8914f8 OleUninitialize 96987->96993 96988 8d2589 96995 8d2598 ISource 96988->96995 97009 9032eb 6 API calls ISource 96988->97009 96989 891514 96992 891524 96989->96992 96991->96987 97006 891944 VirtualFreeEx CloseHandle 96992->97006 96993->96988 96993->96989 96998 8d2627 96995->96998 97010 8f64d4 22 API calls ISource 96995->97010 96997 89153a 96997->96995 96999 89161f 96997->96999 96998->96998 96999->96998 97007 891876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96999->97007 97001 8916c1 97003 89183b 97002->97003 97004 891480 97003->97004 97011 8f702a 22 API calls 97003->97011 97004->96980 97004->96982 97006->96997 97007->97001 97008->96977 97009->96988 97010->96995 97011->97003 97012 8b03fb 97013 8b0407 ___scrt_is_nonwritable_in_current_image 97012->97013 97041 8afeb1 97013->97041 97015 8b040e 97016 8b0561 97015->97016 97019 8b0438 97015->97019 97071 8b083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 97016->97071 97018 8b0568 97064 8b4e52 97018->97064 97030 8b0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 97019->97030 97052 8c247d 97019->97052 97026 8b0457 97028 8b04d8 97060 8b0959 97028->97060 97030->97028 97067 8b4e1a 38 API calls 2 library calls 97030->97067 97032 8b04de 97033 8b04f3 97032->97033 97068 8b0992 GetModuleHandleW 97033->97068 97035 8b04fa 97035->97018 97036 8b04fe 97035->97036 97037 8b0507 97036->97037 97069 8b4df5 28 API calls _abort 97036->97069 97070 8b0040 13 API calls 2 library calls 97037->97070 97040 8b050f 97040->97026 97042 8afeba 97041->97042 97073 8b0698 IsProcessorFeaturePresent 97042->97073 97044 8afec6 97074 8b2c94 10 API calls 3 library calls 97044->97074 97046 8afecb 97051 8afecf 97046->97051 97075 8c2317 97046->97075 97049 8afee6 97049->97015 97051->97015 97053 8c2494 97052->97053 97054 8b0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97053->97054 97055 8b0451 97054->97055 97055->97026 97056 8c2421 97055->97056 97057 8c2450 97056->97057 97058 8b0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97057->97058 97059 8c2479 97058->97059 97059->97030 97126 8b2340 97060->97126 97063 8b097f 97063->97032 97128 8b4bcf 97064->97128 97067->97028 97068->97035 97069->97037 97070->97040 97071->97018 97073->97044 97074->97046 97079 8cd1f6 97075->97079 97078 8b2cbd 8 API calls 3 library calls 97078->97051 97080 8cd213 97079->97080 97083 8cd20f 97079->97083 97080->97083 97085 8c4bfb 97080->97085 97082 8afed8 97082->97049 97082->97078 97097 8b0a8c 97083->97097 97086 8c4c07 ___scrt_is_nonwritable_in_current_image 97085->97086 97104 8c2f5e EnterCriticalSection 97086->97104 97088 8c4c0e 97105 8c50af 97088->97105 97090 8c4c1d 97091 8c4c2c 97090->97091 97118 8c4a8f 29 API calls 97090->97118 97120 8c4c48 LeaveCriticalSection _abort 97091->97120 97094 8c4c3d __fread_nolock 97094->97080 97095 8c4c27 97119 8c4b45 GetStdHandle GetFileType 97095->97119 97098 8b0a97 IsProcessorFeaturePresent 97097->97098 97099 8b0a95 97097->97099 97101 8b0c5d 97098->97101 97099->97082 97125 8b0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97101->97125 97103 8b0d40 97103->97082 97104->97088 97106 8c50bb ___scrt_is_nonwritable_in_current_image 97105->97106 97107 8c50df 97106->97107 97108 8c50c8 97106->97108 97121 8c2f5e EnterCriticalSection 97107->97121 97122 8bf2d9 20 API calls __dosmaperr 97108->97122 97111 8c50cd 97123 8c27ec 26 API calls _abort 97111->97123 97113 8c50d7 __fread_nolock 97113->97090 97114 8c50eb 97116 8c5000 __wsopen_s 21 API calls 97114->97116 97117 8c5117 97114->97117 97116->97114 97124 8c513e LeaveCriticalSection _abort 97117->97124 97118->97095 97119->97091 97120->97094 97121->97114 97122->97111 97123->97113 97124->97113 97125->97103 97127 8b096c GetStartupInfoW 97126->97127 97127->97063 97129 8b4bdb _abort 97128->97129 97130 8b4be2 97129->97130 97131 8b4bf4 97129->97131 97167 8b4d29 GetModuleHandleW 97130->97167 97152 8c2f5e EnterCriticalSection 97131->97152 97134 8b4be7 97134->97131 97168 8b4d6d GetModuleHandleExW 97134->97168 97135 8b4c99 97156 8b4cd9 97135->97156 97139 8b4c70 97143 8b4c88 97139->97143 97147 8c2421 _abort 5 API calls 97139->97147 97141 8b4ce2 97176 8d1d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 97141->97176 97142 8b4cb6 97159 8b4ce8 97142->97159 97148 8c2421 _abort 5 API calls 97143->97148 97147->97143 97148->97135 97149 8b4bfb 97149->97135 97149->97139 97153 8c21a8 97149->97153 97152->97149 97177 8c1ee1 97153->97177 97196 8c2fa6 LeaveCriticalSection 97156->97196 97158 8b4cb2 97158->97141 97158->97142 97197 8c360c 97159->97197 97162 8b4d16 97165 8b4d6d _abort 8 API calls 97162->97165 97163 8b4cf6 GetPEB 97163->97162 97164 8b4d06 GetCurrentProcess TerminateProcess 97163->97164 97164->97162 97166 8b4d1e ExitProcess 97165->97166 97167->97134 97169 8b4dba 97168->97169 97170 8b4d97 GetProcAddress 97168->97170 97171 8b4dc9 97169->97171 97172 8b4dc0 FreeLibrary 97169->97172 97174 8b4dac 97170->97174 97173 8b0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97171->97173 97172->97171 97175 8b4bf3 97173->97175 97174->97169 97175->97131 97180 8c1e90 97177->97180 97179 8c1f05 97179->97139 97181 8c1e9c ___scrt_is_nonwritable_in_current_image 97180->97181 97188 8c2f5e EnterCriticalSection 97181->97188 97183 8c1eaa 97189 8c1f31 97183->97189 97187 8c1ec8 __fread_nolock 97187->97179 97188->97183 97190 8c1f51 97189->97190 97193 8c1f59 97189->97193 97191 8b0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97190->97191 97192 8c1eb7 97191->97192 97195 8c1ed5 LeaveCriticalSection _abort 97192->97195 97193->97190 97194 8c29c8 _free 20 API calls 97193->97194 97194->97190 97195->97187 97196->97158 97198 8c3627 97197->97198 97199 8c3631 97197->97199 97201 8b0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97198->97201 97204 8c2fd7 5 API calls 2 library calls 97199->97204 97202 8b4cf2 97201->97202 97202->97162 97202->97163 97203 8c3648 97203->97198 97204->97203 97205 891098 97210 8942de 97205->97210 97209 8910a7 97211 89a961 22 API calls 97210->97211 97212 8942f5 GetVersionExW 97211->97212 97213 896b57 22 API calls 97212->97213 97214 894342 97213->97214 97215 8993b2 22 API calls 97214->97215 97227 894378 97214->97227 97216 89436c 97215->97216 97218 8937a0 22 API calls 97216->97218 97217 89441b GetCurrentProcess IsWow64Process 97219 894437 97217->97219 97218->97227 97220 89444f LoadLibraryA 97219->97220 97221 8d3824 GetSystemInfo 97219->97221 97222 89449c GetSystemInfo 97220->97222 97223 894460 GetProcAddress 97220->97223 97224 894476 97222->97224 97223->97222 97226 894470 GetNativeSystemInfo 97223->97226 97228 89447a FreeLibrary 97224->97228 97229 89109d 97224->97229 97225 8d37df 97226->97224 97227->97217 97227->97225 97228->97229 97230 8b00a3 29 API calls __onexit 97229->97230 97230->97209 97231 89105b 97236 89344d 97231->97236 97233 89106a 97267 8b00a3 29 API calls __onexit 97233->97267 97235 891074 97237 89345d __wsopen_s 97236->97237 97238 89a961 22 API calls 97237->97238 97239 893513 97238->97239 97240 893a5a 24 API calls 97239->97240 97241 89351c 97240->97241 97268 893357 97241->97268 97244 8933c6 22 API calls 97245 893535 97244->97245 97246 89515f 22 API calls 97245->97246 97247 893544 97246->97247 97248 89a961 22 API calls 97247->97248 97249 89354d 97248->97249 97250 89a6c3 22 API calls 97249->97250 97251 893556 RegOpenKeyExW 97250->97251 97252 8d3176 RegQueryValueExW 97251->97252 97256 893578 97251->97256 97253 8d320c RegCloseKey 97252->97253 97254 8d3193 97252->97254 97253->97256 97265 8d321e _wcslen 97253->97265 97255 8afe0b 22 API calls 97254->97255 97257 8d31ac 97255->97257 97256->97233 97258 895722 22 API calls 97257->97258 97259 8d31b7 RegQueryValueExW 97258->97259 97260 8d31d4 97259->97260 97262 8d31ee ISource 97259->97262 97261 896b57 22 API calls 97260->97261 97261->97262 97262->97253 97263 899cb3 22 API calls 97263->97265 97264 89515f 22 API calls 97264->97265 97265->97256 97265->97263 97265->97264 97266 894c6d 22 API calls 97265->97266 97266->97265 97267->97235 97269 8d1f50 __wsopen_s 97268->97269 97270 893364 GetFullPathNameW 97269->97270 97271 893386 97270->97271 97272 896b57 22 API calls 97271->97272 97273 8933a4 97272->97273 97273->97244 97274 89f7bf 97275 89f7d3 97274->97275 97276 89fcb6 97274->97276 97278 89fcc2 97275->97278 97279 8afddb 22 API calls 97275->97279 97311 89aceb 23 API calls ISource 97276->97311 97312 89aceb 23 API calls ISource 97278->97312 97281 89f7e5 97279->97281 97281->97278 97282 89f83e 97281->97282 97283 89fd3d 97281->97283 97285 8a1310 185 API calls 97282->97285 97291 89ed9d ISource 97282->97291 97313 901155 22 API calls 97283->97313 97288 89ec76 ISource 97285->97288 97286 8e4beb 97319 90359c 82 API calls __wsopen_s 97286->97319 97287 8afddb 22 API calls 97287->97288 97288->97286 97288->97287 97289 89fef7 97288->97289 97288->97291 97293 89f3ae ISource 97288->97293 97294 8e4600 97288->97294 97295 8e4b0b 97288->97295 97301 89a8c7 22 API calls 97288->97301 97302 8b0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97288->97302 97303 89fbe3 97288->97303 97304 89a961 22 API calls 97288->97304 97307 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97288->97307 97308 8b00a3 29 API calls pre_c_initialization 97288->97308 97309 8a01e0 185 API calls 2 library calls 97288->97309 97310 8a06a0 41 API calls ISource 97288->97310 97289->97291 97315 89a8c7 22 API calls __fread_nolock 97289->97315 97293->97291 97316 90359c 82 API calls __wsopen_s 97293->97316 97294->97291 97314 89a8c7 22 API calls __fread_nolock 97294->97314 97317 90359c 82 API calls __wsopen_s 97295->97317 97301->97288 97302->97288 97303->97291 97303->97293 97305 8e4bdc 97303->97305 97304->97288 97318 90359c 82 API calls __wsopen_s 97305->97318 97307->97288 97308->97288 97309->97288 97310->97288 97311->97278 97312->97283 97313->97291 97314->97291 97315->97291 97316->97291 97317->97291 97318->97286 97319->97291 97320 891033 97325 894c91 97320->97325 97324 891042 97326 89a961 22 API calls 97325->97326 97327 894cff 97326->97327 97333 893af0 97327->97333 97330 894d9c 97331 891038 97330->97331 97336 8951f7 22 API calls __fread_nolock 97330->97336 97332 8b00a3 29 API calls __onexit 97331->97332 97332->97324 97337 893b1c 97333->97337 97336->97330 97338 893b0f 97337->97338 97339 893b29 97337->97339 97338->97330 97339->97338 97340 893b30 RegOpenKeyExW 97339->97340 97340->97338 97341 893b4a RegQueryValueExW 97340->97341 97342 893b6b 97341->97342 97343 893b80 RegCloseKey 97341->97343 97342->97343 97343->97338 97344 8e3f75 97355 8aceb1 97344->97355 97346 8e3f8b 97348 8e4006 97346->97348 97364 8ae300 23 API calls 97346->97364 97349 89bf40 185 API calls 97348->97349 97350 8e4052 97349->97350 97353 8e4a88 97350->97353 97366 90359c 82 API calls __wsopen_s 97350->97366 97352 8e3fe6 97352->97350 97365 901abf 22 API calls 97352->97365 97356 8acebf 97355->97356 97357 8aced2 97355->97357 97367 89aceb 23 API calls ISource 97356->97367 97358 8aced7 97357->97358 97359 8acf05 97357->97359 97361 8afddb 22 API calls 97358->97361 97368 89aceb 23 API calls ISource 97359->97368 97363 8acec9 97361->97363 97363->97346 97364->97352 97365->97348 97366->97353 97367->97363 97368->97363 97369 892e37 97370 89a961 22 API calls 97369->97370 97371 892e4d 97370->97371 97448 894ae3 97371->97448 97373 892e6b 97374 893a5a 24 API calls 97373->97374 97375 892e7f 97374->97375 97376 899cb3 22 API calls 97375->97376 97377 892e8c 97376->97377 97378 894ecb 94 API calls 97377->97378 97379 892ea5 97378->97379 97380 8d2cb0 97379->97380 97382 892ead 97379->97382 97381 902cf9 80 API calls 97380->97381 97383 8d2cc3 97381->97383 97462 89a8c7 22 API calls __fread_nolock 97382->97462 97384 8d2ccf 97383->97384 97386 894f39 68 API calls 97383->97386 97390 894f39 68 API calls 97384->97390 97386->97384 97387 892ec3 97463 896f88 22 API calls 97387->97463 97389 892ecf 97391 899cb3 22 API calls 97389->97391 97392 8d2ce5 97390->97392 97393 892edc 97391->97393 97480 893084 22 API calls 97392->97480 97464 89a81b 41 API calls 97393->97464 97395 892eec 97398 899cb3 22 API calls 97395->97398 97397 8d2d02 97481 893084 22 API calls 97397->97481 97400 892f12 97398->97400 97465 89a81b 41 API calls 97400->97465 97401 8d2d1e 97403 893a5a 24 API calls 97401->97403 97404 8d2d44 97403->97404 97482 893084 22 API calls 97404->97482 97405 892f21 97408 89a961 22 API calls 97405->97408 97407 8d2d50 97483 89a8c7 22 API calls __fread_nolock 97407->97483 97409 892f3f 97408->97409 97466 893084 22 API calls 97409->97466 97412 8d2d5e 97484 893084 22 API calls 97412->97484 97413 892f4b 97467 8b4a28 40 API calls 3 library calls 97413->97467 97416 8d2d6d 97485 89a8c7 22 API calls __fread_nolock 97416->97485 97417 892f59 97417->97392 97418 892f63 97417->97418 97468 8b4a28 40 API calls 3 library calls 97418->97468 97421 8d2d83 97486 893084 22 API calls 97421->97486 97422 892f6e 97422->97397 97424 892f78 97422->97424 97469 8b4a28 40 API calls 3 library calls 97424->97469 97425 8d2d90 97427 892f83 97427->97401 97428 892f8d 97427->97428 97470 8b4a28 40 API calls 3 library calls 97428->97470 97430 892f98 97431 892fdc 97430->97431 97471 893084 22 API calls 97430->97471 97431->97416 97432 892fe8 97431->97432 97432->97425 97474 8963eb 22 API calls 97432->97474 97434 892fbf 97472 89a8c7 22 API calls __fread_nolock 97434->97472 97437 892ff8 97475 896a50 22 API calls 97437->97475 97438 892fcd 97473 893084 22 API calls 97438->97473 97441 893006 97476 8970b0 23 API calls 97441->97476 97445 893021 97446 893065 97445->97446 97477 896f88 22 API calls 97445->97477 97478 8970b0 23 API calls 97445->97478 97479 893084 22 API calls 97445->97479 97449 894af0 __wsopen_s 97448->97449 97450 896b57 22 API calls 97449->97450 97451 894b22 97449->97451 97450->97451 97453 894b58 97451->97453 97487 894c6d 97451->97487 97454 894c29 97453->97454 97457 899cb3 22 API calls 97453->97457 97459 894c6d 22 API calls 97453->97459 97461 89515f 22 API calls 97453->97461 97455 899cb3 22 API calls 97454->97455 97456 894c5e 97454->97456 97458 894c52 97455->97458 97456->97373 97457->97453 97460 89515f 22 API calls 97458->97460 97459->97453 97460->97456 97461->97453 97462->97387 97463->97389 97464->97395 97465->97405 97466->97413 97467->97417 97468->97422 97469->97427 97470->97430 97471->97434 97472->97438 97473->97431 97474->97437 97475->97441 97476->97445 97477->97445 97478->97445 97479->97445 97480->97397 97481->97401 97482->97407 97483->97412 97484->97416 97485->97421 97486->97425 97488 89aec9 22 API calls 97487->97488 97489 894c78 97488->97489 97489->97451 97490 893156 97493 893170 97490->97493 97494 893187 97493->97494 97495 8931eb 97494->97495 97496 89318c 97494->97496 97533 8931e9 97494->97533 97498 8d2dfb 97495->97498 97499 8931f1 97495->97499 97500 893199 97496->97500 97501 893265 PostQuitMessage 97496->97501 97497 8931d0 DefWindowProcW 97535 89316a 97497->97535 97541 8918e2 10 API calls 97498->97541 97502 8931f8 97499->97502 97503 89321d SetTimer RegisterWindowMessageW 97499->97503 97505 8d2e7c 97500->97505 97506 8931a4 97500->97506 97501->97535 97507 8d2d9c 97502->97507 97508 893201 KillTimer 97502->97508 97510 893246 CreatePopupMenu 97503->97510 97503->97535 97545 8fbf30 34 API calls ___scrt_fastfail 97505->97545 97511 8d2e68 97506->97511 97512 8931ae 97506->97512 97515 8d2dd7 MoveWindow 97507->97515 97516 8d2da1 97507->97516 97517 8930f2 Shell_NotifyIconW 97508->97517 97509 8d2e1c 97542 8ae499 42 API calls 97509->97542 97510->97535 97544 8fc161 27 API calls ___scrt_fastfail 97511->97544 97520 8d2e4d 97512->97520 97521 8931b9 97512->97521 97514 8d2e8e 97514->97497 97514->97535 97515->97535 97524 8d2da7 97516->97524 97525 8d2dc6 SetFocus 97516->97525 97526 893214 97517->97526 97520->97497 97543 8f0ad7 22 API calls 97520->97543 97522 893253 97521->97522 97523 8931c4 97521->97523 97539 89326f 44 API calls ___scrt_fastfail 97522->97539 97523->97497 97534 8930f2 Shell_NotifyIconW 97523->97534 97524->97523 97529 8d2db0 97524->97529 97525->97535 97538 893c50 DeleteObject DestroyWindow 97526->97538 97527 893263 97527->97535 97540 8918e2 10 API calls 97529->97540 97533->97497 97536 8d2e41 97534->97536 97537 893837 49 API calls 97536->97537 97537->97533 97538->97535 97539->97527 97540->97535 97541->97509 97542->97523 97543->97533 97544->97527 97545->97514

                                                                        Executed Functions

                                                                        Function 008942DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 234 8942de-89434d call 89a961 GetVersionExW call 896b57 239 8d3617-8d362a 234->239 240 894353 234->240 241 8d362b-8d362f 239->241 242 894355-894357 240->242 243 8d3631 241->243 244 8d3632-8d363e 241->244 245 89435d-8943bc call 8993b2 call 8937a0 242->245 246 8d3656 242->246 243->244 244->241 247 8d3640-8d3642 244->247 260 8d37df-8d37e6 245->260 261 8943c2-8943c4 245->261 250 8d365d-8d3660 246->250 247->242 249 8d3648-8d364f 247->249 249->239 252 8d3651 249->252 253 89441b-894435 GetCurrentProcess IsWow64Process 250->253 254 8d3666-8d36a8 250->254 252->246 257 894494-89449a 253->257 258 894437 253->258 254->253 259 8d36ae-8d36b1 254->259 262 89443d-894449 257->262 258->262 263 8d36db-8d36e5 259->263 264 8d36b3-8d36bd 259->264 268 8d37e8 260->268 269 8d3806-8d3809 260->269 261->250 267 8943ca-8943dd 261->267 272 89444f-89445e LoadLibraryA 262->272 273 8d3824-8d3828 GetSystemInfo 262->273 270 8d36f8-8d3702 263->270 271 8d36e7-8d36f3 263->271 265 8d36bf-8d36c5 264->265 266 8d36ca-8d36d6 264->266 265->253 266->253 274 8943e3-8943e5 267->274 275 8d3726-8d372f 267->275 276 8d37ee 268->276 279 8d380b-8d381a 269->279 280 8d37f4-8d37fc 269->280 277 8d3715-8d3721 270->277 278 8d3704-8d3710 270->278 271->253 281 89449c-8944a6 GetSystemInfo 272->281 282 894460-89446e GetProcAddress 272->282 284 8d374d-8d3762 274->284 285 8943eb-8943ee 274->285 286 8d373c-8d3748 275->286 287 8d3731-8d3737 275->287 276->280 277->253 278->253 279->276 288 8d381c-8d3822 279->288 280->269 283 894476-894478 281->283 282->281 289 894470-894474 GetNativeSystemInfo 282->289 294 89447a-89447b FreeLibrary 283->294 295 894481-894493 283->295 292 8d376f-8d377b 284->292 293 8d3764-8d376a 284->293 290 8d3791-8d3794 285->290 291 8943f4-89440f 285->291 286->253 287->253 288->280 289->283 290->253 298 8d379a-8d37c1 290->298 296 894415 291->296 297 8d3780-8d378c 291->297 292->253 293->253 294->295 296->253 297->253 299 8d37ce-8d37da 298->299 300 8d37c3-8d37c9 298->300 299->253 300->253
                                                                        APIs
                                                                        • GetVersionExW.KERNEL32(?), ref: 0089430D
                                                                          • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                        • GetCurrentProcess.KERNEL32(?,0092CB64,00000000,?,?), ref: 00894422
                                                                        • IsWow64Process.KERNEL32(00000000,?,?), ref: 00894429
                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00894454
                                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00894466
                                                                        • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00894474
                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 0089447B
                                                                        • GetSystemInfo.KERNEL32(?,?,?), ref: 008944A0
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                        • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                        • API String ID: 3290436268-3101561225
                                                                        • Opcode ID: e6e8c91c67a134d179f10efc4d69acff229a1b7af6a45b1ac98273a158b6ebc4
                                                                        • Instruction ID: f5732391b7f7916f72b4b66045ca8a76db5452a8d05cd77d7685daaebd251d07
                                                                        • Opcode Fuzzy Hash: e6e8c91c67a134d179f10efc4d69acff229a1b7af6a45b1ac98273a158b6ebc4
                                                                        • Instruction Fuzzy Hash: 19A1936293E2C4DFCB11EB697C41D997FA4BB36304B0C59AEE043D3B22D2A04545FB66
                                                                        Function 008942A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 638 8942a2-8942ba CreateStreamOnHGlobal 639 8942da-8942dd 638->639 640 8942bc-8942d3 FindResourceExW 638->640 641 8942d9 640->641 642 8d35ba-8d35c9 LoadResource 640->642 641->639 642->641 643 8d35cf-8d35dd SizeofResource 642->643 643->641 644 8d35e3-8d35ee LockResource 643->644 644->641 645 8d35f4-8d3612 644->645 645->641
                                                                        APIs
                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,008950AA,?,?,00000000,00000000), ref: 008942B2
                                                                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,008950AA,?,?,00000000,00000000), ref: 008942C9
                                                                        • LoadResource.KERNEL32(?,00000000,?,?,008950AA,?,?,00000000,00000000,?,?,?,?,?,?,00894F20), ref: 008D35BE
                                                                        • SizeofResource.KERNEL32(?,00000000,?,?,008950AA,?,?,00000000,00000000,?,?,?,?,?,?,00894F20), ref: 008D35D3
                                                                        • LockResource.KERNEL32(008950AA,?,?,008950AA,?,?,00000000,00000000,?,?,?,?,?,?,00894F20,?), ref: 008D35E6
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                        • String ID: SCRIPT
                                                                        • API String ID: 3051347437-3967369404
                                                                        • Opcode ID: 722cc31f54d79353c35d48fafb97137e8766c9055d1aa4edd18e36e177c37fe4
                                                                        • Instruction ID: 36c29b97b35ca995d8b41e0a6bf7a53ba96efed019272d22a6b135acb64faace
                                                                        • Opcode Fuzzy Hash: 722cc31f54d79353c35d48fafb97137e8766c9055d1aa4edd18e36e177c37fe4
                                                                        • Instruction Fuzzy Hash: C2117CB0204701BFEB219BA5DC48F2B7BB9FFC5B51F248169B412D6650DBB2D8019620
                                                                        Function 008D2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00892B6B
                                                                          • Part of subcall function 00893A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00961418,?,00892E7F,?,?,?,00000000), ref: 00893A78
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                        • GetForegroundWindow.USER32(runas,?,?,?,?,?,00952224), ref: 008D2C10
                                                                        • ShellExecuteW.SHELL32(00000000,?,?,00952224), ref: 008D2C17
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                        • String ID: runas
                                                                        • API String ID: 448630720-4000483414
                                                                        • Opcode ID: a75f137429ccc6e546cb2b92730b78a10589ef22da7d6d48f967a8a05831debf
                                                                        • Instruction ID: f3c11519cd2310dc535d75e961109951e59dc850bcbb0ce3debd2f867ba52f9b
                                                                        • Opcode Fuzzy Hash: a75f137429ccc6e546cb2b92730b78a10589ef22da7d6d48f967a8a05831debf
                                                                        • Instruction Fuzzy Hash: D6119D31208305AACF14FF68D8529BE77E4FBA1355F4C042DF582D21A2DF618A0AA713
                                                                        Function 008FD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 008FD501
                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 008FD50F
                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 008FD52F
                                                                        • FindCloseChangeNotification.KERNEL32(00000000), ref: 008FD5DC
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                        • String ID:
                                                                        • API String ID: 3243318325-0
                                                                        • Opcode ID: f7564788a8623a3ced59afcd2ab383a6ecd7bc77a7f37527d27a8fa2b6111f61
                                                                        • Instruction ID: 398ecf5a17fa2f65301f8d9c8fb95b680798aadac7fd1883f329b4a97e9c5771
                                                                        • Opcode Fuzzy Hash: f7564788a8623a3ced59afcd2ab383a6ecd7bc77a7f37527d27a8fa2b6111f61
                                                                        • Instruction Fuzzy Hash: 8E318F710083049FD704EF68C881ABEBBE8FF99354F14092DF681C21A1EB61A949CB93
                                                                        Function 008FDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 907 8fdbbe-8fdbda lstrlenW 908 8fdbdc-8fdbe6 GetFileAttributesW 907->908 909 8fdc06 907->909 910 8fdc09-8fdc0d 908->910 911 8fdbe8-8fdbf7 FindFirstFileW 908->911 909->910 911->909 912 8fdbf9-8fdc04 FindClose 911->912 912->910
                                                                        APIs
                                                                        • lstrlenW.KERNEL32(?,008D5222), ref: 008FDBCE
                                                                        • GetFileAttributesW.KERNEL32(?), ref: 008FDBDD
                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 008FDBEE
                                                                        • FindClose.KERNEL32(00000000), ref: 008FDBFA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                        • String ID:
                                                                        • API String ID: 2695905019-0
                                                                        • Opcode ID: 476761b6a95da53a900b0d96930a4664c0500f224636899c162111bbe5fa74b5
                                                                        • Instruction ID: 58b7cc83b7dd4f0e6f5f35d57307f20504169087cedfc18db2ddbe18480dcaab
                                                                        • Opcode Fuzzy Hash: 476761b6a95da53a900b0d96930a4664c0500f224636899c162111bbe5fa74b5
                                                                        • Instruction Fuzzy Hash: ABF0A070829A189782306B78AC0E8BE376DEF01334B104702FA76C22E0EBB0995696D5
                                                                        Function 008B4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32(008C28E9,?,008B4CBE,008C28E9,009588B8,0000000C,008B4E15,008C28E9,00000002,00000000,?,008C28E9), ref: 008B4D09
                                                                        • TerminateProcess.KERNEL32(00000000,?,008B4CBE,008C28E9,009588B8,0000000C,008B4E15,008C28E9,00000002,00000000,?,008C28E9), ref: 008B4D10
                                                                        • ExitProcess.KERNEL32 ref: 008B4D22
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Process$CurrentExitTerminate
                                                                        • String ID:
                                                                        • API String ID: 1703294689-0
                                                                        • Opcode ID: 28bd50e1700a6f1f7fac639b3f9a6f3593eba117f202f37d4265638c44c2efea
                                                                        • Instruction ID: ac9d2f41ecca913903ecb96a9dd02bd8d3d5196de324e45a7c1de274bfa18a7c
                                                                        • Opcode Fuzzy Hash: 28bd50e1700a6f1f7fac639b3f9a6f3593eba117f202f37d4265638c44c2efea
                                                                        • Instruction Fuzzy Hash: 15E0B671014548ABCF21AF58ED0AE993B69FB41795B148418FC05CA223CB35DD52EB84
                                                                        Function 0089D730 Relevance: 21.6, APIs: 14, Instructions: 631windowsleeptimeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetInputState.USER32 ref: 0089D807
                                                                        • timeGetTime.WINMM ref: 0089DA07
                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0089DB28
                                                                        • TranslateMessage.USER32(?), ref: 0089DB7B
                                                                        • DispatchMessageW.USER32(?), ref: 0089DB89
                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0089DB9F
                                                                        • Sleep.KERNEL32(0000000A), ref: 0089DBB1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                        • String ID:
                                                                        • API String ID: 2189390790-0
                                                                        • Opcode ID: b1d4ef9f742a20f991733c4630fc01dce348985b6f9cf45a7882a68516ea9c9f
                                                                        • Instruction ID: 36f033f7d097c5ddff28991221ac54b62f65b6530414f95ab7a47c321ef7f37a
                                                                        • Opcode Fuzzy Hash: b1d4ef9f742a20f991733c4630fc01dce348985b6f9cf45a7882a68516ea9c9f
                                                                        • Instruction Fuzzy Hash: 41420070608345DFDB28EF29C844BAABBE4FF86314F18452DE556C72A1D770E844DB86
                                                                        Function 00892CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00892D07
                                                                        • RegisterClassExW.USER32(00000030), ref: 00892D31
                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00892D42
                                                                        • InitCommonControlsEx.COMCTL32(?), ref: 00892D5F
                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00892D6F
                                                                        • LoadIconW.USER32(000000A9), ref: 00892D85
                                                                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00892D94
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                        • API String ID: 2914291525-1005189915
                                                                        • Opcode ID: 9d263ce87585318c35fdb3f4c4721c03d40907a3be102a645db3d041058b1559
                                                                        • Instruction ID: d8e75c74054c9b484bf86a0e4b0cc68cda9cbea8fb14f83711172fb8153c22c3
                                                                        • Opcode Fuzzy Hash: 9d263ce87585318c35fdb3f4c4721c03d40907a3be102a645db3d041058b1559
                                                                        • Instruction Fuzzy Hash: 5721F4B5D69318AFDB10DFA4EC49BDDBBB8FB08701F04411AF611A62A0D7B10545EF91
                                                                        Function 008D065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 302 8d065b-8d068b call 8d042f 305 8d068d-8d0698 call 8bf2c6 302->305 306 8d06a6-8d06b2 call 8c5221 302->306 311 8d069a-8d06a1 call 8bf2d9 305->311 312 8d06cb-8d0714 call 8d039a 306->312 313 8d06b4-8d06c9 call 8bf2c6 call 8bf2d9 306->313 322 8d097d-8d0983 311->322 320 8d0716-8d071f 312->320 321 8d0781-8d078a GetFileType 312->321 313->311 325 8d0756-8d077c GetLastError call 8bf2a3 320->325 326 8d0721-8d0725 320->326 327 8d078c-8d07bd GetLastError call 8bf2a3 CloseHandle 321->327 328 8d07d3-8d07d6 321->328 325->311 326->325 331 8d0727-8d0754 call 8d039a 326->331 327->311 339 8d07c3-8d07ce call 8bf2d9 327->339 329 8d07df-8d07e5 328->329 330 8d07d8-8d07dd 328->330 334 8d07e9-8d0837 call 8c516a 329->334 335 8d07e7 329->335 330->334 331->321 331->325 345 8d0839-8d0845 call 8d05ab 334->345 346 8d0847-8d086b call 8d014d 334->346 335->334 339->311 345->346 353 8d086f-8d0879 call 8c86ae 345->353 351 8d086d 346->351 352 8d087e-8d08c1 346->352 351->353 355 8d08c3-8d08c7 352->355 356 8d08e2-8d08f0 352->356 353->322 355->356 358 8d08c9-8d08dd 355->358 359 8d097b 356->359 360 8d08f6-8d08fa 356->360 358->356 359->322 360->359 361 8d08fc-8d092f CloseHandle call 8d039a 360->361 364 8d0931-8d095d GetLastError call 8bf2a3 call 8c5333 361->364 365 8d0963-8d0977 361->365 364->365 365->359
                                                                        APIs
                                                                          • Part of subcall function 008D039A: CreateFileW.KERNEL32(00000000,00000000,?,008D0704,?,?,00000000,?,008D0704,00000000,0000000C), ref: 008D03B7
                                                                        • GetLastError.KERNEL32 ref: 008D076F
                                                                        • __dosmaperr.LIBCMT ref: 008D0776
                                                                        • GetFileType.KERNEL32(00000000), ref: 008D0782
                                                                        • GetLastError.KERNEL32 ref: 008D078C
                                                                        • __dosmaperr.LIBCMT ref: 008D0795
                                                                        • CloseHandle.KERNEL32(00000000), ref: 008D07B5
                                                                        • CloseHandle.KERNEL32(?), ref: 008D08FF
                                                                        • GetLastError.KERNEL32 ref: 008D0931
                                                                        • __dosmaperr.LIBCMT ref: 008D0938
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                        • String ID: H
                                                                        • API String ID: 4237864984-2852464175
                                                                        • Opcode ID: 0b574bec533af784935a02d02adb354ff64fc9e2adab930d955f6cdbcf702167
                                                                        • Instruction ID: 119ccab581df7f2a219d5ea48e8946f6132d39bc56b26764d01f581f0549dd4d
                                                                        • Opcode Fuzzy Hash: 0b574bec533af784935a02d02adb354ff64fc9e2adab930d955f6cdbcf702167
                                                                        • Instruction Fuzzy Hash: 8AA1F332A141089FDF19AF68DC91BAE7BA0FB46324F14025EF815DF392D6719812DF92
                                                                        Function 0089344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                          • Part of subcall function 00893A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00961418,?,00892E7F,?,?,?,00000000), ref: 00893A78
                                                                          • Part of subcall function 00893357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00893379
                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0089356A
                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 008D318D
                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 008D31CE
                                                                        • RegCloseKey.ADVAPI32(?), ref: 008D3210
                                                                        • _wcslen.LIBCMT ref: 008D3277
                                                                        • _wcslen.LIBCMT ref: 008D3286
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                        • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                        • API String ID: 98802146-2727554177
                                                                        • Opcode ID: 0c04d0d60f291962b39834b1dc7d50341e3ea001c3f0e77836e320b4bc66d925
                                                                        • Instruction ID: 28b2afaf81e98b32615296baf8ab3e6081c5133bae45c7e4f4c5896b4e2a66f0
                                                                        • Opcode Fuzzy Hash: 0c04d0d60f291962b39834b1dc7d50341e3ea001c3f0e77836e320b4bc66d925
                                                                        • Instruction Fuzzy Hash: 1571C0714187019EC714EF69EC82C6BBBE8FF95B40F44092EF585C32A0EB708A48DB52
                                                                        Function 00892B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00892B8E
                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00892B9D
                                                                        • LoadIconW.USER32(00000063), ref: 00892BB3
                                                                        • LoadIconW.USER32(000000A4), ref: 00892BC5
                                                                        • LoadIconW.USER32(000000A2), ref: 00892BD7
                                                                        • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00892BEF
                                                                        • RegisterClassExW.USER32(?), ref: 00892C40
                                                                          • Part of subcall function 00892CD4: GetSysColorBrush.USER32(0000000F), ref: 00892D07
                                                                          • Part of subcall function 00892CD4: RegisterClassExW.USER32(00000030), ref: 00892D31
                                                                          • Part of subcall function 00892CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00892D42
                                                                          • Part of subcall function 00892CD4: InitCommonControlsEx.COMCTL32(?), ref: 00892D5F
                                                                          • Part of subcall function 00892CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00892D6F
                                                                          • Part of subcall function 00892CD4: LoadIconW.USER32(000000A9), ref: 00892D85
                                                                          • Part of subcall function 00892CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00892D94
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                        • String ID: #$0$AutoIt v3
                                                                        • API String ID: 423443420-4155596026
                                                                        • Opcode ID: dae07537430594fac7219fbbffe6d229305b5dbb01ede552acd4727e1e41d7d9
                                                                        • Instruction ID: 23af842c03e8c5830eeea6cdf59829ea097ba2a58d5c38de74b6df0bf62aaab1
                                                                        • Opcode Fuzzy Hash: dae07537430594fac7219fbbffe6d229305b5dbb01ede552acd4727e1e41d7d9
                                                                        • Instruction Fuzzy Hash: 782109B4E28314ABDB109FA5EC55E9D7FB4FB48B50F48001EE501A67A0D7F14640EF90
                                                                        Function 00893170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 443 893170-893185 444 8931e5-8931e7 443->444 445 893187-89318a 443->445 444->445 446 8931e9 444->446 447 8931eb 445->447 448 89318c-893193 445->448 449 8931d0-8931d8 DefWindowProcW 446->449 450 8d2dfb-8d2e23 call 8918e2 call 8ae499 447->450 451 8931f1-8931f6 447->451 452 893199-89319e 448->452 453 893265-89326d PostQuitMessage 448->453 454 8931de-8931e4 449->454 486 8d2e28-8d2e2f 450->486 456 8931f8-8931fb 451->456 457 89321d-893244 SetTimer RegisterWindowMessageW 451->457 459 8d2e7c-8d2e90 call 8fbf30 452->459 460 8931a4-8931a8 452->460 455 893219-89321b 453->455 455->454 461 8d2d9c-8d2d9f 456->461 462 893201-89320f KillTimer call 8930f2 456->462 457->455 464 893246-893251 CreatePopupMenu 457->464 459->455 478 8d2e96 459->478 465 8d2e68-8d2e77 call 8fc161 460->465 466 8931ae-8931b3 460->466 469 8d2dd7-8d2df6 MoveWindow 461->469 470 8d2da1-8d2da5 461->470 482 893214 call 893c50 462->482 464->455 465->455 474 8d2e4d-8d2e54 466->474 475 8931b9-8931be 466->475 469->455 479 8d2da7-8d2daa 470->479 480 8d2dc6-8d2dd2 SetFocus 470->480 474->449 481 8d2e5a-8d2e63 call 8f0ad7 474->481 476 893253-893263 call 89326f 475->476 477 8931c4-8931ca 475->477 476->455 477->449 477->486 478->449 479->477 487 8d2db0-8d2dc1 call 8918e2 479->487 480->455 481->449 482->455 486->449 491 8d2e35-8d2e48 call 8930f2 call 893837 486->491 487->455 491->449
                                                                        APIs
                                                                        • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0089316A,?,?), ref: 008931D8
                                                                        • KillTimer.USER32(?,00000001,?,?,?,?,?,0089316A,?,?), ref: 00893204
                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00893227
                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0089316A,?,?), ref: 00893232
                                                                        • CreatePopupMenu.USER32 ref: 00893246
                                                                        • PostQuitMessage.USER32(00000000), ref: 00893267
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                        • String ID: TaskbarCreated
                                                                        • API String ID: 129472671-2362178303
                                                                        • Opcode ID: 61b87c56e0e635650a54004509612090e2ce7e6c4d906763738a66ec7a450078
                                                                        • Instruction ID: 3a6925981b7f8a7f14ad14ecfbbb06f0ac2e985d85b9d33a8cd68b61d3fd401c
                                                                        • Opcode Fuzzy Hash: 61b87c56e0e635650a54004509612090e2ce7e6c4d906763738a66ec7a450078
                                                                        • Instruction Fuzzy Hash: 1F41F731258208A7DF253BB89D0DB7D375AFB05345F0C012AF512D67B1CBA19A41A7A2
                                                                        Function 00891410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 499 891410-891449 500 8d24b8-8d24b9 DestroyWindow 499->500 501 89144f-891465 mciSendStringW 499->501 504 8d24c4-8d24d1 500->504 502 89146b-891473 501->502 503 8916c6-8916d3 501->503 502->504 505 891479-891488 call 89182e 502->505 506 8916f8-8916ff 503->506 507 8916d5-8916f0 UnregisterHotKey 503->507 508 8d2500-8d2507 504->508 509 8d24d3-8d24d6 504->509 520 8d250e-8d251a 505->520 521 89148e-891496 505->521 506->502 512 891705 506->512 507->506 511 8916f2-8916f3 call 8910d0 507->511 508->504 517 8d2509 508->517 513 8d24d8-8d24e0 call 896246 509->513 514 8d24e2-8d24e5 FindClose 509->514 511->506 512->503 519 8d24eb-8d24f8 513->519 514->519 517->520 519->508 525 8d24fa-8d24fb call 9032b1 519->525 522 8d251c-8d251e FreeLibrary 520->522 523 8d2524-8d252b 520->523 526 89149c-8914c1 call 89cfa0 521->526 527 8d2532-8d253f 521->527 522->523 523->520 528 8d252d 523->528 525->508 537 8914f8-891503 OleUninitialize 526->537 538 8914c3 526->538 529 8d2566-8d256d 527->529 530 8d2541-8d255e VirtualFree 527->530 528->527 529->527 534 8d256f 529->534 530->529 533 8d2560-8d2561 call 903317 530->533 533->529 540 8d2574-8d2578 534->540 539 891509-89150e 537->539 537->540 541 8914c6-8914f6 call 891a05 call 8919ae 538->541 542 8d2589-8d2596 call 9032eb 539->542 543 891514-89151e 539->543 540->539 544 8d257e-8d2584 540->544 541->537 555 8d2598 542->555 548 891524-8915a5 call 89988f call 891944 call 8917d5 call 8afe14 call 89177c call 89988f call 89cfa0 call 8917fe call 8afe14 543->548 549 891707-891714 call 8af80e 543->549 544->539 561 8d259d-8d25bf call 8afdcd 548->561 589 8915ab-8915cf call 8afe14 548->589 549->548 559 89171a 549->559 555->561 559->549 567 8d25c1 561->567 570 8d25c6-8d25e8 call 8afdcd 567->570 577 8d25ea 570->577 580 8d25ef-8d2611 call 8afdcd 577->580 585 8d2613 580->585 588 8d2618-8d2625 call 8f64d4 585->588 594 8d2627 588->594 589->570 595 8915d5-8915f9 call 8afe14 589->595 597 8d262c-8d2639 call 8aac64 594->597 595->580 600 8915ff-891619 call 8afe14 595->600 604 8d263b 597->604 600->588 605 89161f-891643 call 8917d5 call 8afe14 600->605 607 8d2640-8d264d call 903245 604->607 605->597 614 891649-891651 605->614 612 8d264f 607->612 615 8d2654-8d2661 call 9032cc 612->615 614->607 616 891657-891675 call 89988f call 89190a 614->616 621 8d2663 615->621 616->615 625 89167b-891689 616->625 624 8d2668-8d2675 call 9032cc 621->624 631 8d2677 624->631 625->624 627 89168f-8916c5 call 89988f * 3 call 891876 625->627 631->631
                                                                        APIs
                                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00891459
                                                                        • OleUninitialize.OLE32(?,00000000), ref: 008914F8
                                                                        • UnregisterHotKey.USER32(?), ref: 008916DD
                                                                        • DestroyWindow.USER32(?), ref: 008D24B9
                                                                        • FreeLibrary.KERNEL32(?), ref: 008D251E
                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 008D254B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                        • String ID: close all
                                                                        • API String ID: 469580280-3243417748
                                                                        • Opcode ID: 81f3607f4f3eb1cb6adf5b209c5c8c33dae6a61bcf968fa5b7a6c0964f52c70c
                                                                        • Instruction ID: 35e1daf44358ee6d9c0f71aa001b4afc0787b7cc3c33fa547ccbf9e19d044cb7
                                                                        • Opcode Fuzzy Hash: 81f3607f4f3eb1cb6adf5b209c5c8c33dae6a61bcf968fa5b7a6c0964f52c70c
                                                                        • Instruction Fuzzy Hash: CED17A306052128FDF29EF58D899A28F7A4FF15710F1942AEE54AEB352CB30AC12CF51
                                                                        Function 00892C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 648 892c63-892cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                        APIs
                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00892C91
                                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00892CB2
                                                                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,00891CAD,?), ref: 00892CC6
                                                                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,00891CAD,?), ref: 00892CCF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$CreateShow
                                                                        • String ID: AutoIt v3$edit
                                                                        • API String ID: 1584632944-3779509399
                                                                        • Opcode ID: 5d688989f4328e9c6191431fe38cd3234dda0d94da89d1664a35ca2731dd0e44
                                                                        • Instruction ID: 16086661ea0bb5467170e13aa6e4ded9668d2ab2685a79c4ed768fc568a9c398
                                                                        • Opcode Fuzzy Hash: 5d688989f4328e9c6191431fe38cd3234dda0d94da89d1664a35ca2731dd0e44
                                                                        • Instruction Fuzzy Hash: F2F0FEB55643907AEB711717AC08E7B3EBDD7CAF50F04005EF901A36A0C6B11851FAB1
                                                                        Function 0091AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 763 91ad64-91ad9c call 89a961 call 8b2340 768 91add1-91add5 763->768 769 91ad9e-91adb5 call 897510 763->769 771 91adf1-91adf5 768->771 772 91add7-91adee call 897510 call 897620 768->772 769->768 778 91adb7-91adce call 897510 call 897620 769->778 773 91adf7-91ae0e call 897510 771->773 774 91ae3a 771->774 772->771 779 91ae3c-91ae40 773->779 787 91ae10-91ae21 call 899b47 773->787 774->779 778->768 783 91ae53-91aeae call 8b2340 call 897510 ShellExecuteExW 779->783 784 91ae42-91ae50 call 89b567 779->784 800 91aeb0-91aeb6 call 8afe14 783->800 801 91aeb7-91aeb9 783->801 784->783 787->774 799 91ae23-91ae2e call 897510 787->799 799->774 808 91ae30-91ae35 call 89a8c7 799->808 800->801 805 91aec2-91aec6 801->805 806 91aebb-91aec1 call 8afe14 801->806 810 91aec8-91aed6 805->810 811 91af0a-91af0e 805->811 806->805 808->774 816 91aed8 810->816 817 91aedb-91aeeb 810->817 812 91af10-91af19 811->812 813 91af1b-91af33 call 89cfa0 811->813 820 91af6d-91af7b call 89988f 812->820 813->820 827 91af35-91af46 GetProcessId 813->827 816->817 818 91aef0-91af08 call 89cfa0 817->818 819 91aeed 817->819 818->820 819->818 828 91af48 827->828 829 91af4e-91af67 call 89cfa0 CloseHandle 827->829 828->829 829->820
                                                                        APIs
                                                                        • ShellExecuteExW.SHELL32(0000003C), ref: 0091AEA3
                                                                          • Part of subcall function 00897620: _wcslen.LIBCMT ref: 00897625
                                                                        • GetProcessId.KERNEL32(00000000), ref: 0091AF38
                                                                        • CloseHandle.KERNEL32(00000000), ref: 0091AF67
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                        • String ID: <$@
                                                                        • API String ID: 146682121-1426351568
                                                                        • Opcode ID: edd09bffa8cc82945237127ccadd4c621a6844384a685d5a6e65eead57ca5fb4
                                                                        • Instruction ID: a0c46bd643ca9c00889b24b1f5d8d383344979f7e2bd875f09d352614bc38b43
                                                                        • Opcode Fuzzy Hash: edd09bffa8cc82945237127ccadd4c621a6844384a685d5a6e65eead57ca5fb4
                                                                        • Instruction Fuzzy Hash: 87713775A006199FCB14EF58C484A9EBBF4FF08314F048499E816AB3A2C775ED85CB92
                                                                        Function 00893B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 868 893b1c-893b27 869 893b99-893b9b 868->869 870 893b29-893b2e 868->870 871 893b8c-893b8f 869->871 870->869 872 893b30-893b48 RegOpenKeyExW 870->872 872->869 873 893b4a-893b69 RegQueryValueExW 872->873 874 893b6b-893b76 873->874 875 893b80-893b8b RegCloseKey 873->875 876 893b78-893b7a 874->876 877 893b90-893b97 874->877 875->871 878 893b7e 876->878 877->878 878->875
                                                                        APIs
                                                                        • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00893B0F,SwapMouseButtons,00000004,?), ref: 00893B40
                                                                        • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00893B0F,SwapMouseButtons,00000004,?), ref: 00893B61
                                                                        • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00893B0F,SwapMouseButtons,00000004,?), ref: 00893B83
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CloseOpenQueryValue
                                                                        • String ID: Control Panel\Mouse
                                                                        • API String ID: 3677997916-824357125
                                                                        • Opcode ID: 74dff3abd12816532a9f2a4981b459ca14873aba5954229fb5d068bd7bef8bf4
                                                                        • Instruction ID: 86e8bfc48efd9721b9eaffcbc13740dbd8ea730302b4055da9ac2f5be9c5e1d4
                                                                        • Opcode Fuzzy Hash: 74dff3abd12816532a9f2a4981b459ca14873aba5954229fb5d068bd7bef8bf4
                                                                        • Instruction Fuzzy Hash: 97112AB5520208FFDF209FA5DC44EAEB7B8FF05754B144459A805D7210D2719E41A7A0
                                                                        Function 00893923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 008D33A2
                                                                          • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00893A04
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: IconLoadNotifyShell_String_wcslen
                                                                        • String ID: Line:
                                                                        • API String ID: 2289894680-1585850449
                                                                        • Opcode ID: ab1c9eee82a608ff585583c52ab65e3ccefd8297a3a7ada488433ac24984fa99
                                                                        • Instruction ID: a3024f1789a461adda91fbd15b40ce8b9cc6e7825fb59294a48ea318d79cf24b
                                                                        • Opcode Fuzzy Hash: ab1c9eee82a608ff585583c52ab65e3ccefd8297a3a7ada488433ac24984fa99
                                                                        • Instruction Fuzzy Hash: 24319E71408304AACB25FB24DC45BEBB7E8FB45714F08452EF59AD2291EBB09A4897C3
                                                                        Function 008AFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 008B0668
                                                                          • Part of subcall function 008B32A4: RaiseException.KERNEL32(?,?,?,008B068A,?,00961444,?,?,?,?,?,?,008B068A,00891129,00958738,00891129), ref: 008B3304
                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 008B0685
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Exception@8Throw$ExceptionRaise
                                                                        • String ID: Unknown exception
                                                                        • API String ID: 3476068407-410509341
                                                                        • Opcode ID: cae41efc5f43434e1d54b72f41f009ef58a62cf49f23474686318fb490d0a5ba
                                                                        • Instruction ID: 00b10530fef9474ccab8bf72a0560d0463bf983825b11f5031a3c560354be037
                                                                        • Opcode Fuzzy Hash: cae41efc5f43434e1d54b72f41f009ef58a62cf49f23474686318fb490d0a5ba
                                                                        • Instruction Fuzzy Hash: 5FF0C23490030D778F10B6A8D846CDF776CFE51354B604131B914E6AA2EF71EA29CE82
                                                                        Function 008910F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00891BF4
                                                                          • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00891BFC
                                                                          • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00891C07
                                                                          • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00891C12
                                                                          • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00891C1A
                                                                          • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00891C22
                                                                          • Part of subcall function 00891B4A: RegisterWindowMessageW.USER32(00000004,?,008912C4), ref: 00891BA2
                                                                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0089136A
                                                                        • OleInitialize.OLE32 ref: 00891388
                                                                        • CloseHandle.KERNEL32(00000000,00000000), ref: 008D24AB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                        • String ID:
                                                                        • API String ID: 1986988660-0
                                                                        • Opcode ID: e4ef9a378b64ceeac4b2a8dc42e05058c207cda55dee0476c47d85ddac027789
                                                                        • Instruction ID: 0d620dbd461a26656187f62bdc0be0d2c1a0ff9f6a06bcc9b71b5d8dd89a5b71
                                                                        • Opcode Fuzzy Hash: e4ef9a378b64ceeac4b2a8dc42e05058c207cda55dee0476c47d85ddac027789
                                                                        • Instruction Fuzzy Hash: CD719EB89293018FCB94EF7EA945659BAE5FB8834475C812EE01BC7271EBB04441FF46
                                                                        Function 008C86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,008C85CC,?,00958CC8,0000000C), ref: 008C8704
                                                                        • GetLastError.KERNEL32(?,008C85CC,?,00958CC8,0000000C), ref: 008C870E
                                                                        • __dosmaperr.LIBCMT ref: 008C8739
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                        • String ID:
                                                                        • API String ID: 490808831-0
                                                                        • Opcode ID: 35c035248079ffd473162e05b4480642cc588d6ffa3bdb1937ac82ec6d47ae49
                                                                        • Instruction ID: 4455a974d03749d28d6183481873a8d493c017a93db1ac32bb241528dc2e726f
                                                                        • Opcode Fuzzy Hash: 35c035248079ffd473162e05b4480642cc588d6ffa3bdb1937ac82ec6d47ae49
                                                                        • Instruction Fuzzy Hash: CE012F32645560A6D62462385C49F7F6775EB92778F35021DF814CB2D2DEB0DCC19151
                                                                        Function 008A1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • __Init_thread_footer.LIBCMT ref: 008A17F6
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Init_thread_footer
                                                                        • String ID: CALL
                                                                        • API String ID: 1385522511-4196123274
                                                                        • Opcode ID: c5c6985d61383b6b0fca3868952c5a79f5141a4d8d1b7368fc620fdd250fe6cd
                                                                        • Instruction ID: 39f7d20a374ba6fdc236f09954c1bcec1e20a563a46046332b58b72099b3c0cf
                                                                        • Opcode Fuzzy Hash: c5c6985d61383b6b0fca3868952c5a79f5141a4d8d1b7368fc620fdd250fe6cd
                                                                        • Instruction Fuzzy Hash: 6B228C706082419FEB14DF19C484A2ABBF1FF96354F18892DF496CB7A2D771E851CB82
                                                                        Function 00892DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetOpenFileNameW.COMDLG32(?), ref: 008D2C8C
                                                                          • Part of subcall function 00893AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00893A97,?,?,00892E7F,?,?,?,00000000), ref: 00893AC2
                                                                          • Part of subcall function 00892DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00892DC4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Name$Path$FileFullLongOpen
                                                                        • String ID: X
                                                                        • API String ID: 779396738-3081909835
                                                                        • Opcode ID: 0ed4b96ec2f376f98325954ae7161ed82275fbaccc16508ae0fcd50754671f65
                                                                        • Instruction ID: c91f5a0d5cb40f5cf315136829a709ea0c671cc117148384939478fe7b9c2347
                                                                        • Opcode Fuzzy Hash: 0ed4b96ec2f376f98325954ae7161ed82275fbaccc16508ae0fcd50754671f65
                                                                        • Instruction Fuzzy Hash: A421C371A10258AFCF01EF98C845BEE7BF8FF48315F04405AE405E7341EBB45A498BA2
                                                                        Function 00893837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00893908
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: IconNotifyShell_
                                                                        • String ID:
                                                                        • API String ID: 1144537725-0
                                                                        • Opcode ID: 9ff6ff93f2a0b7d2f39f327f9d851f352ec8a28c563116d0d95aa49b39381fe8
                                                                        • Instruction ID: 21b7b6c13e7dca0bdeaa9d30f2006a82c792022f004b200fea3035caf123ef8f
                                                                        • Opcode Fuzzy Hash: 9ff6ff93f2a0b7d2f39f327f9d851f352ec8a28c563116d0d95aa49b39381fe8
                                                                        • Instruction Fuzzy Hash: 9831A5706083019FD720EF64D884B97BBE4FB49708F04092EF59AD7350E7B1AA44DB92
                                                                        Function 00894ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00894E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00894EDD,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E9C
                                                                          • Part of subcall function 00894E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00894EAE
                                                                          • Part of subcall function 00894E90: FreeLibrary.KERNEL32(00000000,?,?,00894EDD,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894EC0
                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894EFD
                                                                          • Part of subcall function 00894E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,008D3CDE,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E62
                                                                          • Part of subcall function 00894E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00894E74
                                                                          • Part of subcall function 00894E59: FreeLibrary.KERNEL32(00000000,?,?,008D3CDE,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E87
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Library$Load$AddressFreeProc
                                                                        • String ID:
                                                                        • API String ID: 2632591731-0
                                                                        • Opcode ID: 8b69a12b74fbf73204574a310d78d0e6325e19c693a9ea0a1735fd059f9da5e9
                                                                        • Instruction ID: e6d1266c9f54773a2ef5d36a5a908c7b38ecdc95044cdbf7dc929844049cdcbc
                                                                        • Opcode Fuzzy Hash: 8b69a12b74fbf73204574a310d78d0e6325e19c693a9ea0a1735fd059f9da5e9
                                                                        • Instruction Fuzzy Hash: 5F11E332610206AACF24BF68DC02FAD77A5FF40754F14842EF542E62D1EE709A069752
                                                                        Function 008C8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: __wsopen_s
                                                                        • String ID:
                                                                        • API String ID: 3347428461-0
                                                                        • Opcode ID: a9b92e1c562d6b3542e86ac429d90e992d1faa678ce17fd50cc4528eba1f4b00
                                                                        • Instruction ID: a5083a7febc39ae3059187483c17c341bf574336568f2d1a24e197245a54617f
                                                                        • Opcode Fuzzy Hash: a9b92e1c562d6b3542e86ac429d90e992d1faa678ce17fd50cc4528eba1f4b00
                                                                        • Instruction Fuzzy Hash: 1911067590410AEFCB09DF58E941E9A7BF9FF48314F154069F808EB312DA31DA118BA5
                                                                        Function 008C5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008C4C7D: RtlAllocateHeap.NTDLL(00000008,00891129,00000000,?,008C2E29,00000001,00000364,?,?,?,008BF2DE,008C3863,00961444,?,008AFDF5,?), ref: 008C4CBE
                                                                        • _free.LIBCMT ref: 008C506C
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeap_free
                                                                        • String ID:
                                                                        • API String ID: 614378929-0
                                                                        • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                        • Instruction ID: 800f1f7c456e79f56497951ae311af87e7a36e2de5bd512f15f5061af29902c0
                                                                        • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                        • Instruction Fuzzy Hash: 3A012672204B046BE721CE699881F5AFBF8FB89370F25051DE584C32C0EA30E845C6B4
                                                                        Function 008BE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                        • Instruction ID: 236fea34805a80266800176e8e5155fe3b2efefbbcda6b351d84c8fb41a8b388
                                                                        • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                        • Instruction Fuzzy Hash: BFF06D32511A14AED6312A6D9C05FDA27A8FF62335F100619F925D23D2DA74E805C6A6
                                                                        Function 008C4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(00000008,00891129,00000000,?,008C2E29,00000001,00000364,?,?,?,008BF2DE,008C3863,00961444,?,008AFDF5,?), ref: 008C4CBE
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: 25384aaacff44599c3c2433ed6397a438204bdd454abe9cf8238d0f3b3d78cc1
                                                                        • Instruction ID: f36917f3ed5f5642b8eae424ddf131f7450b4de76af5236e8e680b7d08e47aff
                                                                        • Opcode Fuzzy Hash: 25384aaacff44599c3c2433ed6397a438204bdd454abe9cf8238d0f3b3d78cc1
                                                                        • Instruction Fuzzy Hash: E9F0243160622467DB201F269C16F9A37A8FF403B0B046119FC05E62A1CAB0D84042E0
                                                                        Function 008C3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(00000000,?,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6,?,00891129), ref: 008C3852
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: e15aabee7f0bb796454bc579a3ce4538746a1ccb5e24f49a774eee475aa23e54
                                                                        • Instruction ID: 592a268a774d07c1c6a910e22b1cf780f33aa0ee79b99d2f2defffefe2a13e65
                                                                        • Opcode Fuzzy Hash: e15aabee7f0bb796454bc579a3ce4538746a1ccb5e24f49a774eee475aa23e54
                                                                        • Instruction Fuzzy Hash: FEE0E53110822457E6312A6A9C02FDA3778FB427B0F058038BC15D2692CB70DE0385E1
                                                                        Function 00894F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • FreeLibrary.KERNEL32(?,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894F6D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FreeLibrary
                                                                        • String ID:
                                                                        • API String ID: 3664257935-0
                                                                        • Opcode ID: 39bb8375506e9b740dfd34883b87de1cf7188290e5e5cbcc4081d5cd7fa63afc
                                                                        • Instruction ID: 7542eecfd74a6ae9487c1846a06ffbf89a5899d8ff3738e22445fde5df442b6e
                                                                        • Opcode Fuzzy Hash: 39bb8375506e9b740dfd34883b87de1cf7188290e5e5cbcc4081d5cd7fa63afc
                                                                        • Instruction Fuzzy Hash: 4FF015B1109752CFDB34AF64D494C66BBE4FF143293289A6EE1EAC2621CB319845DB10
                                                                        Function 008930F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0089314E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: IconNotifyShell_
                                                                        • String ID:
                                                                        • API String ID: 1144537725-0
                                                                        • Opcode ID: aeb6b2a8347423c4c856e98b3b5d9350afb559f579edec67031cf192d6714624
                                                                        • Instruction ID: b2ae2000cba55576ddd15721df82509998a945e6a00fab1e727aa7277b30d08f
                                                                        • Opcode Fuzzy Hash: aeb6b2a8347423c4c856e98b3b5d9350afb559f579edec67031cf192d6714624
                                                                        • Instruction Fuzzy Hash: A7F0A7709183049FEB52AB24DC45BDA7BFCB701708F0400E9E149D6391D7B05788DF81
                                                                        Function 00892DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00892DC4
                                                                          • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: LongNamePath_wcslen
                                                                        • String ID:
                                                                        • API String ID: 541455249-0
                                                                        • Opcode ID: 9e9a83864cb6431eb5bb39d28425194e25c5b646d4edc222299dca02119108fd
                                                                        • Instruction ID: 22dae07b4a1793604007a3ca8e436f36228cf0272beddce6e0b419be6a5024a0
                                                                        • Opcode Fuzzy Hash: 9e9a83864cb6431eb5bb39d28425194e25c5b646d4edc222299dca02119108fd
                                                                        • Instruction Fuzzy Hash: F4E0CD726041245BCB20A39CDC05FDA77DDEFC8790F040171FD09D7248ED60ED848551
                                                                        Function 00892B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00893837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00893908
                                                                          • Part of subcall function 0089D730: GetInputState.USER32 ref: 0089D807
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00892B6B
                                                                          • Part of subcall function 008930F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0089314E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                        • String ID:
                                                                        • API String ID: 3667716007-0
                                                                        • Opcode ID: 6f06e02803a0524bb4e4f2f6ff81353edeca4508b7005711d0a38faf5629ddfa
                                                                        • Instruction ID: b98a53f69119ddb04c254cc7230c53cc1c5707674e02e5c28968940bd2ead9e8
                                                                        • Opcode Fuzzy Hash: 6f06e02803a0524bb4e4f2f6ff81353edeca4508b7005711d0a38faf5629ddfa
                                                                        • Instruction Fuzzy Hash: CEE0862130434416CE18BB7D985257DA799FBD5351F4C153EF146D3172DE6445454253
                                                                        Function 008D039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateFileW.KERNEL32(00000000,00000000,?,008D0704,?,?,00000000,?,008D0704,00000000,0000000C), ref: 008D03B7
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID:
                                                                        • API String ID: 823142352-0
                                                                        • Opcode ID: f6fb27f156d3203d4ebc8efb55de492b22e4c2461b81ff4d83132a1aecf4fe96
                                                                        • Instruction ID: fa79bcd366218414ed4a0a73c82ecf08c83433f5f4f99570275048d5f769fec2
                                                                        • Opcode Fuzzy Hash: f6fb27f156d3203d4ebc8efb55de492b22e4c2461b81ff4d83132a1aecf4fe96
                                                                        • Instruction Fuzzy Hash: F8D06C3205410DBBDF129F84DD06EDA3BAAFB48714F014000BE1856021C732E832AB90
                                                                        Function 00891CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00891CBC
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InfoParametersSystem
                                                                        • String ID:
                                                                        • API String ID: 3098949447-0
                                                                        • Opcode ID: f29f214c0c3596f4df1ae9b8f0e0985eed36f7c5530a3a0ddc0d4fa557bf138b
                                                                        • Instruction ID: 92963e06b4f375e39d97179305db82b64f417297f3a27d8cbc09edb8539fa819
                                                                        • Opcode Fuzzy Hash: f29f214c0c3596f4df1ae9b8f0e0985eed36f7c5530a3a0ddc0d4fa557bf138b
                                                                        • Instruction Fuzzy Hash: 0CC092362AC304AFF3248B80BC4AF147764A758B00F088005F60AA96E3C3E26820FA90

                                                                        Non-executed Functions

                                                                        Function 00929576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                        • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0092961A
                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0092965B
                                                                        • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0092969F
                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009296C9
                                                                        • SendMessageW.USER32 ref: 009296F2
                                                                        • GetKeyState.USER32(00000011), ref: 0092978B
                                                                        • GetKeyState.USER32(00000009), ref: 00929798
                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 009297AE
                                                                        • GetKeyState.USER32(00000010), ref: 009297B8
                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009297E9
                                                                        • SendMessageW.USER32 ref: 00929810
                                                                        • SendMessageW.USER32(?,00001030,?,00927E95), ref: 00929918
                                                                        • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0092992E
                                                                        • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00929941
                                                                        • SetCapture.USER32(?), ref: 0092994A
                                                                        • ClientToScreen.USER32(?,?), ref: 009299AF
                                                                        • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 009299BC
                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009299D6
                                                                        • ReleaseCapture.USER32 ref: 009299E1
                                                                        • GetCursorPos.USER32(?), ref: 00929A19
                                                                        • ScreenToClient.USER32(?,?), ref: 00929A26
                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00929A80
                                                                        • SendMessageW.USER32 ref: 00929AAE
                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00929AEB
                                                                        • SendMessageW.USER32 ref: 00929B1A
                                                                        • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00929B3B
                                                                        • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00929B4A
                                                                        • GetCursorPos.USER32(?), ref: 00929B68
                                                                        • ScreenToClient.USER32(?,?), ref: 00929B75
                                                                        • GetParent.USER32(?), ref: 00929B93
                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00929BFA
                                                                        • SendMessageW.USER32 ref: 00929C2B
                                                                        • ClientToScreen.USER32(?,?), ref: 00929C84
                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00929CB4
                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00929CDE
                                                                        • SendMessageW.USER32 ref: 00929D01
                                                                        • ClientToScreen.USER32(?,?), ref: 00929D4E
                                                                        • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00929D82
                                                                          • Part of subcall function 008A9944: GetWindowLongW.USER32(?,000000EB), ref: 008A9952
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00929E05
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                        • String ID: @GUI_DRAGID$F
                                                                        • API String ID: 3429851547-4164748364
                                                                        • Opcode ID: 433778318564e539dd0b2b913c6c8d4395f7a85240f76fc14a06d5c860623896
                                                                        • Instruction ID: 4813a71111500988038904f46280012160892ce3022712ce4ccc4c092347e004
                                                                        • Opcode Fuzzy Hash: 433778318564e539dd0b2b913c6c8d4395f7a85240f76fc14a06d5c860623896
                                                                        • Instruction Fuzzy Hash: E242DD70208211AFDB24CF28EC44EAABBE9FF49314F140A1DF699872A4D731E851DF52
                                                                        Function 00924873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 009248F3
                                                                        • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00924908
                                                                        • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00924927
                                                                        • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0092494B
                                                                        • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0092495C
                                                                        • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0092497B
                                                                        • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 009249AE
                                                                        • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 009249D4
                                                                        • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00924A0F
                                                                        • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00924A56
                                                                        • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00924A7E
                                                                        • IsMenu.USER32(?), ref: 00924A97
                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00924AF2
                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00924B20
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00924B94
                                                                        • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00924BE3
                                                                        • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00924C82
                                                                        • wsprintfW.USER32 ref: 00924CAE
                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00924CC9
                                                                        • GetWindowTextW.USER32(?,00000000,00000001), ref: 00924CF1
                                                                        • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00924D13
                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00924D33
                                                                        • GetWindowTextW.USER32(?,00000000,00000001), ref: 00924D5A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                        • String ID: %d/%02d/%02d
                                                                        • API String ID: 4054740463-328681919
                                                                        • Opcode ID: 645fb5711935c2848035cc5d7b4b0f56796dd68433f5f07534500fc2f5fdcadf
                                                                        • Instruction ID: 00e3a2984b55572b9fe2dc53d9598838d605c742406f20c8362de4444b75b01f
                                                                        • Opcode Fuzzy Hash: 645fb5711935c2848035cc5d7b4b0f56796dd68433f5f07534500fc2f5fdcadf
                                                                        • Instruction Fuzzy Hash: 9212F171600225ABEB248F28EC49FAE7BF8FF85710F104529F516EB2E5DB789941CB50
                                                                        Function 008AF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 008AF998
                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 008EF474
                                                                        • IsIconic.USER32(00000000), ref: 008EF47D
                                                                        • ShowWindow.USER32(00000000,00000009), ref: 008EF48A
                                                                        • SetForegroundWindow.USER32(00000000), ref: 008EF494
                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 008EF4AA
                                                                        • GetCurrentThreadId.KERNEL32 ref: 008EF4B1
                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 008EF4BD
                                                                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 008EF4CE
                                                                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 008EF4D6
                                                                        • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 008EF4DE
                                                                        • SetForegroundWindow.USER32(00000000), ref: 008EF4E1
                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 008EF4F6
                                                                        • keybd_event.USER32(00000012,00000000), ref: 008EF501
                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 008EF50B
                                                                        • keybd_event.USER32(00000012,00000000), ref: 008EF510
                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 008EF519
                                                                        • keybd_event.USER32(00000012,00000000), ref: 008EF51E
                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 008EF528
                                                                        • keybd_event.USER32(00000012,00000000), ref: 008EF52D
                                                                        • SetForegroundWindow.USER32(00000000), ref: 008EF530
                                                                        • AttachThreadInput.USER32(?,000000FF,00000000), ref: 008EF557
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                        • String ID: Shell_TrayWnd
                                                                        • API String ID: 4125248594-2988720461
                                                                        • Opcode ID: 939ede3ac10b7bf312df9464f4d0b76f07cc67f2253a0124c9b089faefe00293
                                                                        • Instruction ID: 0d55460cdbaedcab1cb441cb2fbc0c6ad2cb1090a77230e2aa4850ff5a608461
                                                                        • Opcode Fuzzy Hash: 939ede3ac10b7bf312df9464f4d0b76f07cc67f2253a0124c9b089faefe00293
                                                                        • Instruction Fuzzy Hash: D53130B1A54218BAEB316BB65C4AFBF7E6CFB45B50F100065FA01E61D1C6B19901BBA0
                                                                        Function 008F1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008F16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 008F170D
                                                                          • Part of subcall function 008F16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 008F173A
                                                                          • Part of subcall function 008F16C3: GetLastError.KERNEL32 ref: 008F174A
                                                                        • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 008F1286
                                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 008F12A8
                                                                        • CloseHandle.KERNEL32(?), ref: 008F12B9
                                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 008F12D1
                                                                        • GetProcessWindowStation.USER32 ref: 008F12EA
                                                                        • SetProcessWindowStation.USER32(00000000), ref: 008F12F4
                                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 008F1310
                                                                          • Part of subcall function 008F10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008F11FC), ref: 008F10D4
                                                                          • Part of subcall function 008F10BF: CloseHandle.KERNEL32(?,?,008F11FC), ref: 008F10E9
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                        • String ID: $default$winsta0
                                                                        • API String ID: 22674027-1027155976
                                                                        • Opcode ID: ccf5ed1f73eb5e8c8cb3e45887d80c5727b31165a42e49e746942bec186b0ea3
                                                                        • Instruction ID: a6ae81dcb3d6b9ae1f8e9f51531b02ecb589c112b293cdad1d7f72fd99b0343c
                                                                        • Opcode Fuzzy Hash: ccf5ed1f73eb5e8c8cb3e45887d80c5727b31165a42e49e746942bec186b0ea3
                                                                        • Instruction Fuzzy Hash: 608188B1900209EBDF249FA8CC89BFE7BBAFF44704F144129FA11E62A1D7308955DB65
                                                                        Function 008F0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008F10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 008F1114
                                                                          • Part of subcall function 008F10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1120
                                                                          • Part of subcall function 008F10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F112F
                                                                          • Part of subcall function 008F10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1136
                                                                          • Part of subcall function 008F10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 008F114D
                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 008F0BCC
                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 008F0C00
                                                                        • GetLengthSid.ADVAPI32(?), ref: 008F0C17
                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 008F0C51
                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 008F0C6D
                                                                        • GetLengthSid.ADVAPI32(?), ref: 008F0C84
                                                                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 008F0C8C
                                                                        • HeapAlloc.KERNEL32(00000000), ref: 008F0C93
                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 008F0CB4
                                                                        • CopySid.ADVAPI32(00000000), ref: 008F0CBB
                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 008F0CEA
                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 008F0D0C
                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 008F0D1E
                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0D45
                                                                        • HeapFree.KERNEL32(00000000), ref: 008F0D4C
                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0D55
                                                                        • HeapFree.KERNEL32(00000000), ref: 008F0D5C
                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0D65
                                                                        • HeapFree.KERNEL32(00000000), ref: 008F0D6C
                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 008F0D78
                                                                        • HeapFree.KERNEL32(00000000), ref: 008F0D7F
                                                                          • Part of subcall function 008F1193: GetProcessHeap.KERNEL32(00000008,008F0BB1,?,00000000,?,008F0BB1,?), ref: 008F11A1
                                                                          • Part of subcall function 008F1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,008F0BB1,?), ref: 008F11A8
                                                                          • Part of subcall function 008F1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,008F0BB1,?), ref: 008F11B7
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                        • String ID:
                                                                        • API String ID: 4175595110-0
                                                                        • Opcode ID: 3273f70116be7978fe8e1d29911112cc4e5e17182c002ec48db7ae0513357611
                                                                        • Instruction ID: 8ead7a390e6ac9483ddd1f21660ab863d80b75e5e3f9e38af61572c3d40a6a70
                                                                        • Opcode Fuzzy Hash: 3273f70116be7978fe8e1d29911112cc4e5e17182c002ec48db7ae0513357611
                                                                        • Instruction Fuzzy Hash: 52714BB190420EAFDF209FA4DC45BBEBBB9FF04300F144615EA14E6192D775A906DFA0
                                                                        Function 0090EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • OpenClipboard.USER32(0092CC08), ref: 0090EB29
                                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 0090EB37
                                                                        • GetClipboardData.USER32(0000000D), ref: 0090EB43
                                                                        • CloseClipboard.USER32 ref: 0090EB4F
                                                                        • GlobalLock.KERNEL32(00000000), ref: 0090EB87
                                                                        • CloseClipboard.USER32 ref: 0090EB91
                                                                        • GlobalUnlock.KERNEL32(00000000,00000000), ref: 0090EBBC
                                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 0090EBC9
                                                                        • GetClipboardData.USER32(00000001), ref: 0090EBD1
                                                                        • GlobalLock.KERNEL32(00000000), ref: 0090EBE2
                                                                        • GlobalUnlock.KERNEL32(00000000,?), ref: 0090EC22
                                                                        • IsClipboardFormatAvailable.USER32(0000000F), ref: 0090EC38
                                                                        • GetClipboardData.USER32(0000000F), ref: 0090EC44
                                                                        • GlobalLock.KERNEL32(00000000), ref: 0090EC55
                                                                        • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0090EC77
                                                                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0090EC94
                                                                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0090ECD2
                                                                        • GlobalUnlock.KERNEL32(00000000,?,?), ref: 0090ECF3
                                                                        • CountClipboardFormats.USER32 ref: 0090ED14
                                                                        • CloseClipboard.USER32 ref: 0090ED59
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                        • String ID:
                                                                        • API String ID: 420908878-0
                                                                        • Opcode ID: 9048e19f288e93fbede0535f15b1d7e222f90ee9707be114ed568965599dc440
                                                                        • Instruction ID: 06468242b05d62336b0aa1172c376154ce933b29569b021ea41e497768a597d3
                                                                        • Opcode Fuzzy Hash: 9048e19f288e93fbede0535f15b1d7e222f90ee9707be114ed568965599dc440
                                                                        • Instruction Fuzzy Hash: 4861AE752082029FD710EF28D895F2A77A8FF84704F18491DF496D72E1DB31E946DBA2
                                                                        Function 0090698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 009069BE
                                                                        • FindClose.KERNEL32(00000000), ref: 00906A12
                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00906A4E
                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00906A75
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00906AB2
                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00906ADF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                        • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                        • API String ID: 3830820486-3289030164
                                                                        • Opcode ID: f68005460cc8593ca36fa0ff27de0bbd726fc8dd93c986ee4c54b0cbaab05c78
                                                                        • Instruction ID: 2783f8369899f9ff4257ff579e11e2332935a968bf793d62b2a3b93f0dd45f70
                                                                        • Opcode Fuzzy Hash: f68005460cc8593ca36fa0ff27de0bbd726fc8dd93c986ee4c54b0cbaab05c78
                                                                        • Instruction Fuzzy Hash: 3BD13DB2508300AEC714EBA8C881EABB7ECFF98704F44491DF595D6191EB74DA44CB63
                                                                        Function 00909642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00909663
                                                                        • GetFileAttributesW.KERNEL32(?), ref: 009096A1
                                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 009096BB
                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 009096D3
                                                                        • FindClose.KERNEL32(00000000), ref: 009096DE
                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 009096FA
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0090974A
                                                                        • SetCurrentDirectoryW.KERNEL32(00956B7C), ref: 00909768
                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00909772
                                                                        • FindClose.KERNEL32(00000000), ref: 0090977F
                                                                        • FindClose.KERNEL32(00000000), ref: 0090978F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                        • String ID: *.*
                                                                        • API String ID: 1409584000-438819550
                                                                        • Opcode ID: 2edc2916c54b7509977beb095adc86823311e9667b36fb9e1a85f310be22fdd2
                                                                        • Instruction ID: d800dfdb194ec595b4273aec75985798057a7268eac5e734f9a91fcad8cf6507
                                                                        • Opcode Fuzzy Hash: 2edc2916c54b7509977beb095adc86823311e9667b36fb9e1a85f310be22fdd2
                                                                        • Instruction Fuzzy Hash: F1310272545219AECF20EFB4EC09ADE77ACAF49321F104155F814E31E1DB31DE458B50
                                                                        Function 0090979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 009097BE
                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00909819
                                                                        • FindClose.KERNEL32(00000000), ref: 00909824
                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00909840
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00909890
                                                                        • SetCurrentDirectoryW.KERNEL32(00956B7C), ref: 009098AE
                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 009098B8
                                                                        • FindClose.KERNEL32(00000000), ref: 009098C5
                                                                        • FindClose.KERNEL32(00000000), ref: 009098D5
                                                                          • Part of subcall function 008FDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 008FDB00
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                        • String ID: *.*
                                                                        • API String ID: 2640511053-438819550
                                                                        • Opcode ID: 37877ce5bf4c25a522678b5bff5c284880b860615f8654589812e0508696652d
                                                                        • Instruction ID: 694e555a289080af42f0f75ce0f9eae0a45f05e4d7056f327ab9fca92be8527d
                                                                        • Opcode Fuzzy Hash: 37877ce5bf4c25a522678b5bff5c284880b860615f8654589812e0508696652d
                                                                        • Instruction Fuzzy Hash: C931E3725456196EDB20EFB4EC48ADE37ACEF46324F108555ED10E32E1DB30D9458B60
                                                                        Function 0091BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 0091C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0091B6AE,?,?), ref: 0091C9B5
                                                                          • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091C9F1
                                                                          • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA68
                                                                          • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA9E
                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0091BF3E
                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0091BFA9
                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0091BFCD
                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0091C02C
                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0091C0E7
                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0091C154
                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0091C1E9
                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0091C23A
                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0091C2E3
                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0091C382
                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0091C38F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                        • String ID:
                                                                        • API String ID: 3102970594-0
                                                                        • Opcode ID: 9965ba5ae886067ba888ae924fd045a568a7e5b4a27c354a515dc490c880b840
                                                                        • Instruction ID: cea561848e50c5a9d3ab647140651f3717ecfc39acde30aeb516a1bc0b83d90b
                                                                        • Opcode Fuzzy Hash: 9965ba5ae886067ba888ae924fd045a568a7e5b4a27c354a515dc490c880b840
                                                                        • Instruction Fuzzy Hash: B6025FB1604204AFDB14DF28C895E6ABBE5FF49304F18849DF45ADB2A2D731EC46CB52
                                                                        Function 00908195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetLocalTime.KERNEL32(?), ref: 00908257
                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00908267
                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00908273
                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00908310
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00908324
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00908356
                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0090838C
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00908395
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentDirectoryTime$File$Local$System
                                                                        • String ID: *.*
                                                                        • API String ID: 1464919966-438819550
                                                                        • Opcode ID: bc6b4f4bd3af58b7ea244a4917b571c72db00fda5b2227851e796425755a58be
                                                                        • Instruction ID: 1e214574887cd71730b12df77809c153f53b7a27b8056a6057b8c48a23559cbf
                                                                        • Opcode Fuzzy Hash: bc6b4f4bd3af58b7ea244a4917b571c72db00fda5b2227851e796425755a58be
                                                                        • Instruction Fuzzy Hash: ED614AB26087059FCB10EF68D8409AFB3E8FF89314F044929F999D7251EB35E945CB92
                                                                        Function 008FD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00893AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00893A97,?,?,00892E7F,?,?,?,00000000), ref: 00893AC2
                                                                          • Part of subcall function 008FE199: GetFileAttributesW.KERNEL32(?,008FCF95), ref: 008FE19A
                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 008FD122
                                                                        • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 008FD1DD
                                                                        • MoveFileW.KERNEL32(?,?), ref: 008FD1F0
                                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 008FD20D
                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 008FD237
                                                                          • Part of subcall function 008FD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,008FD21C,?,?), ref: 008FD2B2
                                                                        • FindClose.KERNEL32(00000000,?,?,?), ref: 008FD253
                                                                        • FindClose.KERNEL32(00000000), ref: 008FD264
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                        • String ID: \*.*
                                                                        • API String ID: 1946585618-1173974218
                                                                        • Opcode ID: cc266ce45e32795b74c46572081266bed63b283d3acf38afe75e7e752ed8618f
                                                                        • Instruction ID: a8feb917be64c69676694ace2046f49cb61d543fc505f8fc6f0e81d8c613e4cf
                                                                        • Opcode Fuzzy Hash: cc266ce45e32795b74c46572081266bed63b283d3acf38afe75e7e752ed8618f
                                                                        • Instruction Fuzzy Hash: 45615B3180520D9ACF15EBA8C9929FDB7B6FF15300F244169E611B7191EB30AF09DBA2
                                                                        Function 0090ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                        • String ID:
                                                                        • API String ID: 1737998785-0
                                                                        • Opcode ID: c7f370511ca35619562d8186c829ab20022e9c5b620b53a21289ff0ec192a333
                                                                        • Instruction ID: b147001cbcaba10bdcde89d8cff23e3297f0c30a0bbd9714f7b2f97fad4e74d2
                                                                        • Opcode Fuzzy Hash: c7f370511ca35619562d8186c829ab20022e9c5b620b53a21289ff0ec192a333
                                                                        • Instruction Fuzzy Hash: 8D419D75208611AFD720DF15E888F19BBE5FF44318F18C499E41A8B6A2C775EC42CB90
                                                                        Function 008FE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008F16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 008F170D
                                                                          • Part of subcall function 008F16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 008F173A
                                                                          • Part of subcall function 008F16C3: GetLastError.KERNEL32 ref: 008F174A
                                                                        • ExitWindowsEx.USER32(?,00000000), ref: 008FE932
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                        • String ID: $ $@$SeShutdownPrivilege
                                                                        • API String ID: 2234035333-3163812486
                                                                        • Opcode ID: 1416761e4ed485ebc92b4cf1da17e9a01d69d29e12ed4c3c102160d7a3e84e75
                                                                        • Instruction ID: ab336dfda560312aebb030cc8e95c9bb84bd2c0edf407dc63b68b8cdaac4a783
                                                                        • Opcode Fuzzy Hash: 1416761e4ed485ebc92b4cf1da17e9a01d69d29e12ed4c3c102160d7a3e84e75
                                                                        • Instruction Fuzzy Hash: 5901267272021CABEB246BB89C8AFBF769CFB14745F140521FE02E21E1E9E05C4092F0
                                                                        Function 00911204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00911276
                                                                        • WSAGetLastError.WSOCK32 ref: 00911283
                                                                        • bind.WSOCK32(00000000,?,00000010), ref: 009112BA
                                                                        • WSAGetLastError.WSOCK32 ref: 009112C5
                                                                        • closesocket.WSOCK32(00000000), ref: 009112F4
                                                                        • listen.WSOCK32(00000000,00000005), ref: 00911303
                                                                        • WSAGetLastError.WSOCK32 ref: 0091130D
                                                                        • closesocket.WSOCK32(00000000), ref: 0091133C
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLast$closesocket$bindlistensocket
                                                                        • String ID:
                                                                        • API String ID: 540024437-0
                                                                        • Opcode ID: 5526a853660c60f779a0cd1b06fe1e6799113a23503940eedf3bbc18cd82afbd
                                                                        • Instruction ID: 1ca1a20a0a8f40f7aad1cd102dba08ff8e064d29319ec89850b4d5fab313381b
                                                                        • Opcode Fuzzy Hash: 5526a853660c60f779a0cd1b06fe1e6799113a23503940eedf3bbc18cd82afbd
                                                                        • Instruction Fuzzy Hash: FF41A071600144AFD720DF28C488B69BBE5BF46318F188488E9668F296C771ECC2CBE1
                                                                        Function 008FD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00893AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00893A97,?,?,00892E7F,?,?,?,00000000), ref: 00893AC2
                                                                          • Part of subcall function 008FE199: GetFileAttributesW.KERNEL32(?,008FCF95), ref: 008FE19A
                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 008FD420
                                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 008FD470
                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 008FD481
                                                                        • FindClose.KERNEL32(00000000), ref: 008FD498
                                                                        • FindClose.KERNEL32(00000000), ref: 008FD4A1
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                        • String ID: \*.*
                                                                        • API String ID: 2649000838-1173974218
                                                                        • Opcode ID: 9a1e23ba25e6635c9c89efb038ae711dfe98280e0a3e9e41ffd0f011c96f158d
                                                                        • Instruction ID: ff9cb0bf80bb69b22723e37cd65236eb6346b8c90431ea6ef479844afd733f39
                                                                        • Opcode Fuzzy Hash: 9a1e23ba25e6635c9c89efb038ae711dfe98280e0a3e9e41ffd0f011c96f158d
                                                                        • Instruction Fuzzy Hash: 8B316D710183459BC714FF68D8918BFB7A8FEA1304F484A2DF5E5D3191EB20EA0997A7
                                                                        Function 008CE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: __floor_pentium4
                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                        • API String ID: 4168288129-2761157908
                                                                        • Opcode ID: cc197b249716cc5abe6e400222a34c5d60ff381dbac5a0950f7ce0859bb182a3
                                                                        • Instruction ID: f0c6d1d3a11715df4b10b0643bc3036199989e2c1f0edbfebfc07b024652ad44
                                                                        • Opcode Fuzzy Hash: cc197b249716cc5abe6e400222a34c5d60ff381dbac5a0950f7ce0859bb182a3
                                                                        • Instruction Fuzzy Hash: F2C21971E086288FDB25CE289D40BEAB7B6FB48315F1541EED54DE7241E774AE818F40
                                                                        Function 0090648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _wcslen.LIBCMT ref: 009064DC
                                                                        • CoInitialize.OLE32(00000000), ref: 00906639
                                                                        • CoCreateInstance.OLE32(0092FCF8,00000000,00000001,0092FB68,?), ref: 00906650
                                                                        • CoUninitialize.OLE32 ref: 009068D4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                        • String ID: .lnk
                                                                        • API String ID: 886957087-24824748
                                                                        • Opcode ID: 6f9e8ffe15e75f563a0830082a6ee27d33da403c548dc0e6d6252dad2742ac12
                                                                        • Instruction ID: 28791d021bef899f73c4e7fc557aa62baa9867efa2b81dee04b9cf514bd16428
                                                                        • Opcode Fuzzy Hash: 6f9e8ffe15e75f563a0830082a6ee27d33da403c548dc0e6d6252dad2742ac12
                                                                        • Instruction Fuzzy Hash: EED13971508201AFC714EF28C881D6BB7E9FF94704F44496DF595CB291EB71E909CB92
                                                                        Function 009122DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetForegroundWindow.USER32(?,?,00000000), ref: 009122E8
                                                                          • Part of subcall function 0090E4EC: GetWindowRect.USER32(?,?), ref: 0090E504
                                                                        • GetDesktopWindow.USER32 ref: 00912312
                                                                        • GetWindowRect.USER32(00000000), ref: 00912319
                                                                        • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00912355
                                                                        • GetCursorPos.USER32(?), ref: 00912381
                                                                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 009123DF
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                        • String ID:
                                                                        • API String ID: 2387181109-0
                                                                        • Opcode ID: 74574ddbeff6d6bdbf6cf66ca01a06cf764c928cbfcc50f1b111749290f95d92
                                                                        • Instruction ID: 854b4648990de76f77df961e277c3f390c31b18d6a49f885a3097731aa95e7a9
                                                                        • Opcode Fuzzy Hash: 74574ddbeff6d6bdbf6cf66ca01a06cf764c928cbfcc50f1b111749290f95d92
                                                                        • Instruction Fuzzy Hash: 0231D072608319AFC720EF14C849F9BBBA9FF84710F000919F995D7191DB34EA5ACB92
                                                                        Function 00909B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                        • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00909B78
                                                                        • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00909C8B
                                                                          • Part of subcall function 00903874: GetInputState.USER32 ref: 009038CB
                                                                          • Part of subcall function 00903874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00903966
                                                                        • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00909BA8
                                                                        • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00909C75
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                        • String ID: *.*
                                                                        • API String ID: 1972594611-438819550
                                                                        • Opcode ID: 0ec7b3a038fe2f1921fa9837fe4047f69c12eb082cd1d3326f55d9a113e4115f
                                                                        • Instruction ID: 916f5d5ec7c1320197047e399e0889a4fca7ff2a5565f83b6c9e82477bcf2f80
                                                                        • Opcode Fuzzy Hash: 0ec7b3a038fe2f1921fa9837fe4047f69c12eb082cd1d3326f55d9a113e4115f
                                                                        • Instruction Fuzzy Hash: 2D418071D4421A9FDF14EF68C845AEE7BB8FF15310F244056E849A22D2EB309E44CF61
                                                                        Function 008A997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                        • DefDlgProcW.USER32(?,?,?,?,?), ref: 008A9A4E
                                                                        • GetSysColor.USER32(0000000F), ref: 008A9B23
                                                                        • SetBkColor.GDI32(?,00000000), ref: 008A9B36
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Color$LongProcWindow
                                                                        • String ID:
                                                                        • API String ID: 3131106179-0
                                                                        • Opcode ID: ee6ad27072890388365bd0ccef7cbc6b0cd02bf6f5f4de3406cfe051af14391e
                                                                        • Instruction ID: 41fc4b36d2ef27e434c40ade22378a3229da0678295fbeb6d0d1ea74c45b1ef2
                                                                        • Opcode Fuzzy Hash: ee6ad27072890388365bd0ccef7cbc6b0cd02bf6f5f4de3406cfe051af14391e
                                                                        • Instruction Fuzzy Hash: 95A1297011C4A8BEF728AA3D9C49F7B3A9DFB83358F15410AF582C6DD5CA25AD01D272
                                                                        Function 00911806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 0091304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0091307A
                                                                          • Part of subcall function 0091304E: _wcslen.LIBCMT ref: 0091309B
                                                                        • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0091185D
                                                                        • WSAGetLastError.WSOCK32 ref: 00911884
                                                                        • bind.WSOCK32(00000000,?,00000010), ref: 009118DB
                                                                        • WSAGetLastError.WSOCK32 ref: 009118E6
                                                                        • closesocket.WSOCK32(00000000), ref: 00911915
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                        • String ID:
                                                                        • API String ID: 1601658205-0
                                                                        • Opcode ID: 10023fd1dd051b11c6ea957fcddb6b1135b0e9d34f986ec5e7d4163450e3e799
                                                                        • Instruction ID: 9bf350b59bb7a965c4ba897ee1fe0e62dad903fcb7a78eed6575f12f1ac95c2e
                                                                        • Opcode Fuzzy Hash: 10023fd1dd051b11c6ea957fcddb6b1135b0e9d34f986ec5e7d4163450e3e799
                                                                        • Instruction Fuzzy Hash: 5551C771B002106FEB10AF28D886F6A77E5EB45718F08C498F9159F3D3D771AD418B92
                                                                        Function 00921C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                        • String ID:
                                                                        • API String ID: 292994002-0
                                                                        • Opcode ID: 716f2a63a29319350305efcec4d741dc6e72f196b26d44e7b7c1a0876eede6f9
                                                                        • Instruction ID: a3f4a3f359556b0c0b332016e5733b216b246d195e7003680b06eb978298842a
                                                                        • Opcode Fuzzy Hash: 716f2a63a29319350305efcec4d741dc6e72f196b26d44e7b7c1a0876eede6f9
                                                                        • Instruction Fuzzy Hash: 9D21E5357442219FD720DF1AE844B2A7BE9FFA5314F198068E88ACB355CB71EC42CB90
                                                                        Function 00898060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                        • API String ID: 0-1546025612
                                                                        • Opcode ID: ac8de6d5751c08d174887cfb27fcb19f4f3a1e8524b9075baa1eef93836b61d9
                                                                        • Instruction ID: e56f3e64c12c241e5aec752adfe5da48f59f75d29f6f045026d2822a6b346256
                                                                        • Opcode Fuzzy Hash: ac8de6d5751c08d174887cfb27fcb19f4f3a1e8524b9075baa1eef93836b61d9
                                                                        • Instruction Fuzzy Hash: 02A26D71A0061ECBDF24DF58C8407AEB7B1FB55314F2882AAE815EB385EB309D91CB50
                                                                        Function 008FAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 008FAAAC
                                                                        • SetKeyboardState.USER32(00000080), ref: 008FAAC8
                                                                        • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 008FAB36
                                                                        • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 008FAB88
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                        • String ID:
                                                                        • API String ID: 432972143-0
                                                                        • Opcode ID: b2bced905e3c03ed5d45978b31f0ede3f0d71d43f90768e8e4142f957c7164ff
                                                                        • Instruction ID: 76b3e9e8d2c6ca87b403c5bb73ecb3b10c12d0f07d7802bef059be9f3049476f
                                                                        • Opcode Fuzzy Hash: b2bced905e3c03ed5d45978b31f0ede3f0d71d43f90768e8e4142f957c7164ff
                                                                        • Instruction Fuzzy Hash: 2831E7B0A4025CAEFB398A78CC05BFA7BA6FB44330F14421AF689D61D1D3758985D762
                                                                        Function 008CBB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _free.LIBCMT ref: 008CBB7F
                                                                          • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                          • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                        • GetTimeZoneInformation.KERNEL32 ref: 008CBB91
                                                                        • WideCharToMultiByte.KERNEL32(00000000,?,0096121C,000000FF,?,0000003F,?,?), ref: 008CBC09
                                                                        • WideCharToMultiByte.KERNEL32(00000000,?,00961270,000000FF,?,0000003F,?,?,?,0096121C,000000FF,?,0000003F,?,?), ref: 008CBC36
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                        • String ID:
                                                                        • API String ID: 806657224-0
                                                                        • Opcode ID: 8dccef05b2dd2ce606a5cc437181cf4b43a14b9fde41f0a5c8aee0762fa6d9fa
                                                                        • Instruction ID: 5e2b10256c4351780e0efc3ff0de3dca8ec22ce8b6f41cb14912bd94084d5d8e
                                                                        • Opcode Fuzzy Hash: 8dccef05b2dd2ce606a5cc437181cf4b43a14b9fde41f0a5c8aee0762fa6d9fa
                                                                        • Instruction Fuzzy Hash: AC31BC70908645DFCB15DF69CC92A2ABBB8FF45760B1842AEE060D72A1D7709D01EB50
                                                                        Function 0090CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • InternetReadFile.WININET(?,?,00000400,?), ref: 0090CE89
                                                                        • GetLastError.KERNEL32(?,00000000), ref: 0090CEEA
                                                                        • SetEvent.KERNEL32(?,?,00000000), ref: 0090CEFE
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorEventFileInternetLastRead
                                                                        • String ID:
                                                                        • API String ID: 234945975-0
                                                                        • Opcode ID: 97bc2759aa5709e000377189aed3d08520e9ebc063e68b3aa48d3426a34c2e06
                                                                        • Instruction ID: b3fd1c177c8d532abfc33faac7b423935fc1a0400ab58c61b51b3e986c4884af
                                                                        • Opcode Fuzzy Hash: 97bc2759aa5709e000377189aed3d08520e9ebc063e68b3aa48d3426a34c2e06
                                                                        • Instruction Fuzzy Hash: CB21ACB1504705EFDB30DF65C988BAA77FCEB40314F204A2AE646D2191E774EE059B50
                                                                        Function 008F8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • lstrlenW.KERNEL32(?,?,?,00000000), ref: 008F82AA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: lstrlen
                                                                        • String ID: ($|
                                                                        • API String ID: 1659193697-1631851259
                                                                        • Opcode ID: bbaab64f140da529325f0a939c946b25ec4d36aefed733418d6719791fcbd0ca
                                                                        • Instruction ID: 76209af99be81a668ecae30474fdd241f644ad2611ad0dc1ca76ca4521435a68
                                                                        • Opcode Fuzzy Hash: bbaab64f140da529325f0a939c946b25ec4d36aefed733418d6719791fcbd0ca
                                                                        • Instruction Fuzzy Hash: 4C323475A00609DFCB28CF69C481A6AB7F0FF48710B15C56EE59ADB7A1EB70E941CB40
                                                                        Function 00905C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00905CC1
                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00905D17
                                                                        • FindClose.KERNEL32(?), ref: 00905D5F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Find$File$CloseFirstNext
                                                                        • String ID:
                                                                        • API String ID: 3541575487-0
                                                                        • Opcode ID: cfa3a9391112a96d6acad4ceae0a52a3785cd7d45ffa8c8bde34571c63681bde
                                                                        • Instruction ID: 1479ac108f8c8875b4f480c026f6e20c76cf6c1265ad7dda81c20865495b146b
                                                                        • Opcode Fuzzy Hash: cfa3a9391112a96d6acad4ceae0a52a3785cd7d45ffa8c8bde34571c63681bde
                                                                        • Instruction Fuzzy Hash: D851A975604A019FC714DF28C494A9AB7E8FF49324F15855EE99A8B3A2DB30EC04CF92
                                                                        Function 008C2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • IsDebuggerPresent.KERNEL32 ref: 008C271A
                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 008C2724
                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 008C2731
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                        • String ID:
                                                                        • API String ID: 3906539128-0
                                                                        • Opcode ID: f3487d190cbc610263ac26c2926497b9a7a1466595d003cdcb490fb55022c06b
                                                                        • Instruction ID: 1675e68a701c7d149c5277739cfc8331eae9655b8a349951dec38264b62a30f4
                                                                        • Opcode Fuzzy Hash: f3487d190cbc610263ac26c2926497b9a7a1466595d003cdcb490fb55022c06b
                                                                        • Instruction Fuzzy Hash: 7431B4749112289BCB21DF68DC89BDDB7B8FF08310F5045EAE41CA62A1E7709F818F45
                                                                        Function 009051CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetErrorMode.KERNEL32(00000001), ref: 009051DA
                                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00905238
                                                                        • SetErrorMode.KERNEL32(00000000), ref: 009052A1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorMode$DiskFreeSpace
                                                                        • String ID:
                                                                        • API String ID: 1682464887-0
                                                                        • Opcode ID: 6ce0b544a80e6a3ffee9664007565e635f4955da63bee5e51165d70d4ce40fc3
                                                                        • Instruction ID: 89dfe726027e23c06e5327339022cfe22d66a8dde723fd01d2aa485c6309f36c
                                                                        • Opcode Fuzzy Hash: 6ce0b544a80e6a3ffee9664007565e635f4955da63bee5e51165d70d4ce40fc3
                                                                        • Instruction Fuzzy Hash: A2318075A14508DFDB00EF58D885EAEBBF4FF08314F098099E805AB3A2DB31E856CB51
                                                                        Function 008F16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008AFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 008B0668
                                                                          • Part of subcall function 008AFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 008B0685
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 008F170D
                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 008F173A
                                                                        • GetLastError.KERNEL32 ref: 008F174A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                        • String ID:
                                                                        • API String ID: 577356006-0
                                                                        • Opcode ID: d5b42ae28b618522404b1f65b1a5f8e26cde0960373b86795c011f152040fb3d
                                                                        • Instruction ID: d71f60720a9ab339e58b561f6bc8ab63211ad60fd1450f340e2bd35bdd9949fc
                                                                        • Opcode Fuzzy Hash: d5b42ae28b618522404b1f65b1a5f8e26cde0960373b86795c011f152040fb3d
                                                                        • Instruction Fuzzy Hash: F411C4B1414308EFEB18AF64DC86D6AB7F9FB04714B20852EE15693641EB70BC418A60
                                                                        Function 008FD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 008FD608
                                                                        • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 008FD645
                                                                        • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 008FD650
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CloseControlCreateDeviceFileHandle
                                                                        • String ID:
                                                                        • API String ID: 33631002-0
                                                                        • Opcode ID: e301ee7c83d3f297a770936307b68494068e2a4cb1ed08c19edd12d12bef6d34
                                                                        • Instruction ID: 97c19234fe43bcde5784928d021275aa4d716f946ce80141077c5fd7dd849c52
                                                                        • Opcode Fuzzy Hash: e301ee7c83d3f297a770936307b68494068e2a4cb1ed08c19edd12d12bef6d34
                                                                        • Instruction Fuzzy Hash: E4117CB1E05228BBDB208FA4DC45FAFBBBCEB45B60F108111FA04E7290D6704A058BA1
                                                                        Function 008F1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 008F168C
                                                                        • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 008F16A1
                                                                        • FreeSid.ADVAPI32(?), ref: 008F16B1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                        • String ID:
                                                                        • API String ID: 3429775523-0
                                                                        • Opcode ID: 8cb9250641d88e04c9549a7c4ee27f3c9deb9429e16c69c0833af973691f1b9d
                                                                        • Instruction ID: 8dd8887079d6bda6c4ee8a29279b691c5b56d16649716171b6c6e4fffca2daa3
                                                                        • Opcode Fuzzy Hash: 8cb9250641d88e04c9549a7c4ee27f3c9deb9429e16c69c0833af973691f1b9d
                                                                        • Instruction Fuzzy Hash: 7DF0F4B199030DFBDF00DFE49C89EAEBBBCFB08644F504565E501E2181E774AA449A54
                                                                        Function 008ED27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetUserNameW.ADVAPI32(?,?), ref: 008ED28C
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: NameUser
                                                                        • String ID: X64
                                                                        • API String ID: 2645101109-893830106
                                                                        • Opcode ID: 81dc27d0ea430a67abc2b4e79761d8c45c0193899caadc9d788e710f7a802265
                                                                        • Instruction ID: f1bc18c6a3619718e1176d6ccd1abae70be427624eee6f39b1df23953b87fc4b
                                                                        • Opcode Fuzzy Hash: 81dc27d0ea430a67abc2b4e79761d8c45c0193899caadc9d788e710f7a802265
                                                                        • Instruction Fuzzy Hash: 94D0C9B581521DEACF90CB90DC88DDDB37CFB05309F100151F106E2000D73095499F10
                                                                        Function 008BCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                        • Instruction ID: 8e7a043f67056e8580028e0abeb7d3b4227755c0e6337818f5cd5acd793377cc
                                                                        • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                        • Instruction Fuzzy Hash: 7C021D71E001199BDF14CFA9C8906EEFBF1FF58314F25416AD819EB384D731A9458B94
                                                                        Function 009068EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00906918
                                                                        • FindClose.KERNEL32(00000000), ref: 00906961
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Find$CloseFileFirst
                                                                        • String ID:
                                                                        • API String ID: 2295610775-0
                                                                        • Opcode ID: fab78604e89499754a705fb1dbea7a9210a7ac14520668ae40bf46de83323823
                                                                        • Instruction ID: 543ab83f36eec38df2c3e138049afa2829be0d19d2061739043b1994ca31828a
                                                                        • Opcode Fuzzy Hash: fab78604e89499754a705fb1dbea7a9210a7ac14520668ae40bf46de83323823
                                                                        • Instruction Fuzzy Hash: F11190726142019FC710DF29D484A1ABBE5FF85328F18C699F4798F6A2CB30EC05CB91
                                                                        Function 009037B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00914891,?,?,00000035,?), ref: 009037E4
                                                                        • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00914891,?,?,00000035,?), ref: 009037F4
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorFormatLastMessage
                                                                        • String ID:
                                                                        • API String ID: 3479602957-0
                                                                        • Opcode ID: 864a6b349a47e1604d9df0ca2440200c306950168e32c8ec6aaf0e073d94b541
                                                                        • Instruction ID: 9a4ca5b40512ce186ccdf3a638cb1947046ee263d1e01651cd1c01efea3b489f
                                                                        • Opcode Fuzzy Hash: 864a6b349a47e1604d9df0ca2440200c306950168e32c8ec6aaf0e073d94b541
                                                                        • Instruction Fuzzy Hash: 65F0ECB06042156AEB2057698C4DFDB375DEFC4761F000265F505D22C1D9609904C6F1
                                                                        Function 008FB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 008FB25D
                                                                        • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 008FB270
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InputSendkeybd_event
                                                                        • String ID:
                                                                        • API String ID: 3536248340-0
                                                                        • Opcode ID: d6a1ccb776ffb7bd3115e4926e0f11f6600e112bae9ea1e54b98b909c6b4646e
                                                                        • Instruction ID: 5138dbab3c3a328a21f68cc031c8c7a888a549a78203a5cf2704876abe1119fe
                                                                        • Opcode Fuzzy Hash: d6a1ccb776ffb7bd3115e4926e0f11f6600e112bae9ea1e54b98b909c6b4646e
                                                                        • Instruction Fuzzy Hash: 50F01D7181424DABDF159FA0C805BBE7BB4FF04309F108009F955A6191D379D6119F94
                                                                        Function 008F10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008F11FC), ref: 008F10D4
                                                                        • CloseHandle.KERNEL32(?,?,008F11FC), ref: 008F10E9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                                        • String ID:
                                                                        • API String ID: 81990902-0
                                                                        • Opcode ID: 1f1a47d5387ce4f7811693d7bfa5c485b49293ae6d9509dd8dee1ced59ea4a47
                                                                        • Instruction ID: cd9fc78de35963fe1fa90f7c91b1a7081fd1a9ef48da967d48937591b97473e4
                                                                        • Opcode Fuzzy Hash: 1f1a47d5387ce4f7811693d7bfa5c485b49293ae6d9509dd8dee1ced59ea4a47
                                                                        • Instruction Fuzzy Hash: 54E04F72018600EEFB352B65FC09E7777E9FB04320B20882DF6A5C04B1DB626CA1EB54
                                                                        Function 0089CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • Variable is not of type 'Object'., xrefs: 008E0C40
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Variable is not of type 'Object'.
                                                                        • API String ID: 0-1840281001
                                                                        • Opcode ID: 186f9b44ed5c3ecfcefe98c6f385916463b67cfe21c82f781b0687ad11160784
                                                                        • Instruction ID: 33a3508804177a6c6c691a5a4871062159bce6c7a6903618e073e2af9c69a583
                                                                        • Opcode Fuzzy Hash: 186f9b44ed5c3ecfcefe98c6f385916463b67cfe21c82f781b0687ad11160784
                                                                        • Instruction Fuzzy Hash: 4932AF70900218DBDF14EF94C884AEDB7B5FF05308F284469E806EB282DBB6AD45CF61
                                                                        Function 008C676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,008C6766,?,?,00000008,?,?,008CFEFE,00000000), ref: 008C6998
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionRaise
                                                                        • String ID:
                                                                        • API String ID: 3997070919-0
                                                                        • Opcode ID: ab1074be47311f34f96de73b8e98b033f2ebbeccf47b90006461de312ee77244
                                                                        • Instruction ID: 3ebf78dd3ce3ceaae0b3e6bc00695da5c9bf64f1c53ce18cab245bbf387b50b3
                                                                        • Opcode Fuzzy Hash: ab1074be47311f34f96de73b8e98b033f2ebbeccf47b90006461de312ee77244
                                                                        • Instruction Fuzzy Hash: C0B139316106099FD715CF28C486F657BB0FF45368F29866CE89ACF2A2D335E9A5CB40
                                                                        Function 008AB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID: 0-3916222277
                                                                        • Opcode ID: 90faa77beb16d537957ff3b2c6d6ec804cce5aae33e6a766efdd37142330007d
                                                                        • Instruction ID: 3796aedafd440bc82f86346223dd0c0d304e35e8c267220519dcb2b37a84de7c
                                                                        • Opcode Fuzzy Hash: 90faa77beb16d537957ff3b2c6d6ec804cce5aae33e6a766efdd37142330007d
                                                                        • Instruction Fuzzy Hash: A6124F71900229DFDB24CF59C8806AEB7F5FF49710F14819AE849EB256EB349E81CF94
                                                                        Function 0090EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • BlockInput.USER32(00000001), ref: 0090EABD
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: BlockInput
                                                                        • String ID:
                                                                        • API String ID: 3456056419-0
                                                                        • Opcode ID: 99a28d8ca4835f42951cad1c92e13973b2eb082c06982d4c77f12483677a5896
                                                                        • Instruction ID: 94a5900aacd18900c96d8b49605da666cc9443bccb11b0bed56fcbaf1c4a1e67
                                                                        • Opcode Fuzzy Hash: 99a28d8ca4835f42951cad1c92e13973b2eb082c06982d4c77f12483677a5896
                                                                        • Instruction Fuzzy Hash: 32E01A362102049FC710EF59E804E9AB7E9FF98760F048816FC49C72A1DAB0A8418BA1
                                                                        Function 008B09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,008B03EE), ref: 008B09DA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterUnhandled
                                                                        • String ID:
                                                                        • API String ID: 3192549508-0
                                                                        • Opcode ID: 9e65ebebed2c086320c7da9a7b34bf468fafceea00670548a216a338834796f2
                                                                        • Instruction ID: 012cbcde61fd796d938ca59ca2388a08b1776bc3aecc37c4f8d2048ced31be03
                                                                        • Opcode Fuzzy Hash: 9e65ebebed2c086320c7da9a7b34bf468fafceea00670548a216a338834796f2
                                                                        • Instruction Fuzzy Hash:
                                                                        Function 008B781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 0
                                                                        • API String ID: 0-4108050209
                                                                        • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                        • Instruction ID: 6d2279e781342056ee57ff26188913dddb2e7bdb7da84e4abbe3da2c5e0eec55
                                                                        • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                        • Instruction Fuzzy Hash: 4C519B7160C74A9BDB38453C885E7FE2B89FBD2344F180539D882D7782CA19EE01D35A
                                                                        Function 008C6DD9 Relevance: .6, Instructions: 637COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0a0e544ed109c3d42458b32f2cba763cc0f93d78713146b18242217323309a2b
                                                                        • Instruction ID: 8d560dcac462a700ae4688b08ac2230056c0cef57f0b33cf0e9b9f58c8961718
                                                                        • Opcode Fuzzy Hash: 0a0e544ed109c3d42458b32f2cba763cc0f93d78713146b18242217323309a2b
                                                                        • Instruction Fuzzy Hash: AE320F22D2DF014DD7239634D822336A659EFB73D5F15C32BE82AB5AA5EB39C4835900
                                                                        Function 008ACC39 Relevance: .6, Instructions: 635COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c9307d7b7cb8f6403a20fef37084d31ab747b8e44f87f713aaf7c542a1ee4503
                                                                        • Instruction ID: d32a5fdeeccd8ab0ef37509fc4a300decb05b76483749c6cd5c985d7e2bbad37
                                                                        • Opcode Fuzzy Hash: c9307d7b7cb8f6403a20fef37084d31ab747b8e44f87f713aaf7c542a1ee4503
                                                                        • Instruction Fuzzy Hash: 89321732E041998BDF28CF2BC49067D7BA1FB47324F28856AD95ACB691D230DD83DB41
                                                                        Function 00897920 Relevance: .6, Instructions: 563COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a3ca05c1f171960420cb9dd622bc6dd38a7b6af5489179014cb37a5bdfdcfceb
                                                                        • Instruction ID: c491e26ebc7e5bd415a6b74a87320e60fdc13adf04f9fcea5d68da108b1f5524
                                                                        • Opcode Fuzzy Hash: a3ca05c1f171960420cb9dd622bc6dd38a7b6af5489179014cb37a5bdfdcfceb
                                                                        • Instruction Fuzzy Hash: AE22BEB0A04609DFDF14DFA9D881AAEB7F6FF44314F14462AE812E7391EB35A910CB51
                                                                        Function 008991C0 Relevance: .5, Instructions: 475COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 83e1dc1a71c97819509a913498dd6889cb118a6ee3208349e95de10715e7b61c
                                                                        • Instruction ID: d484b55bb4d79ddd7781b6bb5ccbf6ac4248348740b70de72a7becdb179fd87d
                                                                        • Opcode Fuzzy Hash: 83e1dc1a71c97819509a913498dd6889cb118a6ee3208349e95de10715e7b61c
                                                                        • Instruction Fuzzy Hash: A202D7B0A10219EBDF05EF58D881AADB7B1FF44304F548169E456DF391EB31EA20CB91
                                                                        Function 008C9EEE Relevance: .3, Instructions: 294COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4ff3edd6255d7b5bb019be3aa878be334fbd1931c3d21a8457645b9eac66f20a
                                                                        • Instruction ID: 8f25d54925586857b1c03654cc1119773e7d9d67fabe012132234a80fa2502d1
                                                                        • Opcode Fuzzy Hash: 4ff3edd6255d7b5bb019be3aa878be334fbd1931c3d21a8457645b9eac66f20a
                                                                        • Instruction Fuzzy Hash: 5EB10020E7AF454DC32396398831336B65CAFBB6D9F91D31BFC2674D22EB2286835540
                                                                        Function 008B1C77 Relevance: .3, Instructions: 254COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                        • Instruction ID: a58a3c8cbae874bd564fbba1771193ebed21fdcc09031891d44a14a1ce89c9bb
                                                                        • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                        • Instruction Fuzzy Hash: BF9156722080E349DF694639857C0BEFFE1EA523A139E079DD4F2CE2C5EE14D554D620
                                                                        Function 008B1F32 Relevance: .2, Instructions: 244COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                        • Instruction ID: 8fb18d6708ae5566dfe820ed83fedafa65d3c248a528fb986a6a076bec108fb2
                                                                        • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                        • Instruction Fuzzy Hash: 0F9165722094E349DB29423D84784BEFFE1EA923A135A079DD4F2CF3C5EE249555E720
                                                                        Function 008B19B0 Relevance: .2, Instructions: 240COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                        • Instruction ID: 63f1cfeffacc0a6747ac0c4b8d917134d2e75d1e2f763da6c61d38343762c689
                                                                        • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                        • Instruction Fuzzy Hash: 149154722090E34ADF69427A857C0BEFFE1EA923B139A079DD4F2CE2C5FE14D5549620
                                                                        Function 008B7A4A Relevance: .2, Instructions: 237COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f33daec84568925edb1c98a0d3c5cc7b5d11f8eb2e295e313eaaa693ef904380
                                                                        • Instruction ID: 7ae6cc7b58c6c28d904a2e26dd8197dd76d168f410db86e762759649db0ffa11
                                                                        • Opcode Fuzzy Hash: f33daec84568925edb1c98a0d3c5cc7b5d11f8eb2e295e313eaaa693ef904380
                                                                        • Instruction Fuzzy Hash: 07616671208719A6DE749A2C8CA5BFF2398FFC1764F20191EE942DB3D1DA119E42CB16
                                                                        Function 008B7CA7 Relevance: .2, Instructions: 237COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f432f3f35a5d0c065ecc4a8fe356dfb5d5bb45531fafa5d93b6b9fe765f58ed5
                                                                        • Instruction ID: 48b617adbdd8b1505ab4ef645723e9ff8f4ee989caa062fe37450df4f647a370
                                                                        • Opcode Fuzzy Hash: f432f3f35a5d0c065ecc4a8fe356dfb5d5bb45531fafa5d93b6b9fe765f58ed5
                                                                        • Instruction Fuzzy Hash: 76617A7120C70996DE385A2C88A5BFF2398FFC2B84F180959E943DF795DA12ED42C356
                                                                        Function 008B1706 Relevance: .2, Instructions: 232COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                        • Instruction ID: fcadcee6f49d448664cdaf79c6668415630b8200b5349d4cd2ff63dcaa3b0ec2
                                                                        • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                        • Instruction Fuzzy Hash: 138164326080E349DF694239857C4BEFFE1FA923A139A07ADD4F2CF2C5EE149554D620
                                                                        Function 00902046 Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fdb53829feddf2bbe588af80457db1bb516890a62e7477a6170255167b296e31
                                                                        • Instruction ID: eb4c0d34cdde56328c94cd2e4a54748b477d94b11493ccef1fec1bd8aa2a9796
                                                                        • Opcode Fuzzy Hash: fdb53829feddf2bbe588af80457db1bb516890a62e7477a6170255167b296e31
                                                                        • Instruction Fuzzy Hash: 1421B7326206158FD728CF79C82767E73E9A754310F25862EE4A7C37D0DE75A904DB80
                                                                        Function 00912ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DeleteObject.GDI32(00000000), ref: 00912B30
                                                                        • DeleteObject.GDI32(00000000), ref: 00912B43
                                                                        • DestroyWindow.USER32 ref: 00912B52
                                                                        • GetDesktopWindow.USER32 ref: 00912B6D
                                                                        • GetWindowRect.USER32(00000000), ref: 00912B74
                                                                        • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00912CA3
                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00912CB1
                                                                        • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912CF8
                                                                        • GetClientRect.USER32(00000000,?), ref: 00912D04
                                                                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00912D40
                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912D62
                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912D75
                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912D80
                                                                        • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912D89
                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912D98
                                                                        • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912DA1
                                                                        • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912DA8
                                                                        • GlobalFree.KERNEL32(00000000), ref: 00912DB3
                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912DC5
                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,0092FC38,00000000), ref: 00912DDB
                                                                        • GlobalFree.KERNEL32(00000000), ref: 00912DEB
                                                                        • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00912E11
                                                                        • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00912E30
                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912E52
                                                                        • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0091303F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                        • String ID: $AutoIt v3$DISPLAY$static
                                                                        • API String ID: 2211948467-2373415609
                                                                        • Opcode ID: 236a69fa122e8138ea4f3c503ecb13bfaf77b54c38258eeaf0d98131353ea22d
                                                                        • Instruction ID: 6a34a2e13e29c24537a9c7d5ab03c4f1cf578e49551fc246d7933bc1cd0af82e
                                                                        • Opcode Fuzzy Hash: 236a69fa122e8138ea4f3c503ecb13bfaf77b54c38258eeaf0d98131353ea22d
                                                                        • Instruction Fuzzy Hash: 7A026BB1A14209EFDB14DF64DD89EAE7BB9FB48310F048158F915AB2A1CB70AD41DB60
                                                                        Function 009270D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetTextColor.GDI32(?,00000000), ref: 0092712F
                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00927160
                                                                        • GetSysColor.USER32(0000000F), ref: 0092716C
                                                                        • SetBkColor.GDI32(?,000000FF), ref: 00927186
                                                                        • SelectObject.GDI32(?,?), ref: 00927195
                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 009271C0
                                                                        • GetSysColor.USER32(00000010), ref: 009271C8
                                                                        • CreateSolidBrush.GDI32(00000000), ref: 009271CF
                                                                        • FrameRect.USER32(?,?,00000000), ref: 009271DE
                                                                        • DeleteObject.GDI32(00000000), ref: 009271E5
                                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 00927230
                                                                        • FillRect.USER32(?,?,?), ref: 00927262
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00927284
                                                                          • Part of subcall function 009273E8: GetSysColor.USER32(00000012), ref: 00927421
                                                                          • Part of subcall function 009273E8: SetTextColor.GDI32(?,?), ref: 00927425
                                                                          • Part of subcall function 009273E8: GetSysColorBrush.USER32(0000000F), ref: 0092743B
                                                                          • Part of subcall function 009273E8: GetSysColor.USER32(0000000F), ref: 00927446
                                                                          • Part of subcall function 009273E8: GetSysColor.USER32(00000011), ref: 00927463
                                                                          • Part of subcall function 009273E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00927471
                                                                          • Part of subcall function 009273E8: SelectObject.GDI32(?,00000000), ref: 00927482
                                                                          • Part of subcall function 009273E8: SetBkColor.GDI32(?,00000000), ref: 0092748B
                                                                          • Part of subcall function 009273E8: SelectObject.GDI32(?,?), ref: 00927498
                                                                          • Part of subcall function 009273E8: InflateRect.USER32(?,000000FF,000000FF), ref: 009274B7
                                                                          • Part of subcall function 009273E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009274CE
                                                                          • Part of subcall function 009273E8: GetWindowLongW.USER32(00000000,000000F0), ref: 009274DB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                        • String ID:
                                                                        • API String ID: 4124339563-0
                                                                        • Opcode ID: ac399f154886e4b14bbf4bdaf46b11ba88a84a2b94549de471a523e05f47f1c3
                                                                        • Instruction ID: ce342e66122ec6de006d848220b6ba6b493ef8fb8639ae98a8f7374140b6f674
                                                                        • Opcode Fuzzy Hash: ac399f154886e4b14bbf4bdaf46b11ba88a84a2b94549de471a523e05f47f1c3
                                                                        • Instruction Fuzzy Hash: 5FA190B201C311AFDB109FA0EC48E5EBBA9FF49320F100A19F962A61E1D774E945DB52
                                                                        Function 008A8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DestroyWindow.USER32(?,?), ref: 008A8E14
                                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 008E6AC5
                                                                        • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 008E6AFE
                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 008E6F43
                                                                          • Part of subcall function 008A8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,008A8BE8,?,00000000,?,?,?,?,008A8BBA,00000000,?), ref: 008A8FC5
                                                                        • SendMessageW.USER32(?,00001053), ref: 008E6F7F
                                                                        • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 008E6F96
                                                                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 008E6FAC
                                                                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 008E6FB7
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                        • String ID: 0
                                                                        • API String ID: 2760611726-4108050209
                                                                        • Opcode ID: ae516595d331af60aeaebcbfebaada2b3390f89de47b2572a260aef830f6e055
                                                                        • Instruction ID: 63f3f34c89e337fd1cbf0e886da772ce1c81f66a986b453117a5863f75425861
                                                                        • Opcode Fuzzy Hash: ae516595d331af60aeaebcbfebaada2b3390f89de47b2572a260aef830f6e055
                                                                        • Instruction Fuzzy Hash: BE12AD30208281DFDB25CF15D844BA9B7A1FF66350F184469F485CB661DB32EC62EF91
                                                                        Function 00912711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DestroyWindow.USER32(00000000), ref: 0091273E
                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0091286A
                                                                        • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 009128A9
                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 009128B9
                                                                        • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00912900
                                                                        • GetClientRect.USER32(00000000,?), ref: 0091290C
                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00912955
                                                                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00912964
                                                                        • GetStockObject.GDI32(00000011), ref: 00912974
                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00912978
                                                                        • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00912988
                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00912991
                                                                        • DeleteDC.GDI32(00000000), ref: 0091299A
                                                                        • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 009129C6
                                                                        • SendMessageW.USER32(00000030,00000000,00000001), ref: 009129DD
                                                                        • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00912A1D
                                                                        • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00912A31
                                                                        • SendMessageW.USER32(00000404,00000001,00000000), ref: 00912A42
                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00912A77
                                                                        • GetStockObject.GDI32(00000011), ref: 00912A82
                                                                        • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00912A8D
                                                                        • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00912A97
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                        • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                        • API String ID: 2910397461-517079104
                                                                        • Opcode ID: 1189a7a8d250b225ae9efacca6a4240f086f4bdd61c21f668d99fbdac3350a4f
                                                                        • Instruction ID: 995211b429da630368ffd87eed4e7dd97584aa1033c04927ad18faf1c1c89407
                                                                        • Opcode Fuzzy Hash: 1189a7a8d250b225ae9efacca6a4240f086f4bdd61c21f668d99fbdac3350a4f
                                                                        • Instruction Fuzzy Hash: 92B15CB1A10219AFEB24DF68DC4AFAE7BA9FB48710F044118F915E72A0D770ED40DB94
                                                                        Function 00904ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00904AED
                                                                        • GetDriveTypeW.KERNEL32(?,0092CB68,?,\\.\,0092CC08), ref: 00904BCA
                                                                        • SetErrorMode.KERNEL32(00000000,0092CB68,?,\\.\,0092CC08), ref: 00904D36
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorMode$DriveType
                                                                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                        • API String ID: 2907320926-4222207086
                                                                        • Opcode ID: 6041360c060942cea31cddd2b2c4438fd2a524252799363830bd47e73556843b
                                                                        • Instruction ID: cb69ecf66b9c0085fa0075ec05afd6d6d0dd206ecc923d342fffb0aedb5fe28a
                                                                        • Opcode Fuzzy Hash: 6041360c060942cea31cddd2b2c4438fd2a524252799363830bd47e73556843b
                                                                        • Instruction Fuzzy Hash: 8C61F4B0605205EFDB04EF28CA829BC77B4FB85305B684815FA86EB2D1DB35ED45DB42
                                                                        Function 009273E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetSysColor.USER32(00000012), ref: 00927421
                                                                        • SetTextColor.GDI32(?,?), ref: 00927425
                                                                        • GetSysColorBrush.USER32(0000000F), ref: 0092743B
                                                                        • GetSysColor.USER32(0000000F), ref: 00927446
                                                                        • CreateSolidBrush.GDI32(?), ref: 0092744B
                                                                        • GetSysColor.USER32(00000011), ref: 00927463
                                                                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00927471
                                                                        • SelectObject.GDI32(?,00000000), ref: 00927482
                                                                        • SetBkColor.GDI32(?,00000000), ref: 0092748B
                                                                        • SelectObject.GDI32(?,?), ref: 00927498
                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 009274B7
                                                                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009274CE
                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 009274DB
                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0092752A
                                                                        • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00927554
                                                                        • InflateRect.USER32(?,000000FD,000000FD), ref: 00927572
                                                                        • DrawFocusRect.USER32(?,?), ref: 0092757D
                                                                        • GetSysColor.USER32(00000011), ref: 0092758E
                                                                        • SetTextColor.GDI32(?,00000000), ref: 00927596
                                                                        • DrawTextW.USER32(?,009270F5,000000FF,?,00000000), ref: 009275A8
                                                                        • SelectObject.GDI32(?,?), ref: 009275BF
                                                                        • DeleteObject.GDI32(?), ref: 009275CA
                                                                        • SelectObject.GDI32(?,?), ref: 009275D0
                                                                        • DeleteObject.GDI32(?), ref: 009275D5
                                                                        • SetTextColor.GDI32(?,?), ref: 009275DB
                                                                        • SetBkColor.GDI32(?,?), ref: 009275E5
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                        • String ID:
                                                                        • API String ID: 1996641542-0
                                                                        • Opcode ID: 71659f15d07e46f5d6bfc18695d98691fc4593c956859bca63e1fb97ed7f0065
                                                                        • Instruction ID: 8dbad1497412d644a5aed93bafa22f7300086d5d85bf287b55e2fac20b2a7958
                                                                        • Opcode Fuzzy Hash: 71659f15d07e46f5d6bfc18695d98691fc4593c956859bca63e1fb97ed7f0065
                                                                        • Instruction Fuzzy Hash: 84617FB2908218AFDF119FA4DC49EAEBFB9EF08320F104115F911BB2A1D7749941DF90
                                                                        Function 00920FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetCursorPos.USER32(?), ref: 00921128
                                                                        • GetDesktopWindow.USER32 ref: 0092113D
                                                                        • GetWindowRect.USER32(00000000), ref: 00921144
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00921199
                                                                        • DestroyWindow.USER32(?), ref: 009211B9
                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 009211ED
                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0092120B
                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0092121D
                                                                        • SendMessageW.USER32(00000000,00000421,?,?), ref: 00921232
                                                                        • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00921245
                                                                        • IsWindowVisible.USER32(00000000), ref: 009212A1
                                                                        • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 009212BC
                                                                        • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 009212D0
                                                                        • GetWindowRect.USER32(00000000,?), ref: 009212E8
                                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 0092130E
                                                                        • GetMonitorInfoW.USER32(00000000,?), ref: 00921328
                                                                        • CopyRect.USER32(?,?), ref: 0092133F
                                                                        • SendMessageW.USER32(00000000,00000412,00000000), ref: 009213AA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                        • String ID: ($0$tooltips_class32
                                                                        • API String ID: 698492251-4156429822
                                                                        • Opcode ID: 6aa4ded05b2af5672e65557cdbb2f70e33a42f13f34afab3e30456bde92fb793
                                                                        • Instruction ID: fa51971b49e5184415503678669f0e72b94fcc93963d7e9a6ea18577d16b067f
                                                                        • Opcode Fuzzy Hash: 6aa4ded05b2af5672e65557cdbb2f70e33a42f13f34afab3e30456bde92fb793
                                                                        • Instruction Fuzzy Hash: B6B1BD71608351AFDB10DF68D884B6EBBE9FF98310F00891CF9999B261C731E855CB92
                                                                        Function 008A8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 008A8968
                                                                        • GetSystemMetrics.USER32(00000007), ref: 008A8970
                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 008A899B
                                                                        • GetSystemMetrics.USER32(00000008), ref: 008A89A3
                                                                        • GetSystemMetrics.USER32(00000004), ref: 008A89C8
                                                                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 008A89E5
                                                                        • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 008A89F5
                                                                        • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 008A8A28
                                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 008A8A3C
                                                                        • GetClientRect.USER32(00000000,000000FF), ref: 008A8A5A
                                                                        • GetStockObject.GDI32(00000011), ref: 008A8A76
                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 008A8A81
                                                                          • Part of subcall function 008A912D: GetCursorPos.USER32(?), ref: 008A9141
                                                                          • Part of subcall function 008A912D: ScreenToClient.USER32(00000000,?), ref: 008A915E
                                                                          • Part of subcall function 008A912D: GetAsyncKeyState.USER32(00000001), ref: 008A9183
                                                                          • Part of subcall function 008A912D: GetAsyncKeyState.USER32(00000002), ref: 008A919D
                                                                        • SetTimer.USER32(00000000,00000000,00000028,008A90FC), ref: 008A8AA8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                        • String ID: AutoIt v3 GUI
                                                                        • API String ID: 1458621304-248962490
                                                                        • Opcode ID: 599bc078ee91bb18d52005095557587b4d661e64414c4a5a8fe882311fadc336
                                                                        • Instruction ID: f7af783eeb36cfb79f62100b357509e30695598b412e7331242ae1ada6a8f070
                                                                        • Opcode Fuzzy Hash: 599bc078ee91bb18d52005095557587b4d661e64414c4a5a8fe882311fadc336
                                                                        • Instruction Fuzzy Hash: 8BB17C71A0420AEFDB14DFA8DC45BAE3BB4FB49314F144229FA15E7290DB74E851CB61
                                                                        Function 008F0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008F10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 008F1114
                                                                          • Part of subcall function 008F10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1120
                                                                          • Part of subcall function 008F10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F112F
                                                                          • Part of subcall function 008F10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1136
                                                                          • Part of subcall function 008F10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 008F114D
                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 008F0DF5
                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 008F0E29
                                                                        • GetLengthSid.ADVAPI32(?), ref: 008F0E40
                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 008F0E7A
                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 008F0E96
                                                                        • GetLengthSid.ADVAPI32(?), ref: 008F0EAD
                                                                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 008F0EB5
                                                                        • HeapAlloc.KERNEL32(00000000), ref: 008F0EBC
                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 008F0EDD
                                                                        • CopySid.ADVAPI32(00000000), ref: 008F0EE4
                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 008F0F13
                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 008F0F35
                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 008F0F47
                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0F6E
                                                                        • HeapFree.KERNEL32(00000000), ref: 008F0F75
                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0F7E
                                                                        • HeapFree.KERNEL32(00000000), ref: 008F0F85
                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0F8E
                                                                        • HeapFree.KERNEL32(00000000), ref: 008F0F95
                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 008F0FA1
                                                                        • HeapFree.KERNEL32(00000000), ref: 008F0FA8
                                                                          • Part of subcall function 008F1193: GetProcessHeap.KERNEL32(00000008,008F0BB1,?,00000000,?,008F0BB1,?), ref: 008F11A1
                                                                          • Part of subcall function 008F1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,008F0BB1,?), ref: 008F11A8
                                                                          • Part of subcall function 008F1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,008F0BB1,?), ref: 008F11B7
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                        • String ID:
                                                                        • API String ID: 4175595110-0
                                                                        • Opcode ID: e59855f4895eb9618f27940aa8dad63382c2f659357f1b4ccdc22f4d0a268a23
                                                                        • Instruction ID: 346d028c4e716a875ef0bd238261e3827b7df75ccb81dbc3e5ca946c324ccf8a
                                                                        • Opcode Fuzzy Hash: e59855f4895eb9618f27940aa8dad63382c2f659357f1b4ccdc22f4d0a268a23
                                                                        • Instruction Fuzzy Hash: D37139B290420AAFDF209FA4DC49FBEBBB8FF04310F144115EA59E6192DB719916CF60
                                                                        Function 0091C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0091C4BD
                                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,0092CC08,00000000,?,00000000,?,?), ref: 0091C544
                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0091C5A4
                                                                        • _wcslen.LIBCMT ref: 0091C5F4
                                                                        • _wcslen.LIBCMT ref: 0091C66F
                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0091C6B2
                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0091C7C1
                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0091C84D
                                                                        • RegCloseKey.ADVAPI32(?), ref: 0091C881
                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0091C88E
                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0091C960
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                        • API String ID: 9721498-966354055
                                                                        • Opcode ID: 11d941873dd1da285ad745d1f5ae117f5937df153c572abfd85ff8a73baf1e6d
                                                                        • Instruction ID: dbb2e28134e274bb5fdd9c027fb076d65ed725687d9e2654d6c773893121d939
                                                                        • Opcode Fuzzy Hash: 11d941873dd1da285ad745d1f5ae117f5937df153c572abfd85ff8a73baf1e6d
                                                                        • Instruction Fuzzy Hash: DA124E757082019FDB14EF18C491A6AB7E5FF88714F19885CF85A9B3A2DB31ED41CB82
                                                                        Function 0092091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CharUpperBuffW.USER32(?,?), ref: 009209C6
                                                                        • _wcslen.LIBCMT ref: 00920A01
                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00920A54
                                                                        • _wcslen.LIBCMT ref: 00920A8A
                                                                        • _wcslen.LIBCMT ref: 00920B06
                                                                        • _wcslen.LIBCMT ref: 00920B81
                                                                          • Part of subcall function 008AF9F2: _wcslen.LIBCMT ref: 008AF9FD
                                                                          • Part of subcall function 008F2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008F2BFA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                        • API String ID: 1103490817-4258414348
                                                                        • Opcode ID: 3a3d0072712252ec30bb009527a60a4b11981c01be3b9fc4e04fc1af7647eafc
                                                                        • Instruction ID: 36851e93b13d0700d3903be91444e3b69286c06b4e12eae5e0faf36805e16609
                                                                        • Opcode Fuzzy Hash: 3a3d0072712252ec30bb009527a60a4b11981c01be3b9fc4e04fc1af7647eafc
                                                                        • Instruction Fuzzy Hash: 72E19A312083118FCB24EF29D45092AB7E5FFD8314B54895CF8969B7A6D731EE49CB82
                                                                        Function 0091C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _wcslen$BuffCharUpper
                                                                        • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                        • API String ID: 1256254125-909552448
                                                                        • Opcode ID: ac290968f3646a4b90f5715363c90e5db829b235ab604cfe340a24e6a5c56997
                                                                        • Instruction ID: 5f11c8b97a21faa24205c1577a50a044a91b56d019108500f3e60ded3e626a51
                                                                        • Opcode Fuzzy Hash: ac290968f3646a4b90f5715363c90e5db829b235ab604cfe340a24e6a5c56997
                                                                        • Instruction Fuzzy Hash: AF7102B278412E8BCB20DEAC99415FF3399AF60750B250528FC66E7285E634CEC4C3A1
                                                                        Function 0092833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _wcslen.LIBCMT ref: 0092835A
                                                                        • _wcslen.LIBCMT ref: 0092836E
                                                                        • _wcslen.LIBCMT ref: 00928391
                                                                        • _wcslen.LIBCMT ref: 009283B4
                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 009283F2
                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0092361A,?), ref: 0092844E
                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00928487
                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 009284CA
                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00928501
                                                                        • FreeLibrary.KERNEL32(?), ref: 0092850D
                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0092851D
                                                                        • DestroyIcon.USER32(?), ref: 0092852C
                                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00928549
                                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00928555
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                        • String ID: .dll$.exe$.icl
                                                                        • API String ID: 799131459-1154884017
                                                                        • Opcode ID: a6b6308bf68d99e959a0c7f80cbc4940a70b10633db3d9146b022fe30b25f5cc
                                                                        • Instruction ID: 1a150d607e0e99131ebd882663a1d5f2aa23efc7a76d8f7f58d20cb674d40e3a
                                                                        • Opcode Fuzzy Hash: a6b6308bf68d99e959a0c7f80cbc4940a70b10633db3d9146b022fe30b25f5cc
                                                                        • Instruction Fuzzy Hash: 7261CDB1514225BAEB24DB64EC42FBF77ACFF08B11F104509F815D61E1DB74AA80D7A0
                                                                        Function 00897778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                        • API String ID: 0-1645009161
                                                                        • Opcode ID: 86bf633bb1512f411a3002ebcbe547c94128d16f2f43e1b563893c66984e45d5
                                                                        • Instruction ID: 0d75b6f5fcbd025d37724ca87dc5a30abf8feb1e8b6a047119b24522217bfed0
                                                                        • Opcode Fuzzy Hash: 86bf633bb1512f411a3002ebcbe547c94128d16f2f43e1b563893c66984e45d5
                                                                        • Instruction Fuzzy Hash: 97811671610205BBDF20BF68DC42FAE37A9FF55304F084026F904EA296EB70D911C792
                                                                        Function 00903E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CharLowerBuffW.USER32(?,?), ref: 00903EF8
                                                                        • _wcslen.LIBCMT ref: 00903F03
                                                                        • _wcslen.LIBCMT ref: 00903F5A
                                                                        • _wcslen.LIBCMT ref: 00903F98
                                                                        • GetDriveTypeW.KERNEL32(?), ref: 00903FD6
                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0090401E
                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00904059
                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00904087
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                        • API String ID: 1839972693-4113822522
                                                                        • Opcode ID: 6bf85bf7eead04c398aec3ba685a7f315c0a972ec95a4a1d49d3c0597817c059
                                                                        • Instruction ID: 01b81920c839b0c5e302fba9f0feaa2f6be6c9eb45d673df15b14dd3b8ad9ab6
                                                                        • Opcode Fuzzy Hash: 6bf85bf7eead04c398aec3ba685a7f315c0a972ec95a4a1d49d3c0597817c059
                                                                        • Instruction Fuzzy Hash: 0771C3726042029FC710EF29C88186AB7F8FF94758F44892DFA95D7291EB31DD49CB92
                                                                        Function 008F5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LoadIconW.USER32(00000063), ref: 008F5A2E
                                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 008F5A40
                                                                        • SetWindowTextW.USER32(?,?), ref: 008F5A57
                                                                        • GetDlgItem.USER32(?,000003EA), ref: 008F5A6C
                                                                        • SetWindowTextW.USER32(00000000,?), ref: 008F5A72
                                                                        • GetDlgItem.USER32(?,000003E9), ref: 008F5A82
                                                                        • SetWindowTextW.USER32(00000000,?), ref: 008F5A88
                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 008F5AA9
                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 008F5AC3
                                                                        • GetWindowRect.USER32(?,?), ref: 008F5ACC
                                                                        • _wcslen.LIBCMT ref: 008F5B33
                                                                        • SetWindowTextW.USER32(?,?), ref: 008F5B6F
                                                                        • GetDesktopWindow.USER32 ref: 008F5B75
                                                                        • GetWindowRect.USER32(00000000), ref: 008F5B7C
                                                                        • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 008F5BD3
                                                                        • GetClientRect.USER32(?,?), ref: 008F5BE0
                                                                        • PostMessageW.USER32(?,00000005,00000000,?), ref: 008F5C05
                                                                        • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 008F5C2F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                        • String ID:
                                                                        • API String ID: 895679908-0
                                                                        • Opcode ID: 400b6b9a59771327a1c361cbb33ce9148dcf448a82912c5d589fce6643a3d877
                                                                        • Instruction ID: 027f927f3aedcbec47dc18534339ade6e1164135eaa46213bafcdb2ba8e01b2e
                                                                        • Opcode Fuzzy Hash: 400b6b9a59771327a1c361cbb33ce9148dcf448a82912c5d589fce6643a3d877
                                                                        • Instruction Fuzzy Hash: 8B717C71900B09AFDB20DFB8CE89AAEBBF5FF48714F104918E642E25A0D775E944DB50
                                                                        Function 0090FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LoadCursorW.USER32(00000000,00007F89), ref: 0090FE27
                                                                        • LoadCursorW.USER32(00000000,00007F8A), ref: 0090FE32
                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 0090FE3D
                                                                        • LoadCursorW.USER32(00000000,00007F03), ref: 0090FE48
                                                                        • LoadCursorW.USER32(00000000,00007F8B), ref: 0090FE53
                                                                        • LoadCursorW.USER32(00000000,00007F01), ref: 0090FE5E
                                                                        • LoadCursorW.USER32(00000000,00007F81), ref: 0090FE69
                                                                        • LoadCursorW.USER32(00000000,00007F88), ref: 0090FE74
                                                                        • LoadCursorW.USER32(00000000,00007F80), ref: 0090FE7F
                                                                        • LoadCursorW.USER32(00000000,00007F86), ref: 0090FE8A
                                                                        • LoadCursorW.USER32(00000000,00007F83), ref: 0090FE95
                                                                        • LoadCursorW.USER32(00000000,00007F85), ref: 0090FEA0
                                                                        • LoadCursorW.USER32(00000000,00007F82), ref: 0090FEAB
                                                                        • LoadCursorW.USER32(00000000,00007F84), ref: 0090FEB6
                                                                        • LoadCursorW.USER32(00000000,00007F04), ref: 0090FEC1
                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 0090FECC
                                                                        • GetCursorInfo.USER32(?), ref: 0090FEDC
                                                                        • GetLastError.KERNEL32 ref: 0090FF1E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Cursor$Load$ErrorInfoLast
                                                                        • String ID:
                                                                        • API String ID: 3215588206-0
                                                                        • Opcode ID: e8d9bc88d9980066217ac6da7e0e1cdb427f7b1c37eb349e582c5e8b0185612c
                                                                        • Instruction ID: 81baf36202fa9cb68e66fec38c45e5f2a1343b9a492db8dd19307e8c209375af
                                                                        • Opcode Fuzzy Hash: e8d9bc88d9980066217ac6da7e0e1cdb427f7b1c37eb349e582c5e8b0185612c
                                                                        • Instruction Fuzzy Hash: FE4124B0D0831A6EDB20DFBA8C8585EBFE8FF04754B54452AE11DE7681DB78A901CE91
                                                                        Function 008B00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 008B00C6
                                                                          • Part of subcall function 008B00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0096070C,00000FA0,E80C9DE4,?,?,?,?,008D23B3,000000FF), ref: 008B011C
                                                                          • Part of subcall function 008B00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,008D23B3,000000FF), ref: 008B0127
                                                                          • Part of subcall function 008B00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,008D23B3,000000FF), ref: 008B0138
                                                                          • Part of subcall function 008B00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 008B014E
                                                                          • Part of subcall function 008B00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 008B015C
                                                                          • Part of subcall function 008B00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 008B016A
                                                                          • Part of subcall function 008B00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 008B0195
                                                                          • Part of subcall function 008B00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 008B01A0
                                                                        • ___scrt_fastfail.LIBCMT ref: 008B00E7
                                                                          • Part of subcall function 008B00A3: __onexit.LIBCMT ref: 008B00A9
                                                                        Strings
                                                                        • kernel32.dll, xrefs: 008B0133
                                                                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 008B0122
                                                                        • InitializeConditionVariable, xrefs: 008B0148
                                                                        • SleepConditionVariableCS, xrefs: 008B0154
                                                                        • WakeAllConditionVariable, xrefs: 008B0162
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                        • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                        • API String ID: 66158676-1714406822
                                                                        • Opcode ID: 11d064739a0c6e0695680c60dc5d59ba7604917685a10e1e62206854ac734a2e
                                                                        • Instruction ID: a09372293641f23204d03a27e1c9ba25eb601ea3e35ee715373768b483376e57
                                                                        • Opcode Fuzzy Hash: 11d064739a0c6e0695680c60dc5d59ba7604917685a10e1e62206854ac734a2e
                                                                        • Instruction Fuzzy Hash: 5B213872A5C7116FE7246BA8AC46BAF33A4FB85B55F000539F901E73D2DBB09C009E91
                                                                        Function 008F30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _wcslen
                                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                        • API String ID: 176396367-1603158881
                                                                        • Opcode ID: 4396c42767ef1b9ab9ad895d2779f8f66fa55ea78c503fcbf092cb4dfc1e90c5
                                                                        • Instruction ID: 59a2f8f0fc1a7f0d61cc5cfecd575cdba3a9e972c4962071f472faf3dedca110
                                                                        • Opcode Fuzzy Hash: 4396c42767ef1b9ab9ad895d2779f8f66fa55ea78c503fcbf092cb4dfc1e90c5
                                                                        • Instruction Fuzzy Hash: 03E1D732A0061EABCB24DFB8C4516FEBBB4FF54714F548119EA56F7241DB30AE858790
                                                                        Function 009044C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CharLowerBuffW.USER32(00000000,00000000,0092CC08), ref: 00904527
                                                                        • _wcslen.LIBCMT ref: 0090453B
                                                                        • _wcslen.LIBCMT ref: 00904599
                                                                        • _wcslen.LIBCMT ref: 009045F4
                                                                        • _wcslen.LIBCMT ref: 0090463F
                                                                        • _wcslen.LIBCMT ref: 009046A7
                                                                          • Part of subcall function 008AF9F2: _wcslen.LIBCMT ref: 008AF9FD
                                                                        • GetDriveTypeW.KERNEL32(?,00956BF0,00000061), ref: 00904743
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _wcslen$BuffCharDriveLowerType
                                                                        • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                        • API String ID: 2055661098-1000479233
                                                                        • Opcode ID: ce5ff6729f6efbcc60a076c76038ec6007039c9c267e8913c8acd159ebc1937e
                                                                        • Instruction ID: 6597a32d29ead5a4147cf1bc1a05e3b0a5012d44e4c81428e8e1a9778f04b48c
                                                                        • Opcode Fuzzy Hash: ce5ff6729f6efbcc60a076c76038ec6007039c9c267e8913c8acd159ebc1937e
                                                                        • Instruction Fuzzy Hash: 08B1EFB16083029FC710EF28C891A6AB7E9FFA5720F54491DF696C72D1E731D844CB92
                                                                        Function 0091AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _wcslen.LIBCMT ref: 0091B198
                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0091B1B0
                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0091B1D4
                                                                        • _wcslen.LIBCMT ref: 0091B200
                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0091B214
                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0091B236
                                                                        • _wcslen.LIBCMT ref: 0091B332
                                                                          • Part of subcall function 009005A7: GetStdHandle.KERNEL32(000000F6), ref: 009005C6
                                                                        • _wcslen.LIBCMT ref: 0091B34B
                                                                        • _wcslen.LIBCMT ref: 0091B366
                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0091B3B6
                                                                        • GetLastError.KERNEL32(00000000), ref: 0091B407
                                                                        • CloseHandle.KERNEL32(?), ref: 0091B439
                                                                        • CloseHandle.KERNEL32(00000000), ref: 0091B44A
                                                                        • CloseHandle.KERNEL32(00000000), ref: 0091B45C
                                                                        • CloseHandle.KERNEL32(00000000), ref: 0091B46E
                                                                        • CloseHandle.KERNEL32(?), ref: 0091B4E3
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                        • String ID:
                                                                        • API String ID: 2178637699-0
                                                                        • Opcode ID: e935460cfaa1004eea456579cd88f54caaedc81ae1d2f90b04ea877946d1cdef
                                                                        • Instruction ID: e1f57331e3e1e4fb281216a6fb182a54f5d0e609637066d53c2d0d97820a0b4b
                                                                        • Opcode Fuzzy Hash: e935460cfaa1004eea456579cd88f54caaedc81ae1d2f90b04ea877946d1cdef
                                                                        • Instruction Fuzzy Hash: 54F17D316082449FCB14EF28C891B6EBBE6FF85314F18895DF4959B2A2DB31DC45CB52
                                                                        Function 00913FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,0092CC08), ref: 009140BB
                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 009140CD
                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0092CC08), ref: 009140F2
                                                                        • FreeLibrary.KERNEL32(00000000,?,0092CC08), ref: 0091413E
                                                                        • StringFromGUID2.OLE32(?,?,00000028,?,0092CC08), ref: 009141A8
                                                                        • SysFreeString.OLEAUT32(00000009), ref: 00914262
                                                                        • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 009142C8
                                                                        • SysFreeString.OLEAUT32(?), ref: 009142F2
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                        • String ID: GetModuleHandleExW$kernel32.dll
                                                                        • API String ID: 354098117-199464113
                                                                        • Opcode ID: 4f434b316393a81eb0956a0f46a052b684dab0307ee1475a2d40e80daeba9a16
                                                                        • Instruction ID: 64030f1247bdab1256b9df2f9f74f992bbadf8f32eb2ea26f78cc4cb89a7d59d
                                                                        • Opcode Fuzzy Hash: 4f434b316393a81eb0956a0f46a052b684dab0307ee1475a2d40e80daeba9a16
                                                                        • Instruction Fuzzy Hash: 7C125E75A00119EFDB14DF54C884EAEB7B9FF49318F248498F905AB261D731ED86CBA0
                                                                        Function 0089326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetMenuItemCount.USER32(00961990), ref: 008D2F8D
                                                                        • GetMenuItemCount.USER32(00961990), ref: 008D303D
                                                                        • GetCursorPos.USER32(?), ref: 008D3081
                                                                        • SetForegroundWindow.USER32(00000000), ref: 008D308A
                                                                        • TrackPopupMenuEx.USER32(00961990,00000000,?,00000000,00000000,00000000), ref: 008D309D
                                                                        • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 008D30A9
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                        • String ID: 0
                                                                        • API String ID: 36266755-4108050209
                                                                        • Opcode ID: 2e61193fbe503243d273258af99cd9a695c4d69892579abef1ba05d491b06b96
                                                                        • Instruction ID: 8df3f269f2580d52e1027245433edefff3d9c534152fdd734ad26f62ad8a2a93
                                                                        • Opcode Fuzzy Hash: 2e61193fbe503243d273258af99cd9a695c4d69892579abef1ba05d491b06b96
                                                                        • Instruction Fuzzy Hash: EA710571644209BAEB319B68CC49FAABF64FF55324F240216F514EA2E0C7B1A910DB91
                                                                        Function 00926CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DestroyWindow.USER32(00000000,?), ref: 00926DEB
                                                                          • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00926E5F
                                                                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00926E81
                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00926E94
                                                                        • DestroyWindow.USER32(?), ref: 00926EB5
                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00890000,00000000), ref: 00926EE4
                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00926EFD
                                                                        • GetDesktopWindow.USER32 ref: 00926F16
                                                                        • GetWindowRect.USER32(00000000), ref: 00926F1D
                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00926F35
                                                                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00926F4D
                                                                          • Part of subcall function 008A9944: GetWindowLongW.USER32(?,000000EB), ref: 008A9952
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                        • String ID: 0$tooltips_class32
                                                                        • API String ID: 2429346358-3619404913
                                                                        • Opcode ID: 6ffb20eabf36a534808c6fe94aaf20030868ac6b2ba9f8c848477d4b7d1f61ad
                                                                        • Instruction ID: 134e74ff17452cfc44fb843a41eaa22dab59fcd847380df93b88ea61747ae6c4
                                                                        • Opcode Fuzzy Hash: 6ffb20eabf36a534808c6fe94aaf20030868ac6b2ba9f8c848477d4b7d1f61ad
                                                                        • Instruction Fuzzy Hash: 977168B4108245AFDB21DF18EC44FAABBF9FB89304F18081DF98997661D770A916DF12
                                                                        Function 0092911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                        • DragQueryPoint.SHELL32(?,?), ref: 00929147
                                                                          • Part of subcall function 00927674: ClientToScreen.USER32(?,?), ref: 0092769A
                                                                          • Part of subcall function 00927674: GetWindowRect.USER32(?,?), ref: 00927710
                                                                          • Part of subcall function 00927674: PtInRect.USER32(?,?,00928B89), ref: 00927720
                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 009291B0
                                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 009291BB
                                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 009291DE
                                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00929225
                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 0092923E
                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00929255
                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00929277
                                                                        • DragFinish.SHELL32(?), ref: 0092927E
                                                                        • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00929371
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                        • API String ID: 221274066-3440237614
                                                                        • Opcode ID: db9aa252ba815a9401998ef746d5222526415c2f775deda39c95b5546aacb481
                                                                        • Instruction ID: 612fa7255f85b01a366ebb03e90958835683291048eb2e2d79b4e8292f21e72f
                                                                        • Opcode Fuzzy Hash: db9aa252ba815a9401998ef746d5222526415c2f775deda39c95b5546aacb481
                                                                        • Instruction Fuzzy Hash: 31614771108301AFC715EF68DC85DAFBBE8FF89750F04092EF595921A1DB709A49CBA2
                                                                        Function 0090C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0090C4B0
                                                                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0090C4C3
                                                                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0090C4D7
                                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0090C4F0
                                                                        • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0090C533
                                                                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0090C549
                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0090C554
                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0090C584
                                                                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0090C5DC
                                                                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0090C5F0
                                                                        • InternetCloseHandle.WININET(00000000), ref: 0090C5FB
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                        • String ID:
                                                                        • API String ID: 3800310941-3916222277
                                                                        • Opcode ID: c757150d21291f4e45d547cdf4f57ef06ca0ba8f0d1e86424bb4ee78aeebd60b
                                                                        • Instruction ID: 26b17c8f926a336a4190753c0810a4ba097d85d72b5b7157e440c4eed2735d58
                                                                        • Opcode Fuzzy Hash: c757150d21291f4e45d547cdf4f57ef06ca0ba8f0d1e86424bb4ee78aeebd60b
                                                                        • Instruction Fuzzy Hash: 93515AF4504609BFDB219F60CD88AAB7BBCFF08754F004619F94596290DB34E945ABA0
                                                                        Function 0092856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00928592
                                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 009285A2
                                                                        • GlobalAlloc.KERNEL32(00000002,00000000), ref: 009285AD
                                                                        • CloseHandle.KERNEL32(00000000), ref: 009285BA
                                                                        • GlobalLock.KERNEL32(00000000), ref: 009285C8
                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 009285D7
                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 009285E0
                                                                        • CloseHandle.KERNEL32(00000000), ref: 009285E7
                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 009285F8
                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,0092FC38,?), ref: 00928611
                                                                        • GlobalFree.KERNEL32(00000000), ref: 00928621
                                                                        • GetObjectW.GDI32(?,00000018,000000FF), ref: 00928641
                                                                        • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00928671
                                                                        • DeleteObject.GDI32(00000000), ref: 00928699
                                                                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 009286AF
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                        • String ID:
                                                                        • API String ID: 3840717409-0
                                                                        • Opcode ID: 48a8f571b638fc57e619e91d6ef9ca7a3f80f3bffc80784e3598220c7a0f8e9f
                                                                        • Instruction ID: 1721ac766a38eeac7c78c9de9f56c92e3ae315003c3b5913ba33ea99fe75d8bc
                                                                        • Opcode Fuzzy Hash: 48a8f571b638fc57e619e91d6ef9ca7a3f80f3bffc80784e3598220c7a0f8e9f
                                                                        • Instruction Fuzzy Hash: D24129B5605214AFDB21DFA5DC48EAF7BBCEF89715F104058F915E7260DB30A902DB60
                                                                        Function 009014BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VariantInit.OLEAUT32(00000000), ref: 00901502
                                                                        • VariantCopy.OLEAUT32(?,?), ref: 0090150B
                                                                        • VariantClear.OLEAUT32(?), ref: 00901517
                                                                        • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 009015FB
                                                                        • VarR8FromDec.OLEAUT32(?,?), ref: 00901657
                                                                        • VariantInit.OLEAUT32(?), ref: 00901708
                                                                        • SysFreeString.OLEAUT32(?), ref: 0090178C
                                                                        • VariantClear.OLEAUT32(?), ref: 009017D8
                                                                        • VariantClear.OLEAUT32(?), ref: 009017E7
                                                                        • VariantInit.OLEAUT32(00000000), ref: 00901823
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                        • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                        • API String ID: 1234038744-3931177956
                                                                        • Opcode ID: 12add9a2d423a1741093e4f9918a937331f6f9ddaa0101871d3187388d85ebee
                                                                        • Instruction ID: f90d61c670022697872ba936d62584c7bd5801eb7d19a1cdc0314fe7276b2926
                                                                        • Opcode Fuzzy Hash: 12add9a2d423a1741093e4f9918a937331f6f9ddaa0101871d3187388d85ebee
                                                                        • Instruction Fuzzy Hash: 69D1ED71A00205DFEB10AFA9E885B6DB7B9FF45700F14845AF406AF5D1DB34E841EBA2
                                                                        Function 0091B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                          • Part of subcall function 0091C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0091B6AE,?,?), ref: 0091C9B5
                                                                          • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091C9F1
                                                                          • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA68
                                                                          • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA9E
                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0091B6F4
                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0091B772
                                                                        • RegDeleteValueW.ADVAPI32(?,?), ref: 0091B80A
                                                                        • RegCloseKey.ADVAPI32(?), ref: 0091B87E
                                                                        • RegCloseKey.ADVAPI32(?), ref: 0091B89C
                                                                        • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0091B8F2
                                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0091B904
                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 0091B922
                                                                        • FreeLibrary.KERNEL32(00000000), ref: 0091B983
                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0091B994
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                        • API String ID: 146587525-4033151799
                                                                        • Opcode ID: a0812b47da977a0a4b1bc42017614de316a8ff77f0e9a0c42eed541909365e91
                                                                        • Instruction ID: 5e3629db2249386a3221d41a460348e938091e0fff1d3adebb8a8cf1e0472fa6
                                                                        • Opcode Fuzzy Hash: a0812b47da977a0a4b1bc42017614de316a8ff77f0e9a0c42eed541909365e91
                                                                        • Instruction Fuzzy Hash: 86C19331208205AFD714DF18C495F6ABBE5FF84318F18845CF4598B2A2CB75ED86CB92
                                                                        Function 0091255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetDC.USER32(00000000), ref: 009125D8
                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 009125E8
                                                                        • CreateCompatibleDC.GDI32(?), ref: 009125F4
                                                                        • SelectObject.GDI32(00000000,?), ref: 00912601
                                                                        • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0091266D
                                                                        • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 009126AC
                                                                        • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 009126D0
                                                                        • SelectObject.GDI32(?,?), ref: 009126D8
                                                                        • DeleteObject.GDI32(?), ref: 009126E1
                                                                        • DeleteDC.GDI32(?), ref: 009126E8
                                                                        • ReleaseDC.USER32(00000000,?), ref: 009126F3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                        • String ID: (
                                                                        • API String ID: 2598888154-3887548279
                                                                        • Opcode ID: 9f256d04f3b71a3293f1c780d9e37c3db2c2610705c058c4cbfc9eb50f9040b9
                                                                        • Instruction ID: fab7493158b5d5f40d5cdf84bfc635e4e68d0897885aae7403c48c4f22ff7cbe
                                                                        • Opcode Fuzzy Hash: 9f256d04f3b71a3293f1c780d9e37c3db2c2610705c058c4cbfc9eb50f9040b9
                                                                        • Instruction Fuzzy Hash: 696124B5E00219EFCF14DFA8C884AAEBBF5FF48300F20842AE955A7250D730A951DF90
                                                                        Function 008CDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ___free_lconv_mon.LIBCMT ref: 008CDAA1
                                                                          • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD659
                                                                          • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD66B
                                                                          • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD67D
                                                                          • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD68F
                                                                          • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6A1
                                                                          • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6B3
                                                                          • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6C5
                                                                          • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6D7
                                                                          • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6E9
                                                                          • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6FB
                                                                          • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD70D
                                                                          • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD71F
                                                                          • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD731
                                                                        • _free.LIBCMT ref: 008CDA96
                                                                          • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                          • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                        • _free.LIBCMT ref: 008CDAB8
                                                                        • _free.LIBCMT ref: 008CDACD
                                                                        • _free.LIBCMT ref: 008CDAD8
                                                                        • _free.LIBCMT ref: 008CDAFA
                                                                        • _free.LIBCMT ref: 008CDB0D
                                                                        • _free.LIBCMT ref: 008CDB1B
                                                                        • _free.LIBCMT ref: 008CDB26
                                                                        • _free.LIBCMT ref: 008CDB5E
                                                                        • _free.LIBCMT ref: 008CDB65
                                                                        • _free.LIBCMT ref: 008CDB82
                                                                        • _free.LIBCMT ref: 008CDB9A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                        • String ID:
                                                                        • API String ID: 161543041-0
                                                                        • Opcode ID: 51666cde5c20e825158e4b85a718ea6d54c49a7dcd7614b53d3ac4692ad43481
                                                                        • Instruction ID: a5bcbabbe0bf8d22c350414f9e0d3a63147751a398206b7e213e64f3b44b27d2
                                                                        • Opcode Fuzzy Hash: 51666cde5c20e825158e4b85a718ea6d54c49a7dcd7614b53d3ac4692ad43481
                                                                        • Instruction Fuzzy Hash: 463116726047059FEB22BA39E845F5ABBF9FF10361F15842DE449D7192DA31EC84CB21
                                                                        Function 008F365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 008F369C
                                                                        • _wcslen.LIBCMT ref: 008F36A7
                                                                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 008F3797
                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 008F380C
                                                                        • GetDlgCtrlID.USER32(?), ref: 008F385D
                                                                        • GetWindowRect.USER32(?,?), ref: 008F3882
                                                                        • GetParent.USER32(?), ref: 008F38A0
                                                                        • ScreenToClient.USER32(00000000), ref: 008F38A7
                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 008F3921
                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 008F395D
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                        • String ID: %s%u
                                                                        • API String ID: 4010501982-679674701
                                                                        • Opcode ID: 2e95c1220fbd6d3e33711183c995f07568f55faed9d7aaa39a8c8fa216cb390a
                                                                        • Instruction ID: 0b17a7deaad95e3e56a53c8ebcdfb61eab94f0538aaced37cbeab6a0e52ef008
                                                                        • Opcode Fuzzy Hash: 2e95c1220fbd6d3e33711183c995f07568f55faed9d7aaa39a8c8fa216cb390a
                                                                        • Instruction Fuzzy Hash: C291D27120460AAFD718DF34C885BFAF7A8FF44354F008629FA99D2190DB74EA46CB91
                                                                        Function 008F4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 008F4994
                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 008F49DA
                                                                        • _wcslen.LIBCMT ref: 008F49EB
                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 008F49F7
                                                                        • _wcsstr.LIBVCRUNTIME ref: 008F4A2C
                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 008F4A64
                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 008F4A9D
                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 008F4AE6
                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 008F4B20
                                                                        • GetWindowRect.USER32(?,?), ref: 008F4B8B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                        • String ID: ThumbnailClass
                                                                        • API String ID: 1311036022-1241985126
                                                                        • Opcode ID: 17142e4e9d0999907251aaff9f969d8502496d7bbb5a8e97b5f069f6b0300c0f
                                                                        • Instruction ID: a8bda7ab5d510cf104eabde8e7329c91a6d9d4caa9cc6f6bbf26da947c9a4810
                                                                        • Opcode Fuzzy Hash: 17142e4e9d0999907251aaff9f969d8502496d7bbb5a8e97b5f069f6b0300c0f
                                                                        • Instruction Fuzzy Hash: 14919E7110820A9FDB04DF68C985BBB77A8FF84314F04546AFE85DA196DB30ED45CBA2
                                                                        Function 008FBF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetMenuItemInfoW.USER32(00961990,000000FF,00000000,00000030), ref: 008FBFAC
                                                                        • SetMenuItemInfoW.USER32(00961990,00000004,00000000,00000030), ref: 008FBFE1
                                                                        • Sleep.KERNEL32(000001F4), ref: 008FBFF3
                                                                        • GetMenuItemCount.USER32(?), ref: 008FC039
                                                                        • GetMenuItemID.USER32(?,00000000), ref: 008FC056
                                                                        • GetMenuItemID.USER32(?,-00000001), ref: 008FC082
                                                                        • GetMenuItemID.USER32(?,?), ref: 008FC0C9
                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 008FC10F
                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 008FC124
                                                                        • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 008FC145
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                        • String ID: 0
                                                                        • API String ID: 1460738036-4108050209
                                                                        • Opcode ID: 2491d7db8c1deb7622ff18d558c4a2b353d3ded203908d4fbf4372d2a8d0fc5d
                                                                        • Instruction ID: 8848b8c916d710df1abbe444cd5c2eb10d8081ab130ad060536fcdd3a87893d4
                                                                        • Opcode Fuzzy Hash: 2491d7db8c1deb7622ff18d558c4a2b353d3ded203908d4fbf4372d2a8d0fc5d
                                                                        • Instruction Fuzzy Hash: BB617CB091424EAFDB25CF68CE88EBE7BA8FB45344F040115FA11E3291CB31AE55DB61
                                                                        Function 0091CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0091CC64
                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0091CC8D
                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0091CD48
                                                                          • Part of subcall function 0091CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0091CCAA
                                                                          • Part of subcall function 0091CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0091CCBD
                                                                          • Part of subcall function 0091CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0091CCCF
                                                                          • Part of subcall function 0091CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0091CD05
                                                                          • Part of subcall function 0091CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0091CD28
                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 0091CCF3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                        • API String ID: 2734957052-4033151799
                                                                        • Opcode ID: f47b0e006fca1e1abee4361665562402774e1a78f7bede7e799cd7998e39a4de
                                                                        • Instruction ID: 7ab21cb55a26f3840793506fdfa9a3ff2531cba8d40758b6bb2a8227d4343d55
                                                                        • Opcode Fuzzy Hash: f47b0e006fca1e1abee4361665562402774e1a78f7bede7e799cd7998e39a4de
                                                                        • Instruction Fuzzy Hash: BA319EB5A8512CBBDB218B51DC88EFFBB7CEF45740F000465A905E2241DA748E86EAA0
                                                                        Function 00903D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00903D40
                                                                        • _wcslen.LIBCMT ref: 00903D6D
                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00903D9D
                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00903DBE
                                                                        • RemoveDirectoryW.KERNEL32(?), ref: 00903DCE
                                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00903E55
                                                                        • CloseHandle.KERNEL32(00000000), ref: 00903E60
                                                                        • CloseHandle.KERNEL32(00000000), ref: 00903E6B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                        • String ID: :$\$\??\%s
                                                                        • API String ID: 1149970189-3457252023
                                                                        • Opcode ID: ab57eeba03dcb80ea0618e1ffc7af44b8fa7c57f53f42e97e134d38eafc0e716
                                                                        • Instruction ID: e1f1b64db6ea0abd1bdc1bbdf7d4f924b4a89c921c4103ce60526cc4ec6f83a7
                                                                        • Opcode Fuzzy Hash: ab57eeba03dcb80ea0618e1ffc7af44b8fa7c57f53f42e97e134d38eafc0e716
                                                                        • Instruction Fuzzy Hash: 2B31B2B1914209ABDB21DBA4DC49FEF37BCEF88700F1081B6F519D61A0EB7497458B24
                                                                        Function 008FE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • timeGetTime.WINMM ref: 008FE6B4
                                                                          • Part of subcall function 008AE551: timeGetTime.WINMM(?,?,008FE6D4), ref: 008AE555
                                                                        • Sleep.KERNEL32(0000000A), ref: 008FE6E1
                                                                        • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 008FE705
                                                                        • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 008FE727
                                                                        • SetActiveWindow.USER32 ref: 008FE746
                                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 008FE754
                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 008FE773
                                                                        • Sleep.KERNEL32(000000FA), ref: 008FE77E
                                                                        • IsWindow.USER32 ref: 008FE78A
                                                                        • EndDialog.USER32(00000000), ref: 008FE79B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                        • String ID: BUTTON
                                                                        • API String ID: 1194449130-3405671355
                                                                        • Opcode ID: 135f77061f52dc9c8db790df048fa86dc6684220b0ce587116f2ad038dd8b49e
                                                                        • Instruction ID: fe919c4abdee0798c3b4fc176df5d214b3a1b87d39d1ead54f69cf11074cb547
                                                                        • Opcode Fuzzy Hash: 135f77061f52dc9c8db790df048fa86dc6684220b0ce587116f2ad038dd8b49e
                                                                        • Instruction Fuzzy Hash: 232165B022860DAFEB205F75EC8DE3D3B69F754749B10042AF612C1171DBB59C11AB25
                                                                        Function 008FE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 008FEA5D
                                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 008FEA73
                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 008FEA84
                                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 008FEA96
                                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 008FEAA7
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: SendString$_wcslen
                                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                        • API String ID: 2420728520-1007645807
                                                                        • Opcode ID: cfa9a451a30f5f62a4dbccee06ad5d5686b8ff69503288a749b4f8b8f11354af
                                                                        • Instruction ID: bc8d6cc179887939fc352e1af5cb11c44d0df0b58daadc5f69ca363dbfb0676e
                                                                        • Opcode Fuzzy Hash: cfa9a451a30f5f62a4dbccee06ad5d5686b8ff69503288a749b4f8b8f11354af
                                                                        • Instruction Fuzzy Hash: EC118F61A9022979DB20F7A6DC5ADFF6A7CFBE1F44F440429B901E20E0EA700909C6B1
                                                                        Function 008F9F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetKeyboardState.USER32(?), ref: 008FA012
                                                                        • SetKeyboardState.USER32(?), ref: 008FA07D
                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 008FA09D
                                                                        • GetKeyState.USER32(000000A0), ref: 008FA0B4
                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 008FA0E3
                                                                        • GetKeyState.USER32(000000A1), ref: 008FA0F4
                                                                        • GetAsyncKeyState.USER32(00000011), ref: 008FA120
                                                                        • GetKeyState.USER32(00000011), ref: 008FA12E
                                                                        • GetAsyncKeyState.USER32(00000012), ref: 008FA157
                                                                        • GetKeyState.USER32(00000012), ref: 008FA165
                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 008FA18E
                                                                        • GetKeyState.USER32(0000005B), ref: 008FA19C
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: State$Async$Keyboard
                                                                        • String ID:
                                                                        • API String ID: 541375521-0
                                                                        • Opcode ID: 57478b92f1f8597ecde9bf8c969b6dc9e113867efa8918b9177bc485cfb34eea
                                                                        • Instruction ID: b314b1c41ef38e0f061d82c72f37d6e85c354dc8714cadbbac554eacf9554a41
                                                                        • Opcode Fuzzy Hash: 57478b92f1f8597ecde9bf8c969b6dc9e113867efa8918b9177bc485cfb34eea
                                                                        • Instruction Fuzzy Hash: 5551D96090478C29FB39DB7484147FABFB4EF12390F088599D6C6D71C2DA64AA8CC763
                                                                        Function 008F5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetDlgItem.USER32(?,00000001), ref: 008F5CE2
                                                                        • GetWindowRect.USER32(00000000,?), ref: 008F5CFB
                                                                        • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 008F5D59
                                                                        • GetDlgItem.USER32(?,00000002), ref: 008F5D69
                                                                        • GetWindowRect.USER32(00000000,?), ref: 008F5D7B
                                                                        • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 008F5DCF
                                                                        • GetDlgItem.USER32(?,000003E9), ref: 008F5DDD
                                                                        • GetWindowRect.USER32(00000000,?), ref: 008F5DEF
                                                                        • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 008F5E31
                                                                        • GetDlgItem.USER32(?,000003EA), ref: 008F5E44
                                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 008F5E5A
                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 008F5E67
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                                        • String ID:
                                                                        • API String ID: 3096461208-0
                                                                        • Opcode ID: e62a5cde89405bc482db469322debf5a10c7deada663124a92866e1e6ef54110
                                                                        • Instruction ID: 33f896137c4551927902fc8b25d21b8465e75216bad49ea46c28bce940149f4d
                                                                        • Opcode Fuzzy Hash: e62a5cde89405bc482db469322debf5a10c7deada663124a92866e1e6ef54110
                                                                        • Instruction Fuzzy Hash: 2951FEB1A10609AFDF18DF68DD89AAEBBB9FB48300F148129F615E6690D7709E05CB50
                                                                        Function 008A8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008A8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,008A8BE8,?,00000000,?,?,?,?,008A8BBA,00000000,?), ref: 008A8FC5
                                                                        • DestroyWindow.USER32(?), ref: 008A8C81
                                                                        • KillTimer.USER32(00000000,?,?,?,?,008A8BBA,00000000,?), ref: 008A8D1B
                                                                        • DestroyAcceleratorTable.USER32(00000000), ref: 008E6973
                                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,008A8BBA,00000000,?), ref: 008E69A1
                                                                        • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,008A8BBA,00000000,?), ref: 008E69B8
                                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,008A8BBA,00000000), ref: 008E69D4
                                                                        • DeleteObject.GDI32(00000000), ref: 008E69E6
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                        • String ID:
                                                                        • API String ID: 641708696-0
                                                                        • Opcode ID: fd3fae47b4e33df176ca04a2a60d1db0f26da12034d6ce59e798a7bf1ed8e893
                                                                        • Instruction ID: 1025f6fa6bf773cd0392724bbd0447d793e8ef8d3ea4b4846ce15a0b0caaa7a9
                                                                        • Opcode Fuzzy Hash: fd3fae47b4e33df176ca04a2a60d1db0f26da12034d6ce59e798a7bf1ed8e893
                                                                        • Instruction Fuzzy Hash: 4361DB30416640DFEB359F19D948B29BBF1FB52326F18452CE042DB960CB71ACA1EFA0
                                                                        Function 008A9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008A9944: GetWindowLongW.USER32(?,000000EB), ref: 008A9952
                                                                        • GetSysColor.USER32(0000000F), ref: 008A9862
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ColorLongWindow
                                                                        • String ID:
                                                                        • API String ID: 259745315-0
                                                                        • Opcode ID: 3261611dc767e740a882813f35cdd127847cd6b4e873f0ed8149838aa635c0ea
                                                                        • Instruction ID: b0525c8b400e36eeaff09570d5801ea9af767bb18b3dc8a5f189e5089fa8bc4b
                                                                        • Opcode Fuzzy Hash: 3261611dc767e740a882813f35cdd127847cd6b4e873f0ed8149838aa635c0ea
                                                                        • Instruction Fuzzy Hash: C8418E7110C644AAEB305F389C85BB93B65FB07320F144655FAE2C71E2C6799C42EB11
                                                                        Function 008F96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,008DF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 008F9717
                                                                        • LoadStringW.USER32(00000000,?,008DF7F8,00000001), ref: 008F9720
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                        • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,008DF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 008F9742
                                                                        • LoadStringW.USER32(00000000,?,008DF7F8,00000001), ref: 008F9745
                                                                        • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 008F9866
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: HandleLoadModuleString$Message_wcslen
                                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                        • API String ID: 747408836-2268648507
                                                                        • Opcode ID: 858b57cbca155b200a9f5cf98ccf212b32f62eaa1bb02762fa183bd8f3a9c338
                                                                        • Instruction ID: 458ee819098eab01443b13b9d5dfb6fcb97f8abb783822d13e276e0d95063b65
                                                                        • Opcode Fuzzy Hash: 858b57cbca155b200a9f5cf98ccf212b32f62eaa1bb02762fa183bd8f3a9c338
                                                                        • Instruction Fuzzy Hash: B9413A72804209AACF04FBE8DD46EEE7778FF55344F540029F605B2192EB256F48DB62
                                                                        Function 008F06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 008F07A2
                                                                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 008F07BE
                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 008F07DA
                                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 008F0804
                                                                        • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 008F082C
                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 008F0837
                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 008F083C
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                        • API String ID: 323675364-22481851
                                                                        • Opcode ID: bcf731b97c28837902d36f6cc231c3feafceb3f00c7d1f2909df871ab892b52f
                                                                        • Instruction ID: 160c31724674f7f70eedfd3633cf0b95242b32a3e19341d61f2b422c31200d2d
                                                                        • Opcode Fuzzy Hash: bcf731b97c28837902d36f6cc231c3feafceb3f00c7d1f2909df871ab892b52f
                                                                        • Instruction Fuzzy Hash: BD410772C10229AFCF25EBA8DC958EEB778FF44350F494169E911A3161EB309E04CF91
                                                                        Function 00923F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0092403B
                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00924042
                                                                        • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00924055
                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0092405D
                                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 00924068
                                                                        • DeleteDC.GDI32(00000000), ref: 00924072
                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 0092407C
                                                                        • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00924092
                                                                        • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 0092409E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                        • String ID: static
                                                                        • API String ID: 2559357485-2160076837
                                                                        • Opcode ID: f7c5c4edce0dd7836c43c1e979b3a8c531f31989dcafc03d904c9fc2a07a4a6b
                                                                        • Instruction ID: 24f408aa00858a59156bc467bdbab2d17d472e505f99e964a31366d6bd597acd
                                                                        • Opcode Fuzzy Hash: f7c5c4edce0dd7836c43c1e979b3a8c531f31989dcafc03d904c9fc2a07a4a6b
                                                                        • Instruction Fuzzy Hash: C2317A72555225BBDF219FA4EC09FDE3B68EF0D724F100210FA18A61A0C775D861EB94
                                                                        Function 00913C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VariantInit.OLEAUT32(?), ref: 00913C5C
                                                                        • CoInitialize.OLE32(00000000), ref: 00913C8A
                                                                        • CoUninitialize.OLE32 ref: 00913C94
                                                                        • _wcslen.LIBCMT ref: 00913D2D
                                                                        • GetRunningObjectTable.OLE32(00000000,?), ref: 00913DB1
                                                                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 00913ED5
                                                                        • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00913F0E
                                                                        • CoGetObject.OLE32(?,00000000,0092FB98,?), ref: 00913F2D
                                                                        • SetErrorMode.KERNEL32(00000000), ref: 00913F40
                                                                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00913FC4
                                                                        • VariantClear.OLEAUT32(?), ref: 00913FD8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                        • String ID:
                                                                        • API String ID: 429561992-0
                                                                        • Opcode ID: b700c01d7a3421195cfb03cd59f32837087286866abea872a1ee5c684d301413
                                                                        • Instruction ID: 9ca5add3afe135ba0377b621021bd2d0c848c6adb2a335b38f1c734e27f3e761
                                                                        • Opcode Fuzzy Hash: b700c01d7a3421195cfb03cd59f32837087286866abea872a1ee5c684d301413
                                                                        • Instruction Fuzzy Hash: CBC132716083099FD710DF28C88496ABBF9FF89744F04891DF98A9B251D730EE46CB92
                                                                        Function 00907A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CoInitialize.OLE32(00000000), ref: 00907AF3
                                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00907B8F
                                                                        • SHGetDesktopFolder.SHELL32(?), ref: 00907BA3
                                                                        • CoCreateInstance.OLE32(0092FD08,00000000,00000001,00956E6C,?), ref: 00907BEF
                                                                        • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00907C74
                                                                        • CoTaskMemFree.OLE32(?,?), ref: 00907CCC
                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 00907D57
                                                                        • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00907D7A
                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00907D81
                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00907DD6
                                                                        • CoUninitialize.OLE32 ref: 00907DDC
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                        • String ID:
                                                                        • API String ID: 2762341140-0
                                                                        • Opcode ID: 746e143c715a4516f84948b5511e3d90876bfdbfc959078611b04be9019c67a8
                                                                        • Instruction ID: 43005c5a5adc49e86153d69b9b7d094714d01348d74c6d89661f19a679750bdb
                                                                        • Opcode Fuzzy Hash: 746e143c715a4516f84948b5511e3d90876bfdbfc959078611b04be9019c67a8
                                                                        • Instruction Fuzzy Hash: 25C1F875A04119AFDB14DFA8C884DAEBBB9FF48314B148499E819DB3A1D730EE45CB90
                                                                        Function 0092541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00925504
                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00925515
                                                                        • CharNextW.USER32(00000158), ref: 00925544
                                                                        • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00925585
                                                                        • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0092559B
                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 009255AC
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$CharNext
                                                                        • String ID:
                                                                        • API String ID: 1350042424-0
                                                                        • Opcode ID: faa4391109080b7558ed2ef5dca9144bfd11328bdeeb47c8d8e4d15de0f2c342
                                                                        • Instruction ID: 8912759dd538191e415b500e1338f5f0942b73f6c4e2301283d948741f403d02
                                                                        • Opcode Fuzzy Hash: faa4391109080b7558ed2ef5dca9144bfd11328bdeeb47c8d8e4d15de0f2c342
                                                                        • Instruction Fuzzy Hash: 2E61DF74904629EFDF209F94EC84EFE7BB9EF09320F118005F925A72A4C7748A81DB60
                                                                        Function 008EFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 008EFAAF
                                                                        • SafeArrayAllocData.OLEAUT32(?), ref: 008EFB08
                                                                        • VariantInit.OLEAUT32(?), ref: 008EFB1A
                                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 008EFB3A
                                                                        • VariantCopy.OLEAUT32(?,?), ref: 008EFB8D
                                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 008EFBA1
                                                                        • VariantClear.OLEAUT32(?), ref: 008EFBB6
                                                                        • SafeArrayDestroyData.OLEAUT32(?), ref: 008EFBC3
                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 008EFBCC
                                                                        • VariantClear.OLEAUT32(?), ref: 008EFBDE
                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 008EFBE9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                        • String ID:
                                                                        • API String ID: 2706829360-0
                                                                        • Opcode ID: bdd00370c82f0139871c43b7fa7c4053d07beff8500fd2eb70fb327bb88ce269
                                                                        • Instruction ID: b452d33075a5a4fbf61f7b713ae16623375bc25ccc1120cc27663b9ef0d6de99
                                                                        • Opcode Fuzzy Hash: bdd00370c82f0139871c43b7fa7c4053d07beff8500fd2eb70fb327bb88ce269
                                                                        • Instruction Fuzzy Hash: 9E417275A14219AFCF10EF69CC549AEBBB9FF48354F008065E905E7261CB30A946CF91
                                                                        Function 008F9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetKeyboardState.USER32(?), ref: 008F9CA1
                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 008F9D22
                                                                        • GetKeyState.USER32(000000A0), ref: 008F9D3D
                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 008F9D57
                                                                        • GetKeyState.USER32(000000A1), ref: 008F9D6C
                                                                        • GetAsyncKeyState.USER32(00000011), ref: 008F9D84
                                                                        • GetKeyState.USER32(00000011), ref: 008F9D96
                                                                        • GetAsyncKeyState.USER32(00000012), ref: 008F9DAE
                                                                        • GetKeyState.USER32(00000012), ref: 008F9DC0
                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 008F9DD8
                                                                        • GetKeyState.USER32(0000005B), ref: 008F9DEA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: State$Async$Keyboard
                                                                        • String ID:
                                                                        • API String ID: 541375521-0
                                                                        • Opcode ID: 4b054d7d19ed49f9d4ddc52fe5ae3eeba3664fe3a66c46d198bbb9c1aa914c3a
                                                                        • Instruction ID: b1e31a8254a4f3b41dbfc224c4d168a37a53453aa3636a5e70a652ae0490932e
                                                                        • Opcode Fuzzy Hash: 4b054d7d19ed49f9d4ddc52fe5ae3eeba3664fe3a66c46d198bbb9c1aa914c3a
                                                                        • Instruction Fuzzy Hash: F2419674508BCE6DFF31967488047B5BEA0FF12344F14805ADBC6D66C2DBA599C8C7A2
                                                                        Function 0091055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • WSAStartup.WSOCK32(00000101,?), ref: 009105BC
                                                                        • inet_addr.WSOCK32(?), ref: 0091061C
                                                                        • gethostbyname.WSOCK32(?), ref: 00910628
                                                                        • IcmpCreateFile.IPHLPAPI ref: 00910636
                                                                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 009106C6
                                                                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 009106E5
                                                                        • IcmpCloseHandle.IPHLPAPI(?), ref: 009107B9
                                                                        • WSACleanup.WSOCK32 ref: 009107BF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                        • String ID: Ping
                                                                        • API String ID: 1028309954-2246546115
                                                                        • Opcode ID: 78e212df206ec4cd89265b652682f70557d92f8e2685c95c71f799c10a23e490
                                                                        • Instruction ID: 345ba1aceec5a4ce611e5b621697dcb8c2c9dfa9aac40d1bc9bc4c481d199239
                                                                        • Opcode Fuzzy Hash: 78e212df206ec4cd89265b652682f70557d92f8e2685c95c71f799c10a23e490
                                                                        • Instruction Fuzzy Hash: 7F918E756082019FD720DF19C889B5ABBE4FF84358F1485A9F4698B6A2C771EDC1CF81
                                                                        Function 00918CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _wcslen$BuffCharLower
                                                                        • String ID: cdecl$none$stdcall$winapi
                                                                        • API String ID: 707087890-567219261
                                                                        • Opcode ID: 91c19d3c59f3ba85f6f8c9f1ed9d6693aa5efb25998cd23bf37d69d48f0c2d63
                                                                        • Instruction ID: 91599653dd77f16e83e7b23b3854aa2463c8aa8f8bcceb05fb9b9c001d87ca71
                                                                        • Opcode Fuzzy Hash: 91c19d3c59f3ba85f6f8c9f1ed9d6693aa5efb25998cd23bf37d69d48f0c2d63
                                                                        • Instruction Fuzzy Hash: FF519F31A0011A9ACF24EF6CC8409FFB7A9FF64324B244629E826E72C0DB30DD80D791
                                                                        Function 0091372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CoInitialize.OLE32 ref: 00913774
                                                                        • CoUninitialize.OLE32 ref: 0091377F
                                                                        • CoCreateInstance.OLE32(?,00000000,00000017,0092FB78,?), ref: 009137D9
                                                                        • IIDFromString.OLE32(?,?), ref: 0091384C
                                                                        • VariantInit.OLEAUT32(?), ref: 009138E4
                                                                        • VariantClear.OLEAUT32(?), ref: 00913936
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                        • API String ID: 636576611-1287834457
                                                                        • Opcode ID: f2bea62d94136f9643a751e14201139544a5ad982d1a8a9e2f94135077fb78d3
                                                                        • Instruction ID: e4a4a84fc020c050fcb10c26e7a06c03e1f1a7bf9a8f811fe1184d6485d974b2
                                                                        • Opcode Fuzzy Hash: f2bea62d94136f9643a751e14201139544a5ad982d1a8a9e2f94135077fb78d3
                                                                        • Instruction Fuzzy Hash: B961A170708305AFD710DF64C844BAABBF8EF89714F108859F98597291D770EE88CB92
                                                                        Function 00903388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 009033CF
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                        • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 009033F0
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: LoadString$_wcslen
                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                        • API String ID: 4099089115-3080491070
                                                                        • Opcode ID: 4bfd5760f6f2dd5ca4b42fb63ee321004572f9ad86380c175dae583cc2038986
                                                                        • Instruction ID: 54889578e06040b6f6887671e7ce8d2f4d4a07e67785adb41c85dbd093ad9928
                                                                        • Opcode Fuzzy Hash: 4bfd5760f6f2dd5ca4b42fb63ee321004572f9ad86380c175dae583cc2038986
                                                                        • Instruction Fuzzy Hash: 9651A071900209AADF15FBA8DD42EEEB778FF04344F184169F505B21A2EB712F58DB62
                                                                        Function 008FB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _wcslen$BuffCharUpper
                                                                        • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                        • API String ID: 1256254125-769500911
                                                                        • Opcode ID: 1bd92da370f89fee3559ed51a2b56f8bece23703fb3d72b112fa844b1e1cfbd8
                                                                        • Instruction ID: 24f77bf97222ce75ad9c0643cdf2162781983005022172682c0fa499bec65fab
                                                                        • Opcode Fuzzy Hash: 1bd92da370f89fee3559ed51a2b56f8bece23703fb3d72b112fa844b1e1cfbd8
                                                                        • Instruction Fuzzy Hash: CA41B632A0012A9BCB20AF7DCC915BE7BA5FF74758B254129E661DB284F739CD81C790
                                                                        Function 00905393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetErrorMode.KERNEL32(00000001), ref: 009053A0
                                                                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00905416
                                                                        • GetLastError.KERNEL32 ref: 00905420
                                                                        • SetErrorMode.KERNEL32(00000000,READY), ref: 009054A7
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Error$Mode$DiskFreeLastSpace
                                                                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                        • API String ID: 4194297153-14809454
                                                                        • Opcode ID: da4c3bfed5a711c23c5e76e99d1afc5ee294804adc39cd6f49604244e0f9ee0a
                                                                        • Instruction ID: 6be1a06c143a1327fdc8bfd9b97c4f790a028ee560713a614ad3d098687267b9
                                                                        • Opcode Fuzzy Hash: da4c3bfed5a711c23c5e76e99d1afc5ee294804adc39cd6f49604244e0f9ee0a
                                                                        • Instruction Fuzzy Hash: E3319D75A006059FCB10DF69C885AEABBB8FF04305F598469E805CB2E2DB70DD86CF91
                                                                        Function 00923C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateMenu.USER32 ref: 00923C79
                                                                        • SetMenu.USER32(?,00000000), ref: 00923C88
                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00923D10
                                                                        • IsMenu.USER32(?), ref: 00923D24
                                                                        • CreatePopupMenu.USER32 ref: 00923D2E
                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00923D5B
                                                                        • DrawMenuBar.USER32 ref: 00923D63
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                        • String ID: 0$F
                                                                        • API String ID: 161812096-3044882817
                                                                        • Opcode ID: 1ec1e780b395112e04b46e0ef9b523cac8e31a661f2978ddfbc77917528fe314
                                                                        • Instruction ID: 297245c810a2550667de25f0b16fb920cdb2725605654a7f8065c9a248c91587
                                                                        • Opcode Fuzzy Hash: 1ec1e780b395112e04b46e0ef9b523cac8e31a661f2978ddfbc77917528fe314
                                                                        • Instruction Fuzzy Hash: D04189B4A15219AFDB24CF64E844EAA7BB9FF49310F144028F946A73A0D774EA10DF90
                                                                        Function 008F1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                          • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                        • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 008F1F64
                                                                        • GetDlgCtrlID.USER32 ref: 008F1F6F
                                                                        • GetParent.USER32 ref: 008F1F8B
                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 008F1F8E
                                                                        • GetDlgCtrlID.USER32(?), ref: 008F1F97
                                                                        • GetParent.USER32(?), ref: 008F1FAB
                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 008F1FAE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                        • String ID: ComboBox$ListBox
                                                                        • API String ID: 711023334-1403004172
                                                                        • Opcode ID: 0dcd71f96a398b196dfd792797e8f57e7145e3d57edfc293e99edd2945dda3c7
                                                                        • Instruction ID: bcdbbad428739d3f99d46839d219dc7d38256b49c94c77b8be091eecdcd906c9
                                                                        • Opcode Fuzzy Hash: 0dcd71f96a398b196dfd792797e8f57e7145e3d57edfc293e99edd2945dda3c7
                                                                        • Instruction Fuzzy Hash: C421C270A00218BBCF14EFA5DC99DFEBBB8FF05314B000119FA61A72A1CB345909DB60
                                                                        Function 008F1FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                          • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                        • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 008F2043
                                                                        • GetDlgCtrlID.USER32 ref: 008F204E
                                                                        • GetParent.USER32 ref: 008F206A
                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 008F206D
                                                                        • GetDlgCtrlID.USER32(?), ref: 008F2076
                                                                        • GetParent.USER32(?), ref: 008F208A
                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 008F208D
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                        • String ID: ComboBox$ListBox
                                                                        • API String ID: 711023334-1403004172
                                                                        • Opcode ID: 8a02786bcff3d243a1cd3e50fbda5d8a7a25077cca505149c77265c93d8306f4
                                                                        • Instruction ID: 086438a16164c66f59701a31974f0019e8bfcbfb783499fcadfcbe8407f14ae4
                                                                        • Opcode Fuzzy Hash: 8a02786bcff3d243a1cd3e50fbda5d8a7a25077cca505149c77265c93d8306f4
                                                                        • Instruction Fuzzy Hash: 8E2192B5900218BBCF10AFB5CC45EFEBBB8FF45344F004015FA51A72A1DA755919DB61
                                                                        Function 00923A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00923A9D
                                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00923AA0
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00923AC7
                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00923AEA
                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00923B62
                                                                        • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00923BAC
                                                                        • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00923BC7
                                                                        • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00923BE2
                                                                        • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00923BF6
                                                                        • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00923C13
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$LongWindow
                                                                        • String ID:
                                                                        • API String ID: 312131281-0
                                                                        • Opcode ID: 112030f2a30385aef083143fe30366fb2e6a1b71ddf1793f9ba1b29f2ee791d9
                                                                        • Instruction ID: dd7d7ed9a464abb01b5636b75773747ee8c045ab8bb8e3202673613bce8d409a
                                                                        • Opcode Fuzzy Hash: 112030f2a30385aef083143fe30366fb2e6a1b71ddf1793f9ba1b29f2ee791d9
                                                                        • Instruction Fuzzy Hash: 38617875A00218AFDB10DFA8DC81EEE77B8EB49700F14419AFA55E72A1C774AE41DB50
                                                                        Function 008FB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetCurrentThreadId.KERNEL32 ref: 008FB151
                                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB165
                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 008FB16C
                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB17B
                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 008FB18D
                                                                        • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB1A6
                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB1B8
                                                                        • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB1FD
                                                                        • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB212
                                                                        • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB21D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                        • String ID:
                                                                        • API String ID: 2156557900-0
                                                                        • Opcode ID: 123f4c609440fc59c4bb001e71135dd8b0430e132d51f38dff0bf5448d9d6c24
                                                                        • Instruction ID: 402d0524fd1022cd08b92184510009b5ed05eb83b42b7c2f801a7a72ddd059fd
                                                                        • Opcode Fuzzy Hash: 123f4c609440fc59c4bb001e71135dd8b0430e132d51f38dff0bf5448d9d6c24
                                                                        • Instruction Fuzzy Hash: AF31ADB1528208BFEB209F74DC48BBD7BA9FB61391F108009FB01D6190D7B49E459FA4
                                                                        Function 008C2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _free.LIBCMT ref: 008C2C94
                                                                          • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                          • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                        • _free.LIBCMT ref: 008C2CA0
                                                                        • _free.LIBCMT ref: 008C2CAB
                                                                        • _free.LIBCMT ref: 008C2CB6
                                                                        • _free.LIBCMT ref: 008C2CC1
                                                                        • _free.LIBCMT ref: 008C2CCC
                                                                        • _free.LIBCMT ref: 008C2CD7
                                                                        • _free.LIBCMT ref: 008C2CE2
                                                                        • _free.LIBCMT ref: 008C2CED
                                                                        • _free.LIBCMT ref: 008C2CFB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                        • String ID:
                                                                        • API String ID: 776569668-0
                                                                        • Opcode ID: a914d3e7c6fe58741ccb58ec5973b97af373b4062e703c5bf111f1af9fd8cdaa
                                                                        • Instruction ID: 44efd02d7a48ebfda3c8ba9c484c4a5f93dccae19e39a68b900f73ae2b80d4d5
                                                                        • Opcode Fuzzy Hash: a914d3e7c6fe58741ccb58ec5973b97af373b4062e703c5bf111f1af9fd8cdaa
                                                                        • Instruction Fuzzy Hash: 1911A476100108AFCB02EF58D882EDD3FB5FF05350F4144A9FA489F2A2DA31EE549B91
                                                                        Function 00907DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00907FAD
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00907FC1
                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00907FEB
                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00908005
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00908017
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00908060
                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 009080B0
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentDirectory$AttributesFile
                                                                        • String ID: *.*
                                                                        • API String ID: 769691225-438819550
                                                                        • Opcode ID: 52bf7d7ed4a8ca194296bdcaf3355c54a3fcf8e6d7e15eb6bf1b952e5f461206
                                                                        • Instruction ID: a47f3ff0437cfa1a50e4d3cd6a9bb8835ba6c9fa3da0cdff0a7b2751670fbd84
                                                                        • Opcode Fuzzy Hash: 52bf7d7ed4a8ca194296bdcaf3355c54a3fcf8e6d7e15eb6bf1b952e5f461206
                                                                        • Instruction Fuzzy Hash: 188171729082459FCB20EF54C4449AEF7E8FF85320F544C6AF885D72A1EB35ED458B52
                                                                        Function 00895BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetWindowLongW.USER32(?,000000EB), ref: 00895C7A
                                                                          • Part of subcall function 00895D0A: GetClientRect.USER32(?,?), ref: 00895D30
                                                                          • Part of subcall function 00895D0A: GetWindowRect.USER32(?,?), ref: 00895D71
                                                                          • Part of subcall function 00895D0A: ScreenToClient.USER32(?,?), ref: 00895D99
                                                                        • GetDC.USER32 ref: 008D46F5
                                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 008D4708
                                                                        • SelectObject.GDI32(00000000,00000000), ref: 008D4716
                                                                        • SelectObject.GDI32(00000000,00000000), ref: 008D472B
                                                                        • ReleaseDC.USER32(?,00000000), ref: 008D4733
                                                                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 008D47C4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                        • String ID: U
                                                                        • API String ID: 4009187628-3372436214
                                                                        • Opcode ID: 942bf70a074cb66d8ac384a4d4cef6154cb2e1351e0ad48432ad3a6d264a9c55
                                                                        • Instruction ID: bdb0eb8e32ee6b4b970927fe0846d82af1f0c5fb693089a10d533f37a831c259
                                                                        • Opcode Fuzzy Hash: 942bf70a074cb66d8ac384a4d4cef6154cb2e1351e0ad48432ad3a6d264a9c55
                                                                        • Instruction Fuzzy Hash: 3171E231404209DFCF219F64C984ABA7BB5FF4A368F18536AE956DA2A6C731CC41DF50
                                                                        Function 0090359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 009035E4
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                        • LoadStringW.USER32(00962390,?,00000FFF,?), ref: 0090360A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: LoadString$_wcslen
                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                        • API String ID: 4099089115-2391861430
                                                                        • Opcode ID: 15e7ebc9e018f61de32bee3dbcd4751e5a2ddfacc25ff0c3a8e64dbc29463289
                                                                        • Instruction ID: d60ba9a409a506c0ef6bcd4fcbf5fe3e799f997b87ced9881b5e3e224345908a
                                                                        • Opcode Fuzzy Hash: 15e7ebc9e018f61de32bee3dbcd4751e5a2ddfacc25ff0c3a8e64dbc29463289
                                                                        • Instruction Fuzzy Hash: F0516F71800209BADF15FBA4DC42EEEBB38FF54304F084129F505B21A1EB711B99DBA2
                                                                        Function 0090C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0090C272
                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0090C29A
                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0090C2CA
                                                                        • GetLastError.KERNEL32 ref: 0090C322
                                                                        • SetEvent.KERNEL32(?), ref: 0090C336
                                                                        • InternetCloseHandle.WININET(00000000), ref: 0090C341
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                        • String ID:
                                                                        • API String ID: 3113390036-3916222277
                                                                        • Opcode ID: 2bddb202dfc7735a62b60d5f7c3f7b5e446e24cf17321124b9196e66395d708f
                                                                        • Instruction ID: 02b86dd8b438f6edf2629612205e96fd490e87981a5fb455e718ea514ec2647f
                                                                        • Opcode Fuzzy Hash: 2bddb202dfc7735a62b60d5f7c3f7b5e446e24cf17321124b9196e66395d708f
                                                                        • Instruction Fuzzy Hash: C5314AF1614608AFD7219FA48C88AAF7BFCEB49744F14861EF446D2290DB34DD05ABA1
                                                                        Function 008F989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,008D3AAF,?,?,Bad directive syntax error,0092CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 008F98BC
                                                                        • LoadStringW.USER32(00000000,?,008D3AAF,?), ref: 008F98C3
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 008F9987
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: HandleLoadMessageModuleString_wcslen
                                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                        • API String ID: 858772685-4153970271
                                                                        • Opcode ID: b6b44f97512124582d1a5c00aa95c0f07861888ed38bb5d343d073a1fb342c91
                                                                        • Instruction ID: d76ce5f9376e9eee21f24cd39e9b140ff04cf3adce5ffa04eaee748110f59839
                                                                        • Opcode Fuzzy Hash: b6b44f97512124582d1a5c00aa95c0f07861888ed38bb5d343d073a1fb342c91
                                                                        • Instruction Fuzzy Hash: 8121943194421EABDF11EFA4CC06EFE7739FF14305F084469F615A20A2DB719618DB61
                                                                        Function 008F209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetParent.USER32 ref: 008F20AB
                                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 008F20C0
                                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 008F214D
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ClassMessageNameParentSend
                                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                        • API String ID: 1290815626-3381328864
                                                                        • Opcode ID: 971ce1bd5dec5a5b85a88bc6178152e59786cd9d99f12cb1911a13ed6eb05d96
                                                                        • Instruction ID: ea764708651f3d395dbd81eaffa746ee7e3504ad26583b7802dea9ae825babb8
                                                                        • Opcode Fuzzy Hash: 971ce1bd5dec5a5b85a88bc6178152e59786cd9d99f12cb1911a13ed6eb05d96
                                                                        • Instruction Fuzzy Hash: 4111367628870FB9FA116234DC1BDFA739CEF05329B211116FB04E40E2FE61B88A5619
                                                                        Function 008C8D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1930f311cb1090ef4d533f18cc5931a8f9cd6d04895b64e8bf03e1f3b625238f
                                                                        • Instruction ID: 1907beb348b25ef5941edf6eda437cdbcdc226532601e5b0e77c2d7759c6e0d4
                                                                        • Opcode Fuzzy Hash: 1930f311cb1090ef4d533f18cc5931a8f9cd6d04895b64e8bf03e1f3b625238f
                                                                        • Instruction Fuzzy Hash: 92C1BB74A04649AFDB219FA8D885FADBBB0FF49310F08409DE955E7392CB70D941CB62
                                                                        Function 008CCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                        • String ID:
                                                                        • API String ID: 1282221369-0
                                                                        • Opcode ID: 4f0d4df43ed8888378c2c6e248e2ee84bd777a56e5305681e2c28ff6198aa927
                                                                        • Instruction ID: 09ae8f5e6e12c0cffaca07cbfbb183be140ef27ec2888948a8b0c45a93997284
                                                                        • Opcode Fuzzy Hash: 4f0d4df43ed8888378c2c6e248e2ee84bd777a56e5305681e2c28ff6198aa927
                                                                        • Instruction Fuzzy Hash: 0D613571918304AFDB21AFB89892F6A7BB9FF05320F04426DF948D7282DBB1DD019791
                                                                        Function 009250D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00925186
                                                                        • ShowWindow.USER32(?,00000000), ref: 009251C7
                                                                        • ShowWindow.USER32(?,00000005,?,00000000), ref: 009251CD
                                                                        • SetFocus.USER32(?,?,00000005,?,00000000), ref: 009251D1
                                                                          • Part of subcall function 00926FBA: DeleteObject.GDI32(00000000), ref: 00926FE6
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0092520D
                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0092521A
                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0092524D
                                                                        • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00925287
                                                                        • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00925296
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                        • String ID:
                                                                        • API String ID: 3210457359-0
                                                                        • Opcode ID: a471de91539daee81c999cecd58ffdc32ab8d749810e0495cc48f40754234abc
                                                                        • Instruction ID: c7ffb70f9689932ed0ab1c36fc5331392262ac707a7cd5c5e126ff697db2a48d
                                                                        • Opcode Fuzzy Hash: a471de91539daee81c999cecd58ffdc32ab8d749810e0495cc48f40754234abc
                                                                        • Instruction Fuzzy Hash: 0851B270A58A28FEEF309F24EC45BD83B69FB05320F154011F625962E9C375E990DB41
                                                                        Function 008A8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 008E6890
                                                                        • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 008E68A9
                                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 008E68B9
                                                                        • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 008E68D1
                                                                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 008E68F2
                                                                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,008A8874,00000000,00000000,00000000,000000FF,00000000), ref: 008E6901
                                                                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 008E691E
                                                                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,008A8874,00000000,00000000,00000000,000000FF,00000000), ref: 008E692D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                        • String ID:
                                                                        • API String ID: 1268354404-0
                                                                        • Opcode ID: 621dbe1bed8f60659c4d85726d7f07864ad06983c8f652ff12e84fface5be05d
                                                                        • Instruction ID: 118792c4054014780f3349a2f58e24f52b7674ed9a2464e9ce4351a7b11bd045
                                                                        • Opcode Fuzzy Hash: 621dbe1bed8f60659c4d85726d7f07864ad06983c8f652ff12e84fface5be05d
                                                                        • Instruction Fuzzy Hash: E0519AB0600209EFEB20DF25CC55BAA7BB5FB59360F104528F902D76A0EB70E991DB60
                                                                        Function 0090C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0090C182
                                                                        • GetLastError.KERNEL32 ref: 0090C195
                                                                        • SetEvent.KERNEL32(?), ref: 0090C1A9
                                                                          • Part of subcall function 0090C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0090C272
                                                                          • Part of subcall function 0090C253: GetLastError.KERNEL32 ref: 0090C322
                                                                          • Part of subcall function 0090C253: SetEvent.KERNEL32(?), ref: 0090C336
                                                                          • Part of subcall function 0090C253: InternetCloseHandle.WININET(00000000), ref: 0090C341
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                        • String ID:
                                                                        • API String ID: 337547030-0
                                                                        • Opcode ID: 800eb66ee49e1a278521d64c325ba666ef13794b7634685c890e4e91f9440f29
                                                                        • Instruction ID: 04e359c88821a1f2d982c69d0ab532026ba9cc499c349c10dd897795e86f13a8
                                                                        • Opcode Fuzzy Hash: 800eb66ee49e1a278521d64c325ba666ef13794b7634685c890e4e91f9440f29
                                                                        • Instruction Fuzzy Hash: 5C318EB1604601FFDB219FA9DD44A6ABBFDFF58310B00461DF96682A50DB30E815ABA0
                                                                        Function 008F25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008F3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 008F3A57
                                                                          • Part of subcall function 008F3A3D: GetCurrentThreadId.KERNEL32 ref: 008F3A5E
                                                                          • Part of subcall function 008F3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008F25B3), ref: 008F3A65
                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 008F25BD
                                                                        • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 008F25DB
                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 008F25DF
                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 008F25E9
                                                                        • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 008F2601
                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 008F2605
                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 008F260F
                                                                        • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 008F2623
                                                                        • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 008F2627
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                        • String ID:
                                                                        • API String ID: 2014098862-0
                                                                        • Opcode ID: e95d4c387bd40c9cdca2bd437a89292d89c5aa85cdda6888b2585fed9babbd29
                                                                        • Instruction ID: f77a267d32ef716d258bace6ee74fdc6293bbbde877ef7c322e3478f8e2319e8
                                                                        • Opcode Fuzzy Hash: e95d4c387bd40c9cdca2bd437a89292d89c5aa85cdda6888b2585fed9babbd29
                                                                        • Instruction Fuzzy Hash: BD01D870398624BBFB2067799C8AF693F59EF4EB11F100001F314EE0D1C9E214459A6A
                                                                        Function 008F1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,008F1449,?,?,00000000), ref: 008F180C
                                                                        • HeapAlloc.KERNEL32(00000000,?,008F1449,?,?,00000000), ref: 008F1813
                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,008F1449,?,?,00000000), ref: 008F1828
                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,008F1449,?,?,00000000), ref: 008F1830
                                                                        • DuplicateHandle.KERNEL32(00000000,?,008F1449,?,?,00000000), ref: 008F1833
                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,008F1449,?,?,00000000), ref: 008F1843
                                                                        • GetCurrentProcess.KERNEL32(008F1449,00000000,?,008F1449,?,?,00000000), ref: 008F184B
                                                                        • DuplicateHandle.KERNEL32(00000000,?,008F1449,?,?,00000000), ref: 008F184E
                                                                        • CreateThread.KERNEL32(00000000,00000000,008F1874,00000000,00000000,00000000), ref: 008F1868
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                        • String ID:
                                                                        • API String ID: 1957940570-0
                                                                        • Opcode ID: 99af5b302d9eb31b970c33e62164138d4c1b8c2d8ab357b29a8a666af843d74a
                                                                        • Instruction ID: 03fbc42c9d77d270aef798b8138161c2192076bc61d1027d5f973eb94812426e
                                                                        • Opcode Fuzzy Hash: 99af5b302d9eb31b970c33e62164138d4c1b8c2d8ab357b29a8a666af843d74a
                                                                        • Instruction Fuzzy Hash: 6801BFB5654308BFE720AB75DC4EF6B3B6CEB89B11F104411FA05DB192C6749815DB60
                                                                        Function 0091A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008FD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 008FD501
                                                                          • Part of subcall function 008FD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 008FD50F
                                                                          • Part of subcall function 008FD4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 008FD5DC
                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0091A16D
                                                                        • GetLastError.KERNEL32 ref: 0091A180
                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0091A1B3
                                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 0091A268
                                                                        • GetLastError.KERNEL32(00000000), ref: 0091A273
                                                                        • CloseHandle.KERNEL32(00000000), ref: 0091A2C4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                        • String ID: SeDebugPrivilege
                                                                        • API String ID: 1701285019-2896544425
                                                                        • Opcode ID: 9df9002dce82d186b21ce223c2c325d5fb4c4fcec62bb5b134246ae355841230
                                                                        • Instruction ID: 883c526dfcb28e557081e0bad2f8abaae1f50d9bf9dfc8ed8e85190b28f749e2
                                                                        • Opcode Fuzzy Hash: 9df9002dce82d186b21ce223c2c325d5fb4c4fcec62bb5b134246ae355841230
                                                                        • Instruction Fuzzy Hash: 9661B271309241AFD720DF18C494F69BBE5AF44318F58848CE4668B7A3C776ED85CB92
                                                                        Function 00923886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00923925
                                                                        • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0092393A
                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00923954
                                                                        • _wcslen.LIBCMT ref: 00923999
                                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 009239C6
                                                                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 009239F4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$Window_wcslen
                                                                        • String ID: SysListView32
                                                                        • API String ID: 2147712094-78025650
                                                                        • Opcode ID: 7a69ffa917d2c099f61d12b6a1dfb0ff74a9cf27642926eb2ceb2a37b08417f6
                                                                        • Instruction ID: c24a98d36e7a39e2d7f04e1932bfdb42f53ad40edc2cd799f9a9f4e8a8a6cf2c
                                                                        • Opcode Fuzzy Hash: 7a69ffa917d2c099f61d12b6a1dfb0ff74a9cf27642926eb2ceb2a37b08417f6
                                                                        • Instruction Fuzzy Hash: 1441E371A00229ABEF21DF64DC49BEE7BA9FF48350F104526F948E7281D7759E80CB90
                                                                        Function 008FBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 008FBCFD
                                                                        • IsMenu.USER32(00000000), ref: 008FBD1D
                                                                        • CreatePopupMenu.USER32 ref: 008FBD53
                                                                        • GetMenuItemCount.USER32(010D5618), ref: 008FBDA4
                                                                        • InsertMenuItemW.USER32(010D5618,?,00000001,00000030), ref: 008FBDCC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                        • String ID: 0$2
                                                                        • API String ID: 93392585-3793063076
                                                                        • Opcode ID: 987f02535a557b8da7e31a1114d158a99d9c1622bfc19cbcf2622e8261ea4012
                                                                        • Instruction ID: a8bf5a1e54c077571426a5d8c7dda42190721c91f3d3ad9e3e677d636f1f70fd
                                                                        • Opcode Fuzzy Hash: 987f02535a557b8da7e31a1114d158a99d9c1622bfc19cbcf2622e8261ea4012
                                                                        • Instruction Fuzzy Hash: F0518BB0A0420D9BDB20EFB8D884BBEBBF8FF45354F244219E611D7290D7709941CB62
                                                                        Function 008FC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LoadIconW.USER32(00000000,00007F03), ref: 008FC913
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: IconLoad
                                                                        • String ID: blank$info$question$stop$warning
                                                                        • API String ID: 2457776203-404129466
                                                                        • Opcode ID: b8b1e625ad6e242cd2821769d9ffc472e5d8f27e83b3c44429fb2d7b49debd01
                                                                        • Instruction ID: 6b310c81f503970b8d07e0269d7988fd40b94b18808822213c162f5437439613
                                                                        • Opcode Fuzzy Hash: b8b1e625ad6e242cd2821769d9ffc472e5d8f27e83b3c44429fb2d7b49debd01
                                                                        • Instruction Fuzzy Hash: 2C11083178930EBAEB009B749D83CBE6B9CFF15359B50102AFA00E6282E7A19F045265
                                                                        Function 008FDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                        • String ID: 0.0.0.0
                                                                        • API String ID: 642191829-3771769585
                                                                        • Opcode ID: ab203b34192b9c27004248e6dd779b882d0344f59d4ba8068d2bf82a207f7ba6
                                                                        • Instruction ID: 5682750899a8b46527d3474a1d4530eb0cff5e51abe7764d22b7eab4247d3d00
                                                                        • Opcode Fuzzy Hash: ab203b34192b9c27004248e6dd779b882d0344f59d4ba8068d2bf82a207f7ba6
                                                                        • Instruction Fuzzy Hash: 92110671904218ABCB30BB749C0AEEE77ADFF11715F010169F745EA192EF718A819A61
                                                                        Function 00929F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                        • GetSystemMetrics.USER32(0000000F), ref: 00929FC7
                                                                        • GetSystemMetrics.USER32(0000000F), ref: 00929FE7
                                                                        • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0092A224
                                                                        • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0092A242
                                                                        • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0092A263
                                                                        • ShowWindow.USER32(00000003,00000000), ref: 0092A282
                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 0092A2A7
                                                                        • DefDlgProcW.USER32(?,00000005,?,?), ref: 0092A2CA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                        • String ID:
                                                                        • API String ID: 1211466189-0
                                                                        • Opcode ID: a4744126385acaedc1cbd660de00ebbf5750af7875b8ac0b7c1e2df881b6bce5
                                                                        • Instruction ID: bd982f99d6fb5d0886d0a363b1eb66d2d86799d59458584539d51f9b4828ca3e
                                                                        • Opcode Fuzzy Hash: a4744126385acaedc1cbd660de00ebbf5750af7875b8ac0b7c1e2df881b6bce5
                                                                        • Instruction Fuzzy Hash: C1B1EB32604225EFDF14CF68D9847AE3BB6FF44711F088069EC59AB29AD731A940CB61
                                                                        Function 008FED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _wcslen$LocalTime
                                                                        • String ID:
                                                                        • API String ID: 952045576-0
                                                                        • Opcode ID: 5de8fb07c11c1bf597eed7ba070b565e410bac05b79297984b34a80230683c33
                                                                        • Instruction ID: deea6066a7a2490dc106dfba7ae934723f1e1cb5b7524f379c7cc2935fd57940
                                                                        • Opcode Fuzzy Hash: 5de8fb07c11c1bf597eed7ba070b565e410bac05b79297984b34a80230683c33
                                                                        • Instruction Fuzzy Hash: 4D416265C1021C76DB11EBF88C8A9DFB7A8FF45710F508566E618E3222FB34E255C3A6
                                                                        Function 008AF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,008E682C,00000004,00000000,00000000), ref: 008AF953
                                                                        • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,008E682C,00000004,00000000,00000000), ref: 008EF3D1
                                                                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,008E682C,00000004,00000000,00000000), ref: 008EF454
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ShowWindow
                                                                        • String ID:
                                                                        • API String ID: 1268545403-0
                                                                        • Opcode ID: b6d0614ff77118a3ac6f6da44f5a0f935faf209b9489ba60468bba30c1b5635a
                                                                        • Instruction ID: b9edc3e684533a956897458bc64c2337372bbf3e848e6df45fb083d060d043ba
                                                                        • Opcode Fuzzy Hash: b6d0614ff77118a3ac6f6da44f5a0f935faf209b9489ba60468bba30c1b5635a
                                                                        • Instruction Fuzzy Hash: 2F411830218680BAE7788B69888876B7F91FB47318F1C443CE387D2E63C631A881DB51
                                                                        Function 00922D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DeleteObject.GDI32(00000000), ref: 00922D1B
                                                                        • GetDC.USER32(00000000), ref: 00922D23
                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00922D2E
                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00922D3A
                                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00922D76
                                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00922D87
                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00925A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00922DC2
                                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00922DE1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                        • String ID:
                                                                        • API String ID: 3864802216-0
                                                                        • Opcode ID: cf999a35aa5e2a1729b1a0c4766e84fd22305935c75f9694703032435f2fe795
                                                                        • Instruction ID: 7df2cdf0a111df0c90be60eb25a8acf81daa08e9199bd1a33d575fb0cc8d0140
                                                                        • Opcode Fuzzy Hash: cf999a35aa5e2a1729b1a0c4766e84fd22305935c75f9694703032435f2fe795
                                                                        • Instruction Fuzzy Hash: 7B317AB2215224BFEB218F50DC8AFEB3BADEF09715F044055FE089A291C6759C51CBA4
                                                                        Function 008F5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _memcmp
                                                                        • String ID:
                                                                        • API String ID: 2931989736-0
                                                                        • Opcode ID: afd0015c3864effba1b3b7138aaf5211446b7d117d1529414c380ebe5c775454
                                                                        • Instruction ID: 587c5781fb5d35efe99cf11b737aa51f0b236b1a89fdb15a928aad88ecbc0fb6
                                                                        • Opcode Fuzzy Hash: afd0015c3864effba1b3b7138aaf5211446b7d117d1529414c380ebe5c775454
                                                                        • Instruction Fuzzy Hash: 62219561644A1D77D654A6349DA6FFA239CFE74388F840030FF15DE785F728ED1081A6
                                                                        Function 00914FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: NULL Pointer assignment$Not an Object type
                                                                        • API String ID: 0-572801152
                                                                        • Opcode ID: b87d6c4582364ebe70d3cbc5816d4c4637ae15930d07061ae9d932d24a574dc1
                                                                        • Instruction ID: 2e9998836d09ea10ee8993069c719fc066fc11af14b400dfe30d59f337850f8d
                                                                        • Opcode Fuzzy Hash: b87d6c4582364ebe70d3cbc5816d4c4637ae15930d07061ae9d932d24a574dc1
                                                                        • Instruction Fuzzy Hash: 26D17071B0060AEFDB10DF98D881BEEB7B9BF88344F168469E915AB281D770DD85CB50
                                                                        Function 008D1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetCPInfo.KERNEL32(?,?), ref: 008D15CE
                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 008D1651
                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008D16E4
                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 008D16FB
                                                                          • Part of subcall function 008C3820: RtlAllocateHeap.NTDLL(00000000,?,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6,?,00891129), ref: 008C3852
                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008D1777
                                                                        • __freea.LIBCMT ref: 008D17A2
                                                                        • __freea.LIBCMT ref: 008D17AE
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                        • String ID:
                                                                        • API String ID: 2829977744-0
                                                                        • Opcode ID: 4d3ff908644795f8437521da289979f495ec2efce203045aeca2c3f9bef40b9a
                                                                        • Instruction ID: 77cfe1a7553a3ed8c882aae1bec261e55b6a3b81e917058962b7eac9ea85fe6f
                                                                        • Opcode Fuzzy Hash: 4d3ff908644795f8437521da289979f495ec2efce203045aeca2c3f9bef40b9a
                                                                        • Instruction Fuzzy Hash: F091C271F0021AAADF208E64D889AEE7BB5FF49714F18475AE805E7351DB39DD40CBA0
                                                                        Function 00914523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearInit
                                                                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                        • API String ID: 2610073882-625585964
                                                                        • Opcode ID: 61dcdf683762b81f2a2ac10a9fb983625fe95c1c75dadbba4fbc89b0a7c3277f
                                                                        • Instruction ID: 5ef03288b82c24aa63e82c84709917b15589a1eca57935d92fbb799d5af697dd
                                                                        • Opcode Fuzzy Hash: 61dcdf683762b81f2a2ac10a9fb983625fe95c1c75dadbba4fbc89b0a7c3277f
                                                                        • Instruction Fuzzy Hash: 6F917E71A00219ABDF20CFA5DC44FEEBBB8EF4A715F108559F515AB280D7709985CFA0
                                                                        Function 00901187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0090125C
                                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00901284
                                                                        • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 009012A8
                                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009012D8
                                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0090135F
                                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009013C4
                                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00901430
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                        • String ID:
                                                                        • API String ID: 2550207440-0
                                                                        • Opcode ID: 388ea769a9abd7beb4e076f9f4d3a7df7e4338d52b17d41144b8c8b749fef323
                                                                        • Instruction ID: f8d4fcf2b37ea6b277d9bc111c26ad70056283df16f82a4d34452c989ecf17ae
                                                                        • Opcode Fuzzy Hash: 388ea769a9abd7beb4e076f9f4d3a7df7e4338d52b17d41144b8c8b749fef323
                                                                        • Instruction Fuzzy Hash: BC910471A00219AFEB00DFA8C884BBEB7B9FF45314F144429E951EB2E1D778E941CB91
                                                                        Function 008A948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ObjectSelect$BeginCreatePath
                                                                        • String ID:
                                                                        • API String ID: 3225163088-0
                                                                        • Opcode ID: 6085ff2506db088b20c7c5a03fe3925442d3a5cb2c9821974ed04c834f2bcd9d
                                                                        • Instruction ID: a1145ac603871512a19b94177d030b28bc5be733185f826afa8610ddd4937af2
                                                                        • Opcode Fuzzy Hash: 6085ff2506db088b20c7c5a03fe3925442d3a5cb2c9821974ed04c834f2bcd9d
                                                                        • Instruction Fuzzy Hash: 8A913471D08219EFDB10CFA9C885AEEBBB9FF4A320F148049E555F7251D374AA42CB60
                                                                        Function 00913947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VariantInit.OLEAUT32(?), ref: 0091396B
                                                                        • CharUpperBuffW.USER32(?,?), ref: 00913A7A
                                                                        • _wcslen.LIBCMT ref: 00913A8A
                                                                        • VariantClear.OLEAUT32(?), ref: 00913C1F
                                                                          • Part of subcall function 00900CDF: VariantInit.OLEAUT32(00000000), ref: 00900D1F
                                                                          • Part of subcall function 00900CDF: VariantCopy.OLEAUT32(?,?), ref: 00900D28
                                                                          • Part of subcall function 00900CDF: VariantClear.OLEAUT32(?), ref: 00900D34
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                        • API String ID: 4137639002-1221869570
                                                                        • Opcode ID: b3850bff612c7dbd9565f82ba8f1c289244026ba0c9ec44c6690a987c8a6926e
                                                                        • Instruction ID: 732dc732ba238b740dc02f7b86bf293bf638c2e96c937c632ea5b7752f5665f0
                                                                        • Opcode Fuzzy Hash: b3850bff612c7dbd9565f82ba8f1c289244026ba0c9ec44c6690a987c8a6926e
                                                                        • Instruction Fuzzy Hash: 6A9126746083059FCB14EF28C4809AAB7E8FF89314F14892DF89A97351DB30EE45CB92
                                                                        Function 00914BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008F000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?,?,008F035E), ref: 008F002B
                                                                          • Part of subcall function 008F000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?), ref: 008F0046
                                                                          • Part of subcall function 008F000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?), ref: 008F0054
                                                                          • Part of subcall function 008F000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?), ref: 008F0064
                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00914C51
                                                                        • _wcslen.LIBCMT ref: 00914D59
                                                                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00914DCF
                                                                        • CoTaskMemFree.OLE32(?), ref: 00914DDA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                        • String ID: NULL Pointer assignment
                                                                        • API String ID: 614568839-2785691316
                                                                        • Opcode ID: f4787ded3262c71f9a48ab0330593c2ea8c66c47bb5a0e0a42983c66f31f1953
                                                                        • Instruction ID: 7c58e249d08aba12c737af15b8ae531fad84510eb952425e47a8e2c47637133a
                                                                        • Opcode Fuzzy Hash: f4787ded3262c71f9a48ab0330593c2ea8c66c47bb5a0e0a42983c66f31f1953
                                                                        • Instruction Fuzzy Hash: 86911671D0021DAFDF14DFA4D891AEEB7B9FF08310F108569E915A7291EB349A44CFA1
                                                                        Function 009220FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetMenu.USER32(?), ref: 00922183
                                                                        • GetMenuItemCount.USER32(00000000), ref: 009221B5
                                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 009221DD
                                                                        • _wcslen.LIBCMT ref: 00922213
                                                                        • GetMenuItemID.USER32(?,?), ref: 0092224D
                                                                        • GetSubMenu.USER32(?,?), ref: 0092225B
                                                                          • Part of subcall function 008F3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 008F3A57
                                                                          • Part of subcall function 008F3A3D: GetCurrentThreadId.KERNEL32 ref: 008F3A5E
                                                                          • Part of subcall function 008F3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008F25B3), ref: 008F3A65
                                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 009222E3
                                                                          • Part of subcall function 008FE97B: Sleep.KERNEL32 ref: 008FE9F3
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                        • String ID:
                                                                        • API String ID: 4196846111-0
                                                                        • Opcode ID: e64fd92959f2c3744d200ab6e96c4066a1cdd0960ec02ba1c3f60f7f1b50aa58
                                                                        • Instruction ID: bd33319314f0ca079cb8be9c1da693646763d9b62e369a2f5d24e917e0298903
                                                                        • Opcode Fuzzy Hash: e64fd92959f2c3744d200ab6e96c4066a1cdd0960ec02ba1c3f60f7f1b50aa58
                                                                        • Instruction Fuzzy Hash: 6771CF75A04215EFCB14EFA8D881AAEB7F5FF48310F148458E926EB355DB35EE018B90
                                                                        Function 00927E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • IsWindow.USER32(010D55A0), ref: 00927F37
                                                                        • IsWindowEnabled.USER32(010D55A0), ref: 00927F43
                                                                        • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0092801E
                                                                        • SendMessageW.USER32(010D55A0,000000B0,?,?), ref: 00928051
                                                                        • IsDlgButtonChecked.USER32(?,?), ref: 00928089
                                                                        • GetWindowLongW.USER32(010D55A0,000000EC), ref: 009280AB
                                                                        • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 009280C3
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                        • String ID:
                                                                        • API String ID: 4072528602-0
                                                                        • Opcode ID: 85b186346edee454a762078b45dd2ded26b9df1c0b41c03eec2a89fcba33626b
                                                                        • Instruction ID: 373a4acfe1128064269708c3973d68d8ac363e24c30fee13a76b4324c2cb5ee0
                                                                        • Opcode Fuzzy Hash: 85b186346edee454a762078b45dd2ded26b9df1c0b41c03eec2a89fcba33626b
                                                                        • Instruction Fuzzy Hash: E771C27460D224AFEB209F94ED84FFABBB9FF09300F140459F945A72A9CB31A845DB11
                                                                        Function 008FAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetParent.USER32(?), ref: 008FAEF9
                                                                        • GetKeyboardState.USER32(?), ref: 008FAF0E
                                                                        • SetKeyboardState.USER32(?), ref: 008FAF6F
                                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 008FAF9D
                                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 008FAFBC
                                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 008FAFFD
                                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 008FB020
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                        • String ID:
                                                                        • API String ID: 87235514-0
                                                                        • Opcode ID: 634bb1e444bd1849c31ddfbc6d8d9a6361e9ea2c103833bd2436081605173ce1
                                                                        • Instruction ID: 9e2a8b006d06ee5c0f006963ffa10fea6fb79e6d347324b9c7defab91ca16186
                                                                        • Opcode Fuzzy Hash: 634bb1e444bd1849c31ddfbc6d8d9a6361e9ea2c103833bd2436081605173ce1
                                                                        • Instruction Fuzzy Hash: A751E5E06147D93DFB364234CC45BBA7EA9FB06314F088589E2E9D94C2C798ACC4D761
                                                                        Function 008FACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetParent.USER32(00000000), ref: 008FAD19
                                                                        • GetKeyboardState.USER32(?), ref: 008FAD2E
                                                                        • SetKeyboardState.USER32(?), ref: 008FAD8F
                                                                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 008FADBB
                                                                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 008FADD8
                                                                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 008FAE17
                                                                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 008FAE38
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                        • String ID:
                                                                        • API String ID: 87235514-0
                                                                        • Opcode ID: 7d1205352a24a88b5dfce8c98c2bcc08cf9a2cef759970da1931f1d2d9979aea
                                                                        • Instruction ID: 7b0839f7c07967f6f479c16071f6c086473e423640365580cbdbde8624a40e60
                                                                        • Opcode Fuzzy Hash: 7d1205352a24a88b5dfce8c98c2bcc08cf9a2cef759970da1931f1d2d9979aea
                                                                        • Instruction Fuzzy Hash: 9651E6E15047D93DFB3A9334CC85B7A7EA9FB45310F088488E2D9D68C2D294EC88D762
                                                                        Function 008C542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetConsoleCP.KERNEL32(008D3CD6,?,?,?,?,?,?,?,?,008C5BA3,?,?,008D3CD6,?,?), ref: 008C5470
                                                                        • __fassign.LIBCMT ref: 008C54EB
                                                                        • __fassign.LIBCMT ref: 008C5506
                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,008D3CD6,00000005,00000000,00000000), ref: 008C552C
                                                                        • WriteFile.KERNEL32(?,008D3CD6,00000000,008C5BA3,00000000,?,?,?,?,?,?,?,?,?,008C5BA3,?), ref: 008C554B
                                                                        • WriteFile.KERNEL32(?,?,00000001,008C5BA3,00000000,?,?,?,?,?,?,?,?,?,008C5BA3,?), ref: 008C5584
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                        • String ID:
                                                                        • API String ID: 1324828854-0
                                                                        • Opcode ID: b6293a5b8226746dfd527460bfd9587047d9121c07c37967c770679e460e58a9
                                                                        • Instruction ID: b592460fed2bca848e05c41f4c8fd21d8996e41d5ba95262b13059c7a138133f
                                                                        • Opcode Fuzzy Hash: b6293a5b8226746dfd527460bfd9587047d9121c07c37967c770679e460e58a9
                                                                        • Instruction Fuzzy Hash: E4518BB0A04609AFDF10CFA8D895FEEBBB9FB09300F14451EE555E7291D670EA81CB60
                                                                        Function 008B2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _ValidateLocalCookies.LIBCMT ref: 008B2D4B
                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 008B2D53
                                                                        • _ValidateLocalCookies.LIBCMT ref: 008B2DE1
                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 008B2E0C
                                                                        • _ValidateLocalCookies.LIBCMT ref: 008B2E61
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                        • String ID: csm
                                                                        • API String ID: 1170836740-1018135373
                                                                        • Opcode ID: e66edebde9864b0690a57c6b9f7bd209fab6d175a2fc7030b0ff66a0ef9a2691
                                                                        • Instruction ID: dc2cb48e3bed56a5415cf978573bb71bc58f26813bf0c546020e8e3c9d08ffd9
                                                                        • Opcode Fuzzy Hash: e66edebde9864b0690a57c6b9f7bd209fab6d175a2fc7030b0ff66a0ef9a2691
                                                                        • Instruction Fuzzy Hash: 25418034A0020DABCF10DF69C855ADEBBA5FF45328F188165E815EB392D731AA15CB91
                                                                        Function 009110B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 0091304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0091307A
                                                                          • Part of subcall function 0091304E: _wcslen.LIBCMT ref: 0091309B
                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00911112
                                                                        • WSAGetLastError.WSOCK32 ref: 00911121
                                                                        • WSAGetLastError.WSOCK32 ref: 009111C9
                                                                        • closesocket.WSOCK32(00000000), ref: 009111F9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                        • String ID:
                                                                        • API String ID: 2675159561-0
                                                                        • Opcode ID: e9aa77a039887a0dd765558acdf8bd0122ff19a201c9d8a5e5cb14c40b640f3b
                                                                        • Instruction ID: 22a35a41bc04913a2de8b766ffa6354d49273f3df5d95f505aa87a030de26cf3
                                                                        • Opcode Fuzzy Hash: e9aa77a039887a0dd765558acdf8bd0122ff19a201c9d8a5e5cb14c40b640f3b
                                                                        • Instruction Fuzzy Hash: 4F41C171704208BFDB209F18D884BEABBE9FF45324F148059FA199B291D774AD81CBA1
                                                                        Function 008FCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008FDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,008FCF22,?), ref: 008FDDFD
                                                                          • Part of subcall function 008FDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,008FCF22,?), ref: 008FDE16
                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 008FCF45
                                                                        • MoveFileW.KERNEL32(?,?), ref: 008FCF7F
                                                                        • _wcslen.LIBCMT ref: 008FD005
                                                                        • _wcslen.LIBCMT ref: 008FD01B
                                                                        • SHFileOperationW.SHELL32(?), ref: 008FD061
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                        • String ID: \*.*
                                                                        • API String ID: 3164238972-1173974218
                                                                        • Opcode ID: c880c18f76dd0ba268155bc24e5077ee26de3664f8bcc1b405367984ea6d4f50
                                                                        • Instruction ID: edcf2192ab8c5ca1cb3eaa2f4f0cca250430c6179b4fc351566481e6e1f45ccd
                                                                        • Opcode Fuzzy Hash: c880c18f76dd0ba268155bc24e5077ee26de3664f8bcc1b405367984ea6d4f50
                                                                        • Instruction Fuzzy Hash: 8841437194521C5FDF12EBB4CA81AEEB7B9FF48380F1000A6E605EB151EE74A785CB51
                                                                        Function 00922DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00922E1C
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00922E4F
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00922E84
                                                                        • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00922EB6
                                                                        • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00922EE0
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00922EF1
                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00922F0B
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: LongWindow$MessageSend
                                                                        • String ID:
                                                                        • API String ID: 2178440468-0
                                                                        • Opcode ID: 6a92ed916b0888ba1bc6f5b2d4d497c43ef927f246aff564aadca37a0e3cb071
                                                                        • Instruction ID: e01ae4b2c0cdd4ce06c9183b634a134414fd44c1c187d16810481b9aef96ed76
                                                                        • Opcode Fuzzy Hash: 6a92ed916b0888ba1bc6f5b2d4d497c43ef927f246aff564aadca37a0e3cb071
                                                                        • Instruction Fuzzy Hash: 83310630619161AFDB21CF58EC84F6937E5FB9A710F1A0164F9118F2B5CBB1A841EF41
                                                                        Function 008F7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008F7769
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008F778F
                                                                        • SysAllocString.OLEAUT32(00000000), ref: 008F7792
                                                                        • SysAllocString.OLEAUT32(?), ref: 008F77B0
                                                                        • SysFreeString.OLEAUT32(?), ref: 008F77B9
                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 008F77DE
                                                                        • SysAllocString.OLEAUT32(?), ref: 008F77EC
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                        • String ID:
                                                                        • API String ID: 3761583154-0
                                                                        • Opcode ID: 12071aa042cc5bd3fa8be69ca257ebede6ae3078d765caf0b96d62713fc42fac
                                                                        • Instruction ID: e9e6fc68a0eb46b68f965b5e33d84bc5698acfb6ee08f82ada5813b1ff1a96f9
                                                                        • Opcode Fuzzy Hash: 12071aa042cc5bd3fa8be69ca257ebede6ae3078d765caf0b96d62713fc42fac
                                                                        • Instruction Fuzzy Hash: E7217F7661821DAFEB10AFB8DC88CBB77ACFB097647148025FA15DB161D6709C428BA4
                                                                        Function 008F77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008F7842
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008F7868
                                                                        • SysAllocString.OLEAUT32(00000000), ref: 008F786B
                                                                        • SysAllocString.OLEAUT32 ref: 008F788C
                                                                        • SysFreeString.OLEAUT32 ref: 008F7895
                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 008F78AF
                                                                        • SysAllocString.OLEAUT32(?), ref: 008F78BD
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                        • String ID:
                                                                        • API String ID: 3761583154-0
                                                                        • Opcode ID: d4702816f8eee410bc6c1e864a28f90a2b512b79ce21aea4687366f77060566e
                                                                        • Instruction ID: 106eef1435e90334adef503a7c21a74bacd9e414670f5ecc175c18d1fa6a5dbd
                                                                        • Opcode Fuzzy Hash: d4702816f8eee410bc6c1e864a28f90a2b512b79ce21aea4687366f77060566e
                                                                        • Instruction Fuzzy Hash: 56216571618108AFEB10AFB8DC89DBA77ECFB097607108135FA15CB1A1D674DC41DB68
                                                                        Function 009004D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetStdHandle.KERNEL32(0000000C), ref: 009004F2
                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0090052E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CreateHandlePipe
                                                                        • String ID: nul
                                                                        • API String ID: 1424370930-2873401336
                                                                        • Opcode ID: d3246833ab0382e81860d8326f21dec78413d79018fcee45a3de75b83d72e244
                                                                        • Instruction ID: f1143f5d1943ad830d9958046cbb5bf798e4b3ed53822f8a4bb72b7ea8ef79bf
                                                                        • Opcode Fuzzy Hash: d3246833ab0382e81860d8326f21dec78413d79018fcee45a3de75b83d72e244
                                                                        • Instruction Fuzzy Hash: 322148B5500205AFDB209F2ADC45B9E7BF8AF85724F204A29F8A1D62E0E7709951DF20
                                                                        Function 009005A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 009005C6
                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00900601
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CreateHandlePipe
                                                                        • String ID: nul
                                                                        • API String ID: 1424370930-2873401336
                                                                        • Opcode ID: 190284e45730e21fa3af0b0b23c80e2a3e00c1037b4c5f2655fcf02a371b6645
                                                                        • Instruction ID: f2bf7810041671630fa85112cfae38be9079d18335776ad754fba35c4ef967b2
                                                                        • Opcode Fuzzy Hash: 190284e45730e21fa3af0b0b23c80e2a3e00c1037b4c5f2655fcf02a371b6645
                                                                        • Instruction Fuzzy Hash: 44218E755003059FDB209F69DC04B9A77E9AFD5B20F200B19F8A1E72E0DBB199A1DB20
                                                                        Function 009240AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 0089600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0089604C
                                                                          • Part of subcall function 0089600E: GetStockObject.GDI32(00000011), ref: 00896060
                                                                          • Part of subcall function 0089600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0089606A
                                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00924112
                                                                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0092411F
                                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0092412A
                                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00924139
                                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00924145
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$CreateObjectStockWindow
                                                                        • String ID: Msctls_Progress32
                                                                        • API String ID: 1025951953-3636473452
                                                                        • Opcode ID: 64fd43cc0ddeb635a593b48e198abb2fcaa461eb1be92149fb2b8a4aa9891e83
                                                                        • Instruction ID: 0efd9c9b96ac09b85b2a438241979306f9ca557c9472af2ace9f678fb67c96b7
                                                                        • Opcode Fuzzy Hash: 64fd43cc0ddeb635a593b48e198abb2fcaa461eb1be92149fb2b8a4aa9891e83
                                                                        • Instruction Fuzzy Hash: EA11B6B11502297EEF119F64DC85EE77F5DEF18798F014110FA18A2090C7729C61DBA4
                                                                        Function 008CD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008CD7A3: _free.LIBCMT ref: 008CD7CC
                                                                        • _free.LIBCMT ref: 008CD82D
                                                                          • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                          • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                        • _free.LIBCMT ref: 008CD838
                                                                        • _free.LIBCMT ref: 008CD843
                                                                        • _free.LIBCMT ref: 008CD897
                                                                        • _free.LIBCMT ref: 008CD8A2
                                                                        • _free.LIBCMT ref: 008CD8AD
                                                                        • _free.LIBCMT ref: 008CD8B8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                        • String ID:
                                                                        • API String ID: 776569668-0
                                                                        • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                        • Instruction ID: 65305edde989446064f66b714a0c882fc34282cb9b7e0cf5fa8ba4d96dc5e5ed
                                                                        • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                        • Instruction Fuzzy Hash: 4511F971540B04AAD621BFB4CC46FCB7BBCFF04700F40982DB29DE6892DA75E5098662
                                                                        Function 008FDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 008FDA74
                                                                        • LoadStringW.USER32(00000000), ref: 008FDA7B
                                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 008FDA91
                                                                        • LoadStringW.USER32(00000000), ref: 008FDA98
                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 008FDADC
                                                                        Strings
                                                                        • %s (%d) : ==> %s: %s %s, xrefs: 008FDAB9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: HandleLoadModuleString$Message
                                                                        • String ID: %s (%d) : ==> %s: %s %s
                                                                        • API String ID: 4072794657-3128320259
                                                                        • Opcode ID: 1eeec99c28fbeff39b36ddf685a2f3e0182db3c69b347328bbcdf80824dfb73a
                                                                        • Instruction ID: 0f781f505ab670d052c7447d9473b38d5f222099a1790ee591523d8b73c74d20
                                                                        • Opcode Fuzzy Hash: 1eeec99c28fbeff39b36ddf685a2f3e0182db3c69b347328bbcdf80824dfb73a
                                                                        • Instruction Fuzzy Hash: 4E0162F25042187FE720DBA49D89EFF326CEB08305F400492B746E2041E6749E854F74
                                                                        Function 0090096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • InterlockedExchange.KERNEL32(010CDF78,010CDF78), ref: 0090097B
                                                                        • EnterCriticalSection.KERNEL32(010CDF58,00000000), ref: 0090098D
                                                                        • TerminateThread.KERNEL32(?,000001F6), ref: 0090099B
                                                                        • WaitForSingleObject.KERNEL32(?,000003E8), ref: 009009A9
                                                                        • CloseHandle.KERNEL32(?), ref: 009009B8
                                                                        • InterlockedExchange.KERNEL32(010CDF78,000001F6), ref: 009009C8
                                                                        • LeaveCriticalSection.KERNEL32(010CDF58), ref: 009009CF
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                        • String ID:
                                                                        • API String ID: 3495660284-0
                                                                        • Opcode ID: 857520afe34f80b9ab1e3fef3c817f6b7e41565e80696c08059e1791fc34165d
                                                                        • Instruction ID: 3e491ae7e93b7133c74f047f371676d6d0f796818ebf393d6248bda8b118b5f8
                                                                        • Opcode Fuzzy Hash: 857520afe34f80b9ab1e3fef3c817f6b7e41565e80696c08059e1791fc34165d
                                                                        • Instruction Fuzzy Hash: 62F01D7145A902EBD7615B94EE89BDA7A29BF41702F501015F111508A1CB749466DF90
                                                                        Function 00895D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetClientRect.USER32(?,?), ref: 00895D30
                                                                        • GetWindowRect.USER32(?,?), ref: 00895D71
                                                                        • ScreenToClient.USER32(?,?), ref: 00895D99
                                                                        • GetClientRect.USER32(?,?), ref: 00895ED7
                                                                        • GetWindowRect.USER32(?,?), ref: 00895EF8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$Client$Window$Screen
                                                                        • String ID:
                                                                        • API String ID: 1296646539-0
                                                                        • Opcode ID: 75fe73657812472fcfa438f4c16d93a1e25eab13ebe0414d0f4fc8233774502d
                                                                        • Instruction ID: 8396b3010a3de0f5c93e6b5f9602ba207206a21549e88e703b69f4cf05750eb1
                                                                        • Opcode Fuzzy Hash: 75fe73657812472fcfa438f4c16d93a1e25eab13ebe0414d0f4fc8233774502d
                                                                        • Instruction Fuzzy Hash: 41B16875A00A4ADBDF10DFA9C4807EEB7F1FF48310F18951AE8AAD7250DB30AA51DB50
                                                                        Function 008C01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • __allrem.LIBCMT ref: 008C00BA
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008C00D6
                                                                        • __allrem.LIBCMT ref: 008C00ED
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008C010B
                                                                        • __allrem.LIBCMT ref: 008C0122
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008C0140
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                        • String ID:
                                                                        • API String ID: 1992179935-0
                                                                        • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                        • Instruction ID: c81cc3136cad4843ebe30626d44e2ad55db3a3b3989d4093b199840fd3171e95
                                                                        • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                        • Instruction Fuzzy Hash: 2281B471A00B069BE7249E6CCC42FAAB3F9FF51764F24452EF551D6782EB70D9008B51
                                                                        Function 00911D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00913149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,0091101C,00000000,?,?,00000000), ref: 00913195
                                                                        • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00911DC0
                                                                        • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00911DE1
                                                                        • WSAGetLastError.WSOCK32 ref: 00911DF2
                                                                        • inet_ntoa.WSOCK32(?), ref: 00911E8C
                                                                        • htons.WSOCK32(?,?,?,?,?), ref: 00911EDB
                                                                        • _strlen.LIBCMT ref: 00911F35
                                                                          • Part of subcall function 008F39E8: _strlen.LIBCMT ref: 008F39F2
                                                                          • Part of subcall function 00896D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,008ACF58,?,?,?), ref: 00896DBA
                                                                          • Part of subcall function 00896D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,008ACF58,?,?,?), ref: 00896DED
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                        • String ID:
                                                                        • API String ID: 1923757996-0
                                                                        • Opcode ID: afb939571c2262a2f97cb6cbfd918be0666b9f5741bc0a58d5b0160fdd76c998
                                                                        • Instruction ID: 49832cb3fde4ba7ce59634fcf4242567cce31c80b7e857fde78319ba4131023f
                                                                        • Opcode Fuzzy Hash: afb939571c2262a2f97cb6cbfd918be0666b9f5741bc0a58d5b0160fdd76c998
                                                                        • Instruction Fuzzy Hash: 93A1D531204304AFD714EF24C885E6A77A5FF85318F54494CF5569B2A2DB71ED82CB92
                                                                        Function 008C61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,008B82D9,008B82D9,?,?,?,008C644F,00000001,00000001,8BE85006), ref: 008C6258
                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,008C644F,00000001,00000001,8BE85006,?,?,?), ref: 008C62DE
                                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 008C63D8
                                                                        • __freea.LIBCMT ref: 008C63E5
                                                                          • Part of subcall function 008C3820: RtlAllocateHeap.NTDLL(00000000,?,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6,?,00891129), ref: 008C3852
                                                                        • __freea.LIBCMT ref: 008C63EE
                                                                        • __freea.LIBCMT ref: 008C6413
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1414292761-0
                                                                        • Opcode ID: b77d8afe14024f8bc1b8176401cf181ed45c23648e5510c59450eaf90c41e8f8
                                                                        • Instruction ID: 00a6fa6a01e98331b076555144ebd437dc84c57c9b8fbbb4d7d8c6cb67bc86a7
                                                                        • Opcode Fuzzy Hash: b77d8afe14024f8bc1b8176401cf181ed45c23648e5510c59450eaf90c41e8f8
                                                                        • Instruction Fuzzy Hash: 9651AB72A00256ABEB258E74CC81FAF7BB9FB44750F14463DF805D6281EB34DC61D6A0
                                                                        Function 0091BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                          • Part of subcall function 0091C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0091B6AE,?,?), ref: 0091C9B5
                                                                          • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091C9F1
                                                                          • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA68
                                                                          • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA9E
                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0091BCCA
                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0091BD25
                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0091BD6A
                                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0091BD99
                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0091BDF3
                                                                        • RegCloseKey.ADVAPI32(?), ref: 0091BDFF
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                        • String ID:
                                                                        • API String ID: 1120388591-0
                                                                        • Opcode ID: 84f6ffe7b22d6a1e86538677a4491dee33b7280c5f054d98896989178a5b8db1
                                                                        • Instruction ID: 5a435f89c20372edb4b16ee94332493d9d3bb5f2c903e5320d383da0a214bfc5
                                                                        • Opcode Fuzzy Hash: 84f6ffe7b22d6a1e86538677a4491dee33b7280c5f054d98896989178a5b8db1
                                                                        • Instruction Fuzzy Hash: 9881A270208245EFD714DF28C895E6ABBE9FF84308F14895CF5958B2A2DB31ED45CB92
                                                                        Function 008EF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VariantInit.OLEAUT32(00000035), ref: 008EF7B9
                                                                        • SysAllocString.OLEAUT32(00000001), ref: 008EF860
                                                                        • VariantCopy.OLEAUT32(008EFA64,00000000), ref: 008EF889
                                                                        • VariantClear.OLEAUT32(008EFA64), ref: 008EF8AD
                                                                        • VariantCopy.OLEAUT32(008EFA64,00000000), ref: 008EF8B1
                                                                        • VariantClear.OLEAUT32(?), ref: 008EF8BB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearCopy$AllocInitString
                                                                        • String ID:
                                                                        • API String ID: 3859894641-0
                                                                        • Opcode ID: be04dd2ed8602ffa6ca4477e511721213669eb108ffa2620ce914851ad17f4f5
                                                                        • Instruction ID: 9ca8350f74e326352851bafe0a91b227ea8cc2988ec26141465bb7de48c4b8db
                                                                        • Opcode Fuzzy Hash: be04dd2ed8602ffa6ca4477e511721213669eb108ffa2620ce914851ad17f4f5
                                                                        • Instruction Fuzzy Hash: C151D431610354ABDF20BB6AD895B29B7A8FF47314B248466FA05DF293DB708C40CB97
                                                                        Function 0090910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00897620: _wcslen.LIBCMT ref: 00897625
                                                                          • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                        • GetOpenFileNameW.COMDLG32(00000058), ref: 009094E5
                                                                        • _wcslen.LIBCMT ref: 00909506
                                                                        • _wcslen.LIBCMT ref: 0090952D
                                                                        • GetSaveFileNameW.COMDLG32(00000058), ref: 00909585
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _wcslen$FileName$OpenSave
                                                                        • String ID: X
                                                                        • API String ID: 83654149-3081909835
                                                                        • Opcode ID: fa6ef8c98e497d4a78fa9030cfa202813761225ab9371ec8dcb3b5d5ae2eb31c
                                                                        • Instruction ID: b7740c51931fb2979f0764ffea68850a5093cfaeff8d4979e81854ff00d0900b
                                                                        • Opcode Fuzzy Hash: fa6ef8c98e497d4a78fa9030cfa202813761225ab9371ec8dcb3b5d5ae2eb31c
                                                                        • Instruction Fuzzy Hash: 3AE18471508301DFDB14EF29C881A6AB7E4FF85314F08896DF8999B2A2DB31DD05CB92
                                                                        Function 008A920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                        • BeginPaint.USER32(?,?,?), ref: 008A9241
                                                                        • GetWindowRect.USER32(?,?), ref: 008A92A5
                                                                        • ScreenToClient.USER32(?,?), ref: 008A92C2
                                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 008A92D3
                                                                        • EndPaint.USER32(?,?,?,?,?), ref: 008A9321
                                                                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 008E71EA
                                                                          • Part of subcall function 008A9339: BeginPath.GDI32(00000000), ref: 008A9357
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                        • String ID:
                                                                        • API String ID: 3050599898-0
                                                                        • Opcode ID: 7045db4160a6d269ecc37e10f43e2ccfc2cb958844391962f9e1a39199f66b83
                                                                        • Instruction ID: 6514513352579e1f14233a119fc3ae45abc0ff542154cfd4ba8e7777d833efe3
                                                                        • Opcode Fuzzy Hash: 7045db4160a6d269ecc37e10f43e2ccfc2cb958844391962f9e1a39199f66b83
                                                                        • Instruction Fuzzy Hash: 3F41AE7010D301AFEB20DF25D885FAA7BB8FF46764F140269F9A4C72A1C7719845EB62
                                                                        Function 009007EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 0090080C
                                                                        • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00900847
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00900863
                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 009008DC
                                                                        • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 009008F3
                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 00900921
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                        • String ID:
                                                                        • API String ID: 3368777196-0
                                                                        • Opcode ID: fe952ece940d459445f49e953e6522656d9a5ad5c592bee6ee162fe375a9f0e2
                                                                        • Instruction ID: cfbdb0ef9748b209feeb7fee04a916a0aea0e29fca6a5fc4e73856daf9881cb0
                                                                        • Opcode Fuzzy Hash: fe952ece940d459445f49e953e6522656d9a5ad5c592bee6ee162fe375a9f0e2
                                                                        • Instruction Fuzzy Hash: E5415A71900205EFEF149F94DC85AAA77B8FF44300F1480A5ED00DA297DB31DE65DBA5
                                                                        Function 009281DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,008EF3AB,00000000,?,?,00000000,?,008E682C,00000004,00000000,00000000), ref: 0092824C
                                                                        • EnableWindow.USER32(?,00000000), ref: 00928272
                                                                        • ShowWindow.USER32(FFFFFFFF,00000000), ref: 009282D1
                                                                        • ShowWindow.USER32(?,00000004), ref: 009282E5
                                                                        • EnableWindow.USER32(?,00000001), ref: 0092830B
                                                                        • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0092832F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Show$Enable$MessageSend
                                                                        • String ID:
                                                                        • API String ID: 642888154-0
                                                                        • Opcode ID: c9cc1d86644e4ef5560025918ff80869896e6772d6c14bdcb9c724e0c676af7c
                                                                        • Instruction ID: 68e1a8ed01fa9429796503f7057bec6fe4284c1b8f665c5e4bb68997936aa214
                                                                        • Opcode Fuzzy Hash: c9cc1d86644e4ef5560025918ff80869896e6772d6c14bdcb9c724e0c676af7c
                                                                        • Instruction Fuzzy Hash: 5041F430606650EFDB25CF14E899BE97BE4FF0A754F1842A8E5184F2B6CB72A841DF50
                                                                        Function 008F4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • IsWindowVisible.USER32(?), ref: 008F4C95
                                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 008F4CB2
                                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 008F4CEA
                                                                        • _wcslen.LIBCMT ref: 008F4D08
                                                                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 008F4D10
                                                                        • _wcsstr.LIBVCRUNTIME ref: 008F4D1A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                        • String ID:
                                                                        • API String ID: 72514467-0
                                                                        • Opcode ID: 38b3818242269a3227acffd7ebaae0c59e630504d9b9df232f88076236661b6f
                                                                        • Instruction ID: 537b091b17044012b5dba95419939518f53c69d59044c6dab0b6eedbfb7e1e35
                                                                        • Opcode Fuzzy Hash: 38b3818242269a3227acffd7ebaae0c59e630504d9b9df232f88076236661b6f
                                                                        • Instruction Fuzzy Hash: 532129712042097BFB256B799C09E7F7B9CFF45750F10502AFA05CA192DA75DC0192A1
                                                                        Function 0090581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00893AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00893A97,?,?,00892E7F,?,?,?,00000000), ref: 00893AC2
                                                                        • _wcslen.LIBCMT ref: 0090587B
                                                                        • CoInitialize.OLE32(00000000), ref: 00905995
                                                                        • CoCreateInstance.OLE32(0092FCF8,00000000,00000001,0092FB68,?), ref: 009059AE
                                                                        • CoUninitialize.OLE32 ref: 009059CC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                        • String ID: .lnk
                                                                        • API String ID: 3172280962-24824748
                                                                        • Opcode ID: aea3980d4193be85dd1a5700f45b741ef75db5cc2d60cd1b7a08ee89e5957a29
                                                                        • Instruction ID: 27cea194cf9f5b5c9a96783e697fa603594365ea1c7ba99399ed329dd8538d89
                                                                        • Opcode Fuzzy Hash: aea3980d4193be85dd1a5700f45b741ef75db5cc2d60cd1b7a08ee89e5957a29
                                                                        • Instruction Fuzzy Hash: 90D143716086019FCB14EF18C480A2BBBE5FF89714F568859F8999B3A1DB31EC45CF92
                                                                        Function 008F175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008F0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 008F0FCA
                                                                          • Part of subcall function 008F0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 008F0FD6
                                                                          • Part of subcall function 008F0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 008F0FE5
                                                                          • Part of subcall function 008F0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 008F0FEC
                                                                          • Part of subcall function 008F0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 008F1002
                                                                        • GetLengthSid.ADVAPI32(?,00000000,008F1335), ref: 008F17AE
                                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 008F17BA
                                                                        • HeapAlloc.KERNEL32(00000000), ref: 008F17C1
                                                                        • CopySid.ADVAPI32(00000000,00000000,?), ref: 008F17DA
                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,008F1335), ref: 008F17EE
                                                                        • HeapFree.KERNEL32(00000000), ref: 008F17F5
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                        • String ID:
                                                                        • API String ID: 3008561057-0
                                                                        • Opcode ID: dfc1f61f9a236aec6525dd39800802a12a59efc8a2ea54b51a6f13e3b30f3348
                                                                        • Instruction ID: 1b99460e19df00db4ffe5b25b3e6dcba58ed969b77b093cf764619e6d1fe5346
                                                                        • Opcode Fuzzy Hash: dfc1f61f9a236aec6525dd39800802a12a59efc8a2ea54b51a6f13e3b30f3348
                                                                        • Instruction Fuzzy Hash: 6A119A71914209EFDF20AFA4CC4ABBF7BA9FB41355F104018F545D7215C735A945DB60
                                                                        Function 008F14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 008F14FF
                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 008F1506
                                                                        • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 008F1515
                                                                        • CloseHandle.KERNEL32(00000004), ref: 008F1520
                                                                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 008F154F
                                                                        • DestroyEnvironmentBlock.USERENV(00000000), ref: 008F1563
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                        • String ID:
                                                                        • API String ID: 1413079979-0
                                                                        • Opcode ID: fe1ac81b5291865aeff939b341a7f2d619fe872d39148d741aca4907ad429fb5
                                                                        • Instruction ID: 8ac34d0e7f981c7a833ef3dd89a91aa7e36b518aa7c59537b7e9f8763331c4bd
                                                                        • Opcode Fuzzy Hash: fe1ac81b5291865aeff939b341a7f2d619fe872d39148d741aca4907ad429fb5
                                                                        • Instruction Fuzzy Hash: A21117B250424DEBDF218FA8DD49BEE7BA9FF48748F144015FA05E2060C3758E65AB64
                                                                        Function 008B3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetLastError.KERNEL32(?,?,008B3379,008B2FE5), ref: 008B3390
                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008B339E
                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008B33B7
                                                                        • SetLastError.KERNEL32(00000000,?,008B3379,008B2FE5), ref: 008B3409
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLastValue___vcrt_
                                                                        • String ID:
                                                                        • API String ID: 3852720340-0
                                                                        • Opcode ID: 9725498b3e9ce272ab320201ede4a67ffa3245bf5d7cb25f097bb5743ccaf592
                                                                        • Instruction ID: f3843b94d3eb060816aeb731c0f98f05000390a25617de0180a93676b6062eab
                                                                        • Opcode Fuzzy Hash: 9725498b3e9ce272ab320201ede4a67ffa3245bf5d7cb25f097bb5743ccaf592
                                                                        • Instruction Fuzzy Hash: B4014C7321C711BEAA242779BC86AD72F94FB2937A7200229F410C13F1FF114D06B244
                                                                        Function 008C2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetLastError.KERNEL32(?,?,008C5686,008D3CD6,?,00000000,?,008C5B6A,?,?,?,?,?,008BE6D1,?,00958A48), ref: 008C2D78
                                                                        • _free.LIBCMT ref: 008C2DAB
                                                                        • _free.LIBCMT ref: 008C2DD3
                                                                        • SetLastError.KERNEL32(00000000,?,?,?,?,008BE6D1,?,00958A48,00000010,00894F4A,?,?,00000000,008D3CD6), ref: 008C2DE0
                                                                        • SetLastError.KERNEL32(00000000,?,?,?,?,008BE6D1,?,00958A48,00000010,00894F4A,?,?,00000000,008D3CD6), ref: 008C2DEC
                                                                        • _abort.LIBCMT ref: 008C2DF2
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLast$_free$_abort
                                                                        • String ID:
                                                                        • API String ID: 3160817290-0
                                                                        • Opcode ID: 785c01de04452403a343c4518a5c8f9f56ce4cdde33b170d693e484e2a4c01f2
                                                                        • Instruction ID: acfbf2508c6e3fe008dd9abc01ae59dac748481b46037c1a828bde75ceb8407c
                                                                        • Opcode Fuzzy Hash: 785c01de04452403a343c4518a5c8f9f56ce4cdde33b170d693e484e2a4c01f2
                                                                        • Instruction Fuzzy Hash: D5F0A471508B056BC622773DBC06F1E2679FBD17A6F24451CF925D21D2EF34C8065162
                                                                        Function 00928A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008A9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 008A9693
                                                                          • Part of subcall function 008A9639: SelectObject.GDI32(?,00000000), ref: 008A96A2
                                                                          • Part of subcall function 008A9639: BeginPath.GDI32(?), ref: 008A96B9
                                                                          • Part of subcall function 008A9639: SelectObject.GDI32(?,00000000), ref: 008A96E2
                                                                        • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00928A4E
                                                                        • LineTo.GDI32(?,00000003,00000000), ref: 00928A62
                                                                        • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00928A70
                                                                        • LineTo.GDI32(?,00000000,00000003), ref: 00928A80
                                                                        • EndPath.GDI32(?), ref: 00928A90
                                                                        • StrokePath.GDI32(?), ref: 00928AA0
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                        • String ID:
                                                                        • API String ID: 43455801-0
                                                                        • Opcode ID: e35991cb2a25d683a2dbe62942e4539640db5a03e0915dfb127cada377b1275a
                                                                        • Instruction ID: 3de60fd1ec9568026d009b60cdd3aef0d763d0b783cab860b15198f07e61385f
                                                                        • Opcode Fuzzy Hash: e35991cb2a25d683a2dbe62942e4539640db5a03e0915dfb127cada377b1275a
                                                                        • Instruction Fuzzy Hash: 53110C76044118FFEF129F94EC48E9A7F6CEB08350F048011FA1995161C7719D55EBA0
                                                                        Function 008F51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetDC.USER32(00000000), ref: 008F5218
                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 008F5229
                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 008F5230
                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 008F5238
                                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 008F524F
                                                                        • MulDiv.KERNEL32(000009EC,00000001,?), ref: 008F5261
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CapsDevice$Release
                                                                        • String ID:
                                                                        • API String ID: 1035833867-0
                                                                        • Opcode ID: 9b2817c7ee01dcd5f80f787d5017437d8a7acd3bd9bc973a517b38a8e6fdfbb9
                                                                        • Instruction ID: a861ca3202c212cbc79cc8c67620575fee052b21dbe0a1db3d2ceb64509d7d38
                                                                        • Opcode Fuzzy Hash: 9b2817c7ee01dcd5f80f787d5017437d8a7acd3bd9bc973a517b38a8e6fdfbb9
                                                                        • Instruction Fuzzy Hash: 48018FB5E04709BBEB109BB69C49A5EBFB8FF48751F044165FB04E7281DA709801DFA0
                                                                        Function 00891BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00891BF4
                                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 00891BFC
                                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00891C07
                                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00891C12
                                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 00891C1A
                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00891C22
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual
                                                                        • String ID:
                                                                        • API String ID: 4278518827-0
                                                                        • Opcode ID: 162e399e505a24b591f771e77441393ccb3f858eaabe6e0e54d0adaf209772d7
                                                                        • Instruction ID: eea579446825d141c8d2115a1b9c3dbf81a4614a7054e69e288f98ad2198da46
                                                                        • Opcode Fuzzy Hash: 162e399e505a24b591f771e77441393ccb3f858eaabe6e0e54d0adaf209772d7
                                                                        • Instruction Fuzzy Hash: 7A0167B0902B5ABDE3008F6A8C85B56FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                        Function 008FEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 008FEB30
                                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 008FEB46
                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 008FEB55
                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008FEB64
                                                                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008FEB6E
                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008FEB75
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                        • String ID:
                                                                        • API String ID: 839392675-0
                                                                        • Opcode ID: 582d84ade9999b157b33cbb2b4f515448ace16cf7c0647282106e514cc6af3f1
                                                                        • Instruction ID: 56dc89909e2670e020781df9c12ef30adc5b0402b38b5af24c85de44155e6bb3
                                                                        • Opcode Fuzzy Hash: 582d84ade9999b157b33cbb2b4f515448ace16cf7c0647282106e514cc6af3f1
                                                                        • Instruction Fuzzy Hash: E6F05EB2254559BBE7315B629C0EEEF3E7CEFCAB11F000158F601E1091D7A05A02E6B5
                                                                        Function 008E7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetClientRect.USER32(?), ref: 008E7452
                                                                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 008E7469
                                                                        • GetWindowDC.USER32(?), ref: 008E7475
                                                                        • GetPixel.GDI32(00000000,?,?), ref: 008E7484
                                                                        • ReleaseDC.USER32(?,00000000), ref: 008E7496
                                                                        • GetSysColor.USER32(00000005), ref: 008E74B0
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                        • String ID:
                                                                        • API String ID: 272304278-0
                                                                        • Opcode ID: 9ab00138564560753740fde624b3eacba3508fd21e80e5ac97f7cb8c3ea76a6e
                                                                        • Instruction ID: 8e296297f82087dfe65852ddcda8075874d5b04e797991ab2645d11f69411d79
                                                                        • Opcode Fuzzy Hash: 9ab00138564560753740fde624b3eacba3508fd21e80e5ac97f7cb8c3ea76a6e
                                                                        • Instruction Fuzzy Hash: 8201867141820AFFEB215FA4DC08BAE7BB5FF05325F200064FA16A21A1CB311E52BB50
                                                                        Function 008F1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 008F187F
                                                                        • UnloadUserProfile.USERENV(?,?), ref: 008F188B
                                                                        • CloseHandle.KERNEL32(?), ref: 008F1894
                                                                        • CloseHandle.KERNEL32(?), ref: 008F189C
                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 008F18A5
                                                                        • HeapFree.KERNEL32(00000000), ref: 008F18AC
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                        • String ID:
                                                                        • API String ID: 146765662-0
                                                                        • Opcode ID: 2b8441044dd6da01261c9ebb56d09458b8a5b60d229e60207c9768dfa2afa097
                                                                        • Instruction ID: 9366f82320da1377446cc83df21c79aa5d93bb69bdba0f6ee770553e3302b352
                                                                        • Opcode Fuzzy Hash: 2b8441044dd6da01261c9ebb56d09458b8a5b60d229e60207c9768dfa2afa097
                                                                        • Instruction Fuzzy Hash: EFE0E5B601C501BBDB115FA1ED0D90EBF39FF49B22B208620F22581075CB329432EF50
                                                                        Function 008FC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00897620: _wcslen.LIBCMT ref: 00897625
                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 008FC6EE
                                                                        • _wcslen.LIBCMT ref: 008FC735
                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 008FC79C
                                                                        • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 008FC7CA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ItemMenu$Info_wcslen$Default
                                                                        • String ID: 0
                                                                        • API String ID: 1227352736-4108050209
                                                                        • Opcode ID: 183e0f737d1714db413afec8af686f8840e0b0d7f4e72c4b012118100c8f8855
                                                                        • Instruction ID: 9dc2b56abebf46eddb74e9a0b7973a0833bec75c3f91d596068b0da56ccf200c
                                                                        • Opcode Fuzzy Hash: 183e0f737d1714db413afec8af686f8840e0b0d7f4e72c4b012118100c8f8855
                                                                        • Instruction Fuzzy Hash: E751FF7161830C9BD714AF3CCA84A7B77E4FF89314F080A2DFA91D21A0DB64DA04CB52
                                                                        Function 008F719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 008F7206
                                                                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 008F723C
                                                                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 008F724D
                                                                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 008F72CF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorMode$AddressCreateInstanceProc
                                                                        • String ID: DllGetClassObject
                                                                        • API String ID: 753597075-1075368562
                                                                        • Opcode ID: 279d0af7ee091cada4c303505f3116fc89a0e2fc0ca3d8f4bba1ac5372c4bc2e
                                                                        • Instruction ID: 36f87cb9f829e51b57e1f5932161cd46d6297e31bde84e300c10442857d4c881
                                                                        • Opcode Fuzzy Hash: 279d0af7ee091cada4c303505f3116fc89a0e2fc0ca3d8f4bba1ac5372c4bc2e
                                                                        • Instruction Fuzzy Hash: 8C416471604208DFEB15CF64C885AAA7BB9FF44314F1480ADBE06DF20AD7B1D945DBA0
                                                                        Function 00923D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00923E35
                                                                        • IsMenu.USER32(?), ref: 00923E4A
                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00923E92
                                                                        • DrawMenuBar.USER32 ref: 00923EA5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$Item$DrawInfoInsert
                                                                        • String ID: 0
                                                                        • API String ID: 3076010158-4108050209
                                                                        • Opcode ID: 2ad7abd2a4ad207f45cd08c01df3d9a2624ca250d76648dd510d55eb3ecc3a0a
                                                                        • Instruction ID: 7f9a09f8ccb554807fb5ae09e4c9835d687979b188446115cd6d806225fd61d6
                                                                        • Opcode Fuzzy Hash: 2ad7abd2a4ad207f45cd08c01df3d9a2624ca250d76648dd510d55eb3ecc3a0a
                                                                        • Instruction Fuzzy Hash: 52416A75A10219AFDB10DF50E884EAABBB9FF48350F058029F905A7250D738EE49DF91
                                                                        Function 008F1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                          • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 008F1E66
                                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 008F1E79
                                                                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 008F1EA9
                                                                          • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$_wcslen$ClassName
                                                                        • String ID: ComboBox$ListBox
                                                                        • API String ID: 2081771294-1403004172
                                                                        • Opcode ID: f8d133c539a0a970faef15ca90a1c1fdaea7ab15a46f7c2b7801d2cae6b2a9a2
                                                                        • Instruction ID: f879df4a10f91db22a8f3084f8c8e93f623f407823ccb268df519e9a891be1ad
                                                                        • Opcode Fuzzy Hash: f8d133c539a0a970faef15ca90a1c1fdaea7ab15a46f7c2b7801d2cae6b2a9a2
                                                                        • Instruction Fuzzy Hash: A521E571A00108BADF14ABB9DC59CFFB7B8FF45364B144129F925E71E1DB34490AD621
                                                                        Function 0091C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _wcslen
                                                                        • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                        • API String ID: 176396367-4004644295
                                                                        • Opcode ID: d05cd5052c6ec766e95dba83dcc5512d63568ef22aa44275a4176e8522b047b4
                                                                        • Instruction ID: 2780a61768faa067b5988f1ce78ee565d3f6a1791d38de8d0c7d83cbf89c5683
                                                                        • Opcode Fuzzy Hash: d05cd5052c6ec766e95dba83dcc5512d63568ef22aa44275a4176e8522b047b4
                                                                        • Instruction Fuzzy Hash: 763148B3B8016D4BCB22EF6D99400FE3399AFA1740F090029EC55AB345E670CEC4D3A1
                                                                        Function 00922F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00922F8D
                                                                        • LoadLibraryW.KERNEL32(?), ref: 00922F94
                                                                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00922FA9
                                                                        • DestroyWindow.USER32(?), ref: 00922FB1
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                        • String ID: SysAnimate32
                                                                        • API String ID: 3529120543-1011021900
                                                                        • Opcode ID: c8ef3c2749f503ebb21a8fb4040a25deb044eb97a6a295d9d45c29a0f453641e
                                                                        • Instruction ID: 17a8b5ca5daf193e63c7f3f14043255c30bf4c8ec3b5813a290b7c59d7391452
                                                                        • Opcode Fuzzy Hash: c8ef3c2749f503ebb21a8fb4040a25deb044eb97a6a295d9d45c29a0f453641e
                                                                        • Instruction Fuzzy Hash: 4521AE71204215BBEB208F64ED80FFB77BDEB59364F100618F950D2198D771DC51A760
                                                                        Function 008B4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,008B4D1E,008C28E9,?,008B4CBE,008C28E9,009588B8,0000000C,008B4E15,008C28E9,00000002), ref: 008B4D8D
                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008B4DA0
                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,008B4D1E,008C28E9,?,008B4CBE,008C28E9,009588B8,0000000C,008B4E15,008C28E9,00000002,00000000), ref: 008B4DC3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                        • API String ID: 4061214504-1276376045
                                                                        • Opcode ID: 57d2189672784ec5dbc28f44ae14053a8234771764cdb62c03eaacbe2d800155
                                                                        • Instruction ID: 219a1ab693b85528c9f5fc67158d99352c3ecb95ecacb7628ea07242050373e8
                                                                        • Opcode Fuzzy Hash: 57d2189672784ec5dbc28f44ae14053a8234771764cdb62c03eaacbe2d800155
                                                                        • Instruction Fuzzy Hash: B2F0AF70A14208BBDB209F90DC0ABEEBBB4EF44752F0400A4F806E22A1CB305941EF90
                                                                        Function 00894E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00894EDD,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E9C
                                                                        • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00894EAE
                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00894EDD,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894EC0
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Library$AddressFreeLoadProc
                                                                        • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                        • API String ID: 145871493-3689287502
                                                                        • Opcode ID: bb3764242af25ccf8875f94623771d38bf81281cd4fe5137e1873f013118601e
                                                                        • Instruction ID: a9076c19f736bd579ecdd0468ec54184cc2291c82589bf86e75f5e575a6dbaea
                                                                        • Opcode Fuzzy Hash: bb3764242af25ccf8875f94623771d38bf81281cd4fe5137e1873f013118601e
                                                                        • Instruction Fuzzy Hash: BDE08675A195225B973127257C19E5F6654FFC1B737090115FC05D2101DB60CD0791E0
                                                                        Function 00894E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,008D3CDE,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E62
                                                                        • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00894E74
                                                                        • FreeLibrary.KERNEL32(00000000,?,?,008D3CDE,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E87
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Library$AddressFreeLoadProc
                                                                        • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                        • API String ID: 145871493-1355242751
                                                                        • Opcode ID: a7b161a1ee95379cf5ea520ff6fd16736da689df435fe526461b3b213e3bd779
                                                                        • Instruction ID: ac867e7de419affc7306ff5c3b30c6475d0139bbc80c339d1563c5a03f36ff9f
                                                                        • Opcode Fuzzy Hash: a7b161a1ee95379cf5ea520ff6fd16736da689df435fe526461b3b213e3bd779
                                                                        • Instruction Fuzzy Hash: 8CD0C23292AA31574A322B257C09D8F2A18FF85B653490110BC04E2215CF20CD13D1D0
                                                                        Function 00902947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00902C05
                                                                        • DeleteFileW.KERNEL32(?), ref: 00902C87
                                                                        • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00902C9D
                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00902CAE
                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00902CC0
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: File$Delete$Copy
                                                                        • String ID:
                                                                        • API String ID: 3226157194-0
                                                                        • Opcode ID: 6c038e7b6e9fa14033b1c19014986e4c5197904344d7b6ad60976506669375b6
                                                                        • Instruction ID: e40e45d5a45c50a0efa2856419dc371cdbf4534d2142af3f02765566630b5abb
                                                                        • Opcode Fuzzy Hash: 6c038e7b6e9fa14033b1c19014986e4c5197904344d7b6ad60976506669375b6
                                                                        • Instruction Fuzzy Hash: DFB12071D00119AFDF25EBA4CC89EDEB7BDFF49350F1040A6FA09E6191EA349A448F61
                                                                        Function 0091A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetCurrentProcessId.KERNEL32 ref: 0091A427
                                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0091A435
                                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0091A468
                                                                        • CloseHandle.KERNEL32(?), ref: 0091A63D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Process$CloseCountersCurrentHandleOpen
                                                                        • String ID:
                                                                        • API String ID: 3488606520-0
                                                                        • Opcode ID: 670eeeacfe6bcf670f1a57c3a9d5e6b77d524262143cab812119e40f78951984
                                                                        • Instruction ID: 647ecda9a7908990410be67196bf5de33223349a39720ad3b97c59b0e3bf0dc1
                                                                        • Opcode Fuzzy Hash: 670eeeacfe6bcf670f1a57c3a9d5e6b77d524262143cab812119e40f78951984
                                                                        • Instruction Fuzzy Hash: 80A17E716043009FD720EF28D886B2AB7E5FF84714F14885DF55ADB292DBB1EC418B92
                                                                        Function 008FE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008FDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,008FCF22,?), ref: 008FDDFD
                                                                          • Part of subcall function 008FDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,008FCF22,?), ref: 008FDE16
                                                                          • Part of subcall function 008FE199: GetFileAttributesW.KERNEL32(?,008FCF95), ref: 008FE19A
                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 008FE473
                                                                        • MoveFileW.KERNEL32(?,?), ref: 008FE4AC
                                                                        • _wcslen.LIBCMT ref: 008FE5EB
                                                                        • _wcslen.LIBCMT ref: 008FE603
                                                                        • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 008FE650
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                        • String ID:
                                                                        • API String ID: 3183298772-0
                                                                        • Opcode ID: f62705e242f4c59cfc6c754ebe85f4b3fc2837e9be5a967aacc7b7268909d68e
                                                                        • Instruction ID: b836fc3e9e8f83436bfbbf3786878aa04d47553aa0371e64b8f2bcb9f570db5b
                                                                        • Opcode Fuzzy Hash: f62705e242f4c59cfc6c754ebe85f4b3fc2837e9be5a967aacc7b7268909d68e
                                                                        • Instruction Fuzzy Hash: FF5120B24087495BC724EBA8DC819EB73DCFF94344F00492EF689D3161EE75A6888767
                                                                        Function 0091B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                          • Part of subcall function 0091C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0091B6AE,?,?), ref: 0091C9B5
                                                                          • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091C9F1
                                                                          • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA68
                                                                          • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA9E
                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0091BAA5
                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0091BB00
                                                                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0091BB63
                                                                        • RegCloseKey.ADVAPI32(?,?), ref: 0091BBA6
                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0091BBB3
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                        • String ID:
                                                                        • API String ID: 826366716-0
                                                                        • Opcode ID: 4853edd2dbe853952310f745895acb21110cef82d40ecd5ecb51613c4ff113eb
                                                                        • Instruction ID: 9686adb7d86a8109ce1aabb3238a91cba2389f20b442ecc980cadea9b9c0fbfc
                                                                        • Opcode Fuzzy Hash: 4853edd2dbe853952310f745895acb21110cef82d40ecd5ecb51613c4ff113eb
                                                                        • Instruction Fuzzy Hash: 5E61B571208245EFD714DF18C490E6ABBE9FF84308F54895DF4998B2A2DB31ED85CB92
                                                                        Function 008F8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VariantInit.OLEAUT32(?), ref: 008F8BCD
                                                                        • VariantClear.OLEAUT32 ref: 008F8C3E
                                                                        • VariantClear.OLEAUT32 ref: 008F8C9D
                                                                        • VariantClear.OLEAUT32(?), ref: 008F8D10
                                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 008F8D3B
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$Clear$ChangeInitType
                                                                        • String ID:
                                                                        • API String ID: 4136290138-0
                                                                        • Opcode ID: e946fbc4b7f533ffc11d703534dcd48bbd09719877656c8e6a7d8c44340fe803
                                                                        • Instruction ID: 67283b9025c256c4d99c309737b2b1f6b31b8f42394fa46bf94832354ac0459a
                                                                        • Opcode Fuzzy Hash: e946fbc4b7f533ffc11d703534dcd48bbd09719877656c8e6a7d8c44340fe803
                                                                        • Instruction Fuzzy Hash: 315178B5A00619EFCB10DF68C884AAAB7F9FF89314B158559FA09DB354E730E911CF90
                                                                        Function 00908AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00908BAE
                                                                        • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00908BDA
                                                                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00908C32
                                                                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00908C57
                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00908C5F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: PrivateProfile$SectionWrite$String
                                                                        • String ID:
                                                                        • API String ID: 2832842796-0
                                                                        • Opcode ID: 936bd38225cccfe8efededf6844648bca5417d9f9ba216b20f54dad3666444c7
                                                                        • Instruction ID: 5b6b4af71a70197069028913bcf2055378c93cef6636658d25bab227af701da3
                                                                        • Opcode Fuzzy Hash: 936bd38225cccfe8efededf6844648bca5417d9f9ba216b20f54dad3666444c7
                                                                        • Instruction Fuzzy Hash: 89513835A002149FDF11EF68C880A6ABBF5FF49314F088458E849AB3A2DB35ED51CB91
                                                                        Function 00918EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00918F40
                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00918FD0
                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00918FEC
                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00919032
                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00919052
                                                                          • Part of subcall function 008AF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00901043,?,753CE610), ref: 008AF6E6
                                                                          • Part of subcall function 008AF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,008EFA64,00000000,00000000,?,?,00901043,?,753CE610,?,008EFA64), ref: 008AF70D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                        • String ID:
                                                                        • API String ID: 666041331-0
                                                                        • Opcode ID: 8ffe4875f20ab971f211586ee2b5d99aebd584a0ccf18d4466f2bc52993746a9
                                                                        • Instruction ID: 7b01fa639d463f72f95aea343542e33fc65fc392ecf25cfcffb75f9318ea22a4
                                                                        • Opcode Fuzzy Hash: 8ffe4875f20ab971f211586ee2b5d99aebd584a0ccf18d4466f2bc52993746a9
                                                                        • Instruction Fuzzy Hash: 62515D35604209DFCB15EF58C4948EDBBF5FF49314B0980A8E806AB362DB31ED86CB91
                                                                        Function 00926B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00926C33
                                                                        • SetWindowLongW.USER32(?,000000EC,?), ref: 00926C4A
                                                                        • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00926C73
                                                                        • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0090AB79,00000000,00000000), ref: 00926C98
                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00926CC7
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Long$MessageSendShow
                                                                        • String ID:
                                                                        • API String ID: 3688381893-0
                                                                        • Opcode ID: 1df5a5c123dea75a92825240a165569080cf1547059d323ab24ef1d5f8bf6cac
                                                                        • Instruction ID: 38402f44143c325de33a25f304860ed3e37a8b041f4d4a3f14e708bc8bb4dfcb
                                                                        • Opcode Fuzzy Hash: 1df5a5c123dea75a92825240a165569080cf1547059d323ab24ef1d5f8bf6cac
                                                                        • Instruction Fuzzy Hash: 4E411975A08124AFD724EF28EC54FA97BA9EB09360F140268FAD5E76E4C371ED41DA40
                                                                        Function 008C2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _free
                                                                        • String ID:
                                                                        • API String ID: 269201875-0
                                                                        • Opcode ID: 1001099342ee0e75326a010fbac857561d4084ce84ddb9916e62635b5a68112f
                                                                        • Instruction ID: c9996cdf585df99e861454ddd6486121cd2dfc26f8f375058236e0b607dcd33c
                                                                        • Opcode Fuzzy Hash: 1001099342ee0e75326a010fbac857561d4084ce84ddb9916e62635b5a68112f
                                                                        • Instruction Fuzzy Hash: 3641AC72A002049FDB24DFB8C881F59B7B5FF89314F1545ADE615EB292DA31E901CB81
                                                                        Function 008A912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetCursorPos.USER32(?), ref: 008A9141
                                                                        • ScreenToClient.USER32(00000000,?), ref: 008A915E
                                                                        • GetAsyncKeyState.USER32(00000001), ref: 008A9183
                                                                        • GetAsyncKeyState.USER32(00000002), ref: 008A919D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AsyncState$ClientCursorScreen
                                                                        • String ID:
                                                                        • API String ID: 4210589936-0
                                                                        • Opcode ID: 9461139d6277a8b5c4af5de617da8afdb5bbd3f372f5b3196869e30a8cec38db
                                                                        • Instruction ID: ada97c0dbfb87d778ce59bc92143b4b8b4b32aaf5670809ff9b06338621777b9
                                                                        • Opcode Fuzzy Hash: 9461139d6277a8b5c4af5de617da8afdb5bbd3f372f5b3196869e30a8cec38db
                                                                        • Instruction Fuzzy Hash: 78417D71A0C65AFBDF159F68C848BEEB774FF06324F20821AE469E7290C7346950DB91
                                                                        Function 00903874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetInputState.USER32 ref: 009038CB
                                                                        • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00903922
                                                                        • TranslateMessage.USER32(?), ref: 0090394B
                                                                        • DispatchMessageW.USER32(?), ref: 00903955
                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00903966
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                        • String ID:
                                                                        • API String ID: 2256411358-0
                                                                        • Opcode ID: b6ef675ebc704942df552debba786d1ad856a8f3874756b81c86cd44180c630b
                                                                        • Instruction ID: 6723ec51ac6f82d924e7cfe5409d539c65ddb55a0b94889c800be323648f33e2
                                                                        • Opcode Fuzzy Hash: b6ef675ebc704942df552debba786d1ad856a8f3874756b81c86cd44180c630b
                                                                        • Instruction Fuzzy Hash: C531B370928341DFEB39CB359949FB637ACAB05304F08856DE472C21E0E3F49A85EB51
                                                                        Function 0090CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0090CF38
                                                                        • InternetReadFile.WININET(?,00000000,?,?), ref: 0090CF6F
                                                                        • GetLastError.KERNEL32(?,00000000,?,?,?,0090C21E,00000000), ref: 0090CFB4
                                                                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,0090C21E,00000000), ref: 0090CFC8
                                                                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,0090C21E,00000000), ref: 0090CFF2
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                        • String ID:
                                                                        • API String ID: 3191363074-0
                                                                        • Opcode ID: 56f4cce50f69470fd470f0e4d8800bddf7fce4228fda66de24f5dd78036a2ba3
                                                                        • Instruction ID: ffd49d1829d296ac4c12628e91b0cf321d674bb8a5bd388dadb51902435f500f
                                                                        • Opcode Fuzzy Hash: 56f4cce50f69470fd470f0e4d8800bddf7fce4228fda66de24f5dd78036a2ba3
                                                                        • Instruction Fuzzy Hash: 3D317AB1604206EFDB20DFA9C884AAFBBFDEF04351B10452EF616D2181DB30EE419B61
                                                                        Function 008F1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetWindowRect.USER32(?,?), ref: 008F1915
                                                                        • PostMessageW.USER32(00000001,00000201,00000001), ref: 008F19C1
                                                                        • Sleep.KERNEL32(00000000,?,?,?), ref: 008F19C9
                                                                        • PostMessageW.USER32(00000001,00000202,00000000), ref: 008F19DA
                                                                        • Sleep.KERNEL32(00000000,?,?,?,?), ref: 008F19E2
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessagePostSleep$RectWindow
                                                                        • String ID:
                                                                        • API String ID: 3382505437-0
                                                                        • Opcode ID: 6bb881217acb38fe42ddb2cce22df4ce6871f358605b7b6f14137a4a0fc7b958
                                                                        • Instruction ID: e6b6df2bb3951edd50de96c3c03d1d11998ba801a70c3e9ea41bed13638d8faf
                                                                        • Opcode Fuzzy Hash: 6bb881217acb38fe42ddb2cce22df4ce6871f358605b7b6f14137a4a0fc7b958
                                                                        • Instruction Fuzzy Hash: 95318A71A1021DEFDB14CFB8C999AAE3BB5FB04315F504229FA21E72D1C7B09954DB90
                                                                        Function 00925706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00925745
                                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 0092579D
                                                                        • _wcslen.LIBCMT ref: 009257AF
                                                                        • _wcslen.LIBCMT ref: 009257BA
                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00925816
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$_wcslen
                                                                        • String ID:
                                                                        • API String ID: 763830540-0
                                                                        • Opcode ID: 8256d361bcb5061a66a65b7e1ac5d08c3d6e9610825105fab9137ca77d1df4af
                                                                        • Instruction ID: 1d9666ce7efdd1eb66adc868745c91574878c5d5a9e11b646e81e3ffc1802278
                                                                        • Opcode Fuzzy Hash: 8256d361bcb5061a66a65b7e1ac5d08c3d6e9610825105fab9137ca77d1df4af
                                                                        • Instruction Fuzzy Hash: F921B675904628DADB209FA5EC85AEDBBBCFF44324F108216F929EB198D770C985CF50
                                                                        Function 00910930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • IsWindow.USER32(00000000), ref: 00910951
                                                                        • GetForegroundWindow.USER32 ref: 00910968
                                                                        • GetDC.USER32(00000000), ref: 009109A4
                                                                        • GetPixel.GDI32(00000000,?,00000003), ref: 009109B0
                                                                        • ReleaseDC.USER32(00000000,00000003), ref: 009109E8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ForegroundPixelRelease
                                                                        • String ID:
                                                                        • API String ID: 4156661090-0
                                                                        • Opcode ID: 06998ed2f48ea3e09dcf7163dc4beaf85a85ea81796c49116a935ffa5c75f7c4
                                                                        • Instruction ID: fc889a01492ca9adfea521cf862d1981071a8fcec171d842f30157e5b80be1bd
                                                                        • Opcode Fuzzy Hash: 06998ed2f48ea3e09dcf7163dc4beaf85a85ea81796c49116a935ffa5c75f7c4
                                                                        • Instruction Fuzzy Hash: E321C375600204AFD714EF68D884AAEBBF9FF84740F048428F84AD7762CB70AC44DB90
                                                                        Function 008CCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 008CCDC6
                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008CCDE9
                                                                          • Part of subcall function 008C3820: RtlAllocateHeap.NTDLL(00000000,?,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6,?,00891129), ref: 008C3852
                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 008CCE0F
                                                                        • _free.LIBCMT ref: 008CCE22
                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008CCE31
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                        • String ID:
                                                                        • API String ID: 336800556-0
                                                                        • Opcode ID: a034f443395a7efa69df6fc338c9c9c803142cbef118e70b238a58928e623ca1
                                                                        • Instruction ID: 3d73f9b554fad4a2e0bb1596c8c476f08a29b4d2e9e5b0b9c932c01681ba3238
                                                                        • Opcode Fuzzy Hash: a034f443395a7efa69df6fc338c9c9c803142cbef118e70b238a58928e623ca1
                                                                        • Instruction Fuzzy Hash: 0701D4B26056157F232116BAAC88E7F6A7DFEC7BA1315012DF909C7201EB71CD0291F0
                                                                        Function 008A9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 008A9693
                                                                        • SelectObject.GDI32(?,00000000), ref: 008A96A2
                                                                        • BeginPath.GDI32(?), ref: 008A96B9
                                                                        • SelectObject.GDI32(?,00000000), ref: 008A96E2
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ObjectSelect$BeginCreatePath
                                                                        • String ID:
                                                                        • API String ID: 3225163088-0
                                                                        • Opcode ID: d0407b687efd80d9f58b1909e6e537fc7006cfd32cf3123b871ed927c97c7954
                                                                        • Instruction ID: 6a1816ec7d534e1a8ac2de670f15f3d82c4d3534b3e21bc1eebd86c87e8a9797
                                                                        • Opcode Fuzzy Hash: d0407b687efd80d9f58b1909e6e537fc7006cfd32cf3123b871ed927c97c7954
                                                                        • Instruction Fuzzy Hash: 82217F7082E305EBEF119F68ED157A93BA8FF22355F18021AF450E61A1D3B05891EF94
                                                                        Function 008F5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _memcmp
                                                                        • String ID:
                                                                        • API String ID: 2931989736-0
                                                                        • Opcode ID: c4a173d51d62db05dab024dd6f6a04a15afea57be95124c231341d7269c4a20a
                                                                        • Instruction ID: 67f9b8b4b3f4b2716e3f6f5c0dc6c0ab026919c34c800428fced8593851aac38
                                                                        • Opcode Fuzzy Hash: c4a173d51d62db05dab024dd6f6a04a15afea57be95124c231341d7269c4a20a
                                                                        • Instruction Fuzzy Hash: 2201B562645A1DBBD608A525AD92FFB739CFB65398F504030FF09DE341F764ED1082A1
                                                                        Function 008C2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetLastError.KERNEL32(?,?,?,008BF2DE,008C3863,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6), ref: 008C2DFD
                                                                        • _free.LIBCMT ref: 008C2E32
                                                                        • _free.LIBCMT ref: 008C2E59
                                                                        • SetLastError.KERNEL32(00000000,00891129), ref: 008C2E66
                                                                        • SetLastError.KERNEL32(00000000,00891129), ref: 008C2E6F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLast$_free
                                                                        • String ID:
                                                                        • API String ID: 3170660625-0
                                                                        • Opcode ID: 2df209b11a80dd567f5c274873663bca9bd5edacc30bb7791281583b4ec42dd9
                                                                        • Instruction ID: bf2116d3df90e41343924c1d8d59a0181fb843271b4df70c654ae7389176c533
                                                                        • Opcode Fuzzy Hash: 2df209b11a80dd567f5c274873663bca9bd5edacc30bb7791281583b4ec42dd9
                                                                        • Instruction Fuzzy Hash: 6201F476209B046BCA2267796C45F2F267DFBC13B6B20442CF421F21D3EB30CC065121
                                                                        Function 008F000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?,?,008F035E), ref: 008F002B
                                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?), ref: 008F0046
                                                                        • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?), ref: 008F0054
                                                                        • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?), ref: 008F0064
                                                                        • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?), ref: 008F0070
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                        • String ID:
                                                                        • API String ID: 3897988419-0
                                                                        • Opcode ID: 3c59fabc5d1f2be3a4f8ae39bd8c1197525a8071cd0381f4eb8bd16da40595ef
                                                                        • Instruction ID: 996d81a607fe431b0494c991840a1f8bfc2b7d8be3bd84f0a2ba8ac2306009da
                                                                        • Opcode Fuzzy Hash: 3c59fabc5d1f2be3a4f8ae39bd8c1197525a8071cd0381f4eb8bd16da40595ef
                                                                        • Instruction Fuzzy Hash: BA0171B2610608BFDB204F64DC04BAE7AADEB84751F144114FA05D2211EB71DD459BA0
                                                                        Function 008FE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 008FE997
                                                                        • QueryPerformanceFrequency.KERNEL32(?), ref: 008FE9A5
                                                                        • Sleep.KERNEL32(00000000), ref: 008FE9AD
                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 008FE9B7
                                                                        • Sleep.KERNEL32 ref: 008FE9F3
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                        • String ID:
                                                                        • API String ID: 2833360925-0
                                                                        • Opcode ID: af1b562f98bf66f7b4a1a1d62c8abf7aeeb487b37fbb805fdb5e7419e666fd68
                                                                        • Instruction ID: 7834fbcbb7eedc4f9506254d4788c0ef7d379653e8b186cd35a6a7eeecee5058
                                                                        • Opcode Fuzzy Hash: af1b562f98bf66f7b4a1a1d62c8abf7aeeb487b37fbb805fdb5e7419e666fd68
                                                                        • Instruction Fuzzy Hash: 35013571E09A2DDBCF10ABF4D849AEDBB78FB09700F000546E602F2261CB7096569BA1
                                                                        Function 008F10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 008F1114
                                                                        • GetLastError.KERNEL32(?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1120
                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F112F
                                                                        • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1136
                                                                        • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 008F114D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                        • String ID:
                                                                        • API String ID: 842720411-0
                                                                        • Opcode ID: 47f43c93035eee5af57bb43a6c12ce668e3074bac4f66ef9037bc1c75ac4b640
                                                                        • Instruction ID: b0e202b6b73844dc29a0a72f57d7ec85bb6dca52e81211b43f60cdaefbdc648f
                                                                        • Opcode Fuzzy Hash: 47f43c93035eee5af57bb43a6c12ce668e3074bac4f66ef9037bc1c75ac4b640
                                                                        • Instruction Fuzzy Hash: F7016DB9104205BFDF214F64DC4DA6A3B6EFF85360B100414FA41C3350DB31DC419A60
                                                                        Function 008F0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 008F0FCA
                                                                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 008F0FD6
                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 008F0FE5
                                                                        • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 008F0FEC
                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 008F1002
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                        • String ID:
                                                                        • API String ID: 44706859-0
                                                                        • Opcode ID: e673f34a0e0819afe7bee31f064819c4e09d33a569848f1d91c6eda0c1a1cd8a
                                                                        • Instruction ID: 97448b9584348cb438b3f5d48a3c354d16ac5c9e7afff3853ad89acc9d50fa43
                                                                        • Opcode Fuzzy Hash: e673f34a0e0819afe7bee31f064819c4e09d33a569848f1d91c6eda0c1a1cd8a
                                                                        • Instruction Fuzzy Hash: 3DF0A9B6204305EBDB214FA49C4EF6A3BADFF89B62F200424FA05C7251CA30DC419A60
                                                                        Function 008F1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 008F102A
                                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 008F1036
                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008F1045
                                                                        • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 008F104C
                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008F1062
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                        • String ID:
                                                                        • API String ID: 44706859-0
                                                                        • Opcode ID: f886856b2fb3f44aae107a1c3d516cb1e02c879986ad7b0b9b5883a13471a06e
                                                                        • Instruction ID: 070d71bfa0f79a19346e78b50a700fab24018a4a207f4fbfa06868335311854a
                                                                        • Opcode Fuzzy Hash: f886856b2fb3f44aae107a1c3d516cb1e02c879986ad7b0b9b5883a13471a06e
                                                                        • Instruction Fuzzy Hash: C9F0CDB5204305FBDB219FA4EC4DF6A3BADFF89761F200424FA05C7250DE30D8419A60
                                                                        Function 0090030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 00900324
                                                                        • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 00900331
                                                                        • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 0090033E
                                                                        • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 0090034B
                                                                        • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 00900358
                                                                        • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 00900365
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandle
                                                                        • String ID:
                                                                        • API String ID: 2962429428-0
                                                                        • Opcode ID: a70286d7a276c6f695caf05ed1656fc8b8be2b20623b2aabdeadd3834bfbd97e
                                                                        • Instruction ID: 276c55b596440314da5acc0843647361ac6e35d7cf47d2e9dce4a3a0b43bb3f3
                                                                        • Opcode Fuzzy Hash: a70286d7a276c6f695caf05ed1656fc8b8be2b20623b2aabdeadd3834bfbd97e
                                                                        • Instruction Fuzzy Hash: 5E01EE72800B019FCB31AF66D880902FBF9BFA03153148A3FD19692970C3B0A948DF80
                                                                        Function 008CD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _free.LIBCMT ref: 008CD752
                                                                          • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                          • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                        • _free.LIBCMT ref: 008CD764
                                                                        • _free.LIBCMT ref: 008CD776
                                                                        • _free.LIBCMT ref: 008CD788
                                                                        • _free.LIBCMT ref: 008CD79A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                        • String ID:
                                                                        • API String ID: 776569668-0
                                                                        • Opcode ID: d80c708097eca318eea6d483ce4b90e4061137d5fc4d959bbf6389c6ded3a345
                                                                        • Instruction ID: e220a14fc45e069b7df2c685ff5378f8a168b71b0e6cce5ece74675722851d2e
                                                                        • Opcode Fuzzy Hash: d80c708097eca318eea6d483ce4b90e4061137d5fc4d959bbf6389c6ded3a345
                                                                        • Instruction Fuzzy Hash: 89F037B2558304AB8625FB69F9C6E1A7BFDFB04311BA5081DF048E7642CB30FC808A61
                                                                        Function 008F5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetDlgItem.USER32(?,000003E9), ref: 008F5C58
                                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 008F5C6F
                                                                        • MessageBeep.USER32(00000000), ref: 008F5C87
                                                                        • KillTimer.USER32(?,0000040A), ref: 008F5CA3
                                                                        • EndDialog.USER32(?,00000001), ref: 008F5CBD
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                        • String ID:
                                                                        • API String ID: 3741023627-0
                                                                        • Opcode ID: 6511f8eb139255b77cdeed87096aac5d11d292b43a55f7a9237b721266b6b332
                                                                        • Instruction ID: 3d20906090c618459d25deeb3a0a387d6f8060e8a5cb43eb1af1dc74e0ebf390
                                                                        • Opcode Fuzzy Hash: 6511f8eb139255b77cdeed87096aac5d11d292b43a55f7a9237b721266b6b332
                                                                        • Instruction Fuzzy Hash: 0B018170514B08ABEB305B20DD5EFBA77B8FF00B06F040559A783E14E1DBF4A9899B91
                                                                        Function 008C22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _free.LIBCMT ref: 008C22BE
                                                                          • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                          • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                        • _free.LIBCMT ref: 008C22D0
                                                                        • _free.LIBCMT ref: 008C22E3
                                                                        • _free.LIBCMT ref: 008C22F4
                                                                        • _free.LIBCMT ref: 008C2305
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                        • String ID:
                                                                        • API String ID: 776569668-0
                                                                        • Opcode ID: 9f919aef6e75ff38344997cea10890333bd8590f4d90880da6e8ca4647b2b873
                                                                        • Instruction ID: fcf8f3d53e1d20d05e742ada8fada829316d2f76b2c9be80c436352b64ef00b2
                                                                        • Opcode Fuzzy Hash: 9f919aef6e75ff38344997cea10890333bd8590f4d90880da6e8ca4647b2b873
                                                                        • Instruction Fuzzy Hash: 26F03AB08693209FC612AF58BC41E093FB4F718762744050EF420D22F1CBB18911FFA5
                                                                        Function 008A95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • EndPath.GDI32(?), ref: 008A95D4
                                                                        • StrokeAndFillPath.GDI32(?,?,008E71F7,00000000,?,?,?), ref: 008A95F0
                                                                        • SelectObject.GDI32(?,00000000), ref: 008A9603
                                                                        • DeleteObject.GDI32 ref: 008A9616
                                                                        • StrokePath.GDI32(?), ref: 008A9631
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                        • String ID:
                                                                        • API String ID: 2625713937-0
                                                                        • Opcode ID: 122f25731a0fa83f256ecef8895bdbd307b6c5ea393627ae9111fe9819ece7ab
                                                                        • Instruction ID: a5f51ffb634a40b581750eb80dca655265090404dddb4d56790917903653e318
                                                                        • Opcode Fuzzy Hash: 122f25731a0fa83f256ecef8895bdbd307b6c5ea393627ae9111fe9819ece7ab
                                                                        • Instruction Fuzzy Hash: 6FF0313042D204EBEB265F55FE1D7683B65FB12362F088218F455954F1C7B04556FF60
                                                                        Function 008C0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: __freea$_free
                                                                        • String ID: a/p$am/pm
                                                                        • API String ID: 3432400110-3206640213
                                                                        • Opcode ID: 3caa4be8e072c86c4eb47f656362b12cf226671f3d50c6b1aecaf40434c3c379
                                                                        • Instruction ID: 60eeb540458e2c2d5863636a0b0b1195d138fd9e66eac892b798ebbca2836d80
                                                                        • Opcode Fuzzy Hash: 3caa4be8e072c86c4eb47f656362b12cf226671f3d50c6b1aecaf40434c3c379
                                                                        • Instruction Fuzzy Hash: EAD1BD3591024A8ADF249F68C8D9FBAB7B1FB07708F28415EE501DBA52D379DD80CB91
                                                                        Function 00917B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008B0242: EnterCriticalSection.KERNEL32(0096070C,00961884,?,?,008A198B,00962518,?,?,?,008912F9,00000000), ref: 008B024D
                                                                          • Part of subcall function 008B0242: LeaveCriticalSection.KERNEL32(0096070C,?,008A198B,00962518,?,?,?,008912F9,00000000), ref: 008B028A
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                          • Part of subcall function 008B00A3: __onexit.LIBCMT ref: 008B00A9
                                                                        • __Init_thread_footer.LIBCMT ref: 00917BFB
                                                                          • Part of subcall function 008B01F8: EnterCriticalSection.KERNEL32(0096070C,?,?,008A8747,00962514), ref: 008B0202
                                                                          • Part of subcall function 008B01F8: LeaveCriticalSection.KERNEL32(0096070C,?,008A8747,00962514), ref: 008B0235
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                        • String ID: 5$G$Variable must be of type 'Object'.
                                                                        • API String ID: 535116098-3733170431
                                                                        • Opcode ID: 79e75b78452569b11b501a781bdac3075e63010b0838970c9cf9cb11eea8bc24
                                                                        • Instruction ID: 7aa298177f067df131bb56e170bef14bb37a814fc3d1c2a73f284fa7b4dc3ba9
                                                                        • Opcode Fuzzy Hash: 79e75b78452569b11b501a781bdac3075e63010b0838970c9cf9cb11eea8bc24
                                                                        • Instruction Fuzzy Hash: 73917A74B0420EAFCB14EF98D8819EDB7B5FF88304F148459F8469B291DB71AE81CB51
                                                                        Function 008F2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008FB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008F21D0,?,?,00000034,00000800,?,00000034), ref: 008FB42D
                                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 008F2760
                                                                          • Part of subcall function 008FB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008F21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 008FB3F8
                                                                          • Part of subcall function 008FB32A: GetWindowThreadProcessId.USER32(?,?), ref: 008FB355
                                                                          • Part of subcall function 008FB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,008F2194,00000034,?,?,00001004,00000000,00000000), ref: 008FB365
                                                                          • Part of subcall function 008FB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,008F2194,00000034,?,?,00001004,00000000,00000000), ref: 008FB37B
                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008F27CD
                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008F281A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                        • String ID: @
                                                                        • API String ID: 4150878124-2766056989
                                                                        • Opcode ID: 5532e864ecb6f37e637ea34c78d954de26e0ade6a4c2252d4561cf38fc4465fa
                                                                        • Instruction ID: c383f6e20b7b1719edc9e24200a411f503b62a9e1fe7da3e8d31f211c34bf04a
                                                                        • Opcode Fuzzy Hash: 5532e864ecb6f37e637ea34c78d954de26e0ade6a4c2252d4561cf38fc4465fa
                                                                        • Instruction Fuzzy Hash: 42411B7290021CAFDB10DBA8CD46AEEBBB8FF09740F104095FA55B7181DB706E45CBA1
                                                                        Function 008C172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 008C1769
                                                                        • _free.LIBCMT ref: 008C1834
                                                                        • _free.LIBCMT ref: 008C183E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _free$FileModuleName
                                                                        • String ID: C:\Users\user\Desktop\file.exe
                                                                        • API String ID: 2506810119-1957095476
                                                                        • Opcode ID: 930f1782384b36f21632587f5d8da5258ca59e78d7efa5ad08403f4632adf395
                                                                        • Instruction ID: 5f95644aebd25d4ce72e63cf962eb40b61bba765640776cd6d8a69a93b7cd1f5
                                                                        • Opcode Fuzzy Hash: 930f1782384b36f21632587f5d8da5258ca59e78d7efa5ad08403f4632adf395
                                                                        • Instruction Fuzzy Hash: 62316F75A44218AFDF21DF9998C9E9EBBFCFB86310B54416EF404D7212D6B0CA40DB91
                                                                        Function 008FC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 008FC306
                                                                        • DeleteMenu.USER32(?,00000007,00000000), ref: 008FC34C
                                                                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00961990,010D5618), ref: 008FC395
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$Delete$InfoItem
                                                                        • String ID: 0
                                                                        • API String ID: 135850232-4108050209
                                                                        • Opcode ID: 27473bd67a85d90174df70c257c2c72c8531020e13e6a9c75897c8f813619e43
                                                                        • Instruction ID: 103c0392ddeb9e4e725056d77e3c994912495326254ba3a46a0c80d52e38d346
                                                                        • Opcode Fuzzy Hash: 27473bd67a85d90174df70c257c2c72c8531020e13e6a9c75897c8f813619e43
                                                                        • Instruction Fuzzy Hash: 8A417B712083099BD720DF39D944A6ABBE4FF85354F14861DFAA5D7391D730AA04CA52
                                                                        Function 00924416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0092CC08,00000000,?,?,?,?), ref: 009244AA
                                                                        • GetWindowLongW.USER32 ref: 009244C7
                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 009244D7
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Long
                                                                        • String ID: SysTreeView32
                                                                        • API String ID: 847901565-1698111956
                                                                        • Opcode ID: eff2475c8fcdb0eea4b30f4e0a151a48680a388ce918a1fe73d328ffdc8111f1
                                                                        • Instruction ID: 4d67d0135ecbdda65020d03da9a3c98208c8d9745b9bd216646e67d99e81e131
                                                                        • Opcode Fuzzy Hash: eff2475c8fcdb0eea4b30f4e0a151a48680a388ce918a1fe73d328ffdc8111f1
                                                                        • Instruction Fuzzy Hash: 8C31BA71214625ABDF209E38EC45BEA7BA9EB09334F204714F975A21E4D770EC519B50
                                                                        Function 0091304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 0091335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00913077,?,?), ref: 00913378
                                                                        • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0091307A
                                                                        • _wcslen.LIBCMT ref: 0091309B
                                                                        • htons.WSOCK32(00000000,?,?,00000000), ref: 00913106
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                        • String ID: 255.255.255.255
                                                                        • API String ID: 946324512-2422070025
                                                                        • Opcode ID: 14ddff50c709ee1b0552b4a304189ebc32e9a5971b62eae251812dd8259ecd0c
                                                                        • Instruction ID: 9aa60188fab69e354fc2bc79feb4820c1998bff5f1a7fe4ed7d9015d363fb410
                                                                        • Opcode Fuzzy Hash: 14ddff50c709ee1b0552b4a304189ebc32e9a5971b62eae251812dd8259ecd0c
                                                                        • Instruction Fuzzy Hash: AD31B2357042099FCB20CF29C585AE977F4EF58318F24C099E9159B392D771EE85C761
                                                                        Function 00923EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00923F40
                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00923F54
                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00923F78
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$Window
                                                                        • String ID: SysMonthCal32
                                                                        • API String ID: 2326795674-1439706946
                                                                        • Opcode ID: c354afd905b0345a8f5acfb1c3442ddf27cf424fe2c203b58da740ed3505dc32
                                                                        • Instruction ID: ab3a7957af18ebda2469af9fd0ce7c60c36c62e8eff105e274c475867604fde2
                                                                        • Opcode Fuzzy Hash: c354afd905b0345a8f5acfb1c3442ddf27cf424fe2c203b58da740ed3505dc32
                                                                        • Instruction Fuzzy Hash: 8721EF32610229BBEF218F54EC42FEA3B79EF48718F110214FA05AB1D0D6B5AC55DB90
                                                                        Function 00924653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00924705
                                                                        • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00924713
                                                                        • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0092471A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$DestroyWindow
                                                                        • String ID: msctls_updown32
                                                                        • API String ID: 4014797782-2298589950
                                                                        • Opcode ID: a41d9ea3c27f2922c80e6cb0d585bf47f36881c58f35dcee83abdfab01b684e8
                                                                        • Instruction ID: 996274fc62e9af973c04625607fd09e5bfb85faae05aef0d658af88744ca09fb
                                                                        • Opcode Fuzzy Hash: a41d9ea3c27f2922c80e6cb0d585bf47f36881c58f35dcee83abdfab01b684e8
                                                                        • Instruction Fuzzy Hash: B6215EB5604219AFDB10DF68ECC1DAB37ADEB5A3A4B040059FA14DB351CB70EC11DB60
                                                                        Function 008F95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _wcslen
                                                                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                        • API String ID: 176396367-2734436370
                                                                        • Opcode ID: 891f0e32181a6106f517108a1496d38977af736e923c903108b55c712ab51ed3
                                                                        • Instruction ID: d66520282380af791397b6f10f89494d4bc46a63f3068f3af4c5ac009ebb7f83
                                                                        • Opcode Fuzzy Hash: 891f0e32181a6106f517108a1496d38977af736e923c903108b55c712ab51ed3
                                                                        • Instruction Fuzzy Hash: E8213832104129A6D731BA389C12FB773DCFFA5304F144026FB89DB141EB559D45C296
                                                                        Function 009237B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00923840
                                                                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00923850
                                                                        • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00923876
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$MoveWindow
                                                                        • String ID: Listbox
                                                                        • API String ID: 3315199576-2633736733
                                                                        • Opcode ID: 903ad6bc47a7ea7c9f9c38b7333a55f777521af78d38db5c34323c2eaca2f31d
                                                                        • Instruction ID: bb7f2a593fe41276362a9338c56a98038bcc772df979cba5d3116759fb34e168
                                                                        • Opcode Fuzzy Hash: 903ad6bc47a7ea7c9f9c38b7333a55f777521af78d38db5c34323c2eaca2f31d
                                                                        • Instruction Fuzzy Hash: A421D172610228BBEF218F64EC81FBB376EEF89754F10C124F9009B194C675DC528BA0
                                                                        Function 009049F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00904A08
                                                                        • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00904A5C
                                                                        • SetErrorMode.KERNEL32(00000000,?,?,0092CC08), ref: 00904AD0
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorMode$InformationVolume
                                                                        • String ID: %lu
                                                                        • API String ID: 2507767853-685833217
                                                                        • Opcode ID: f37deec56e36ecc44e0012fb885a0c07e9d500751041ad3f3180f8165a89e3bb
                                                                        • Instruction ID: 52583334355338b68ca4b17d1fdfb5540d3687894e3a4977e8198370ac9cba5f
                                                                        • Opcode Fuzzy Hash: f37deec56e36ecc44e0012fb885a0c07e9d500751041ad3f3180f8165a89e3bb
                                                                        • Instruction Fuzzy Hash: 19313075A04109AFDB10DF58C885EAE77F8EF44308F1480A9F905DB252D771ED46CB62
                                                                        Function 009241EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0092424F
                                                                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00924264
                                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00924271
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend
                                                                        • String ID: msctls_trackbar32
                                                                        • API String ID: 3850602802-1010561917
                                                                        • Opcode ID: c204212f5b2aab71b01fc1f58505fc567bfbb66cef6b27d9523dcac92ad1aa71
                                                                        • Instruction ID: 859b0fbdb49f8756b09a404f2614ce29490bdd408a37c71bb27523a74adc9c37
                                                                        • Opcode Fuzzy Hash: c204212f5b2aab71b01fc1f58505fc567bfbb66cef6b27d9523dcac92ad1aa71
                                                                        • Instruction Fuzzy Hash: 0F110231240218BEEF209F69DC06FAB3BACEF95B64F010524FA55E20A0D2B1DC619B60
                                                                        Function 008F2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                          • Part of subcall function 008F2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 008F2DC5
                                                                          • Part of subcall function 008F2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 008F2DD6
                                                                          • Part of subcall function 008F2DA7: GetCurrentThreadId.KERNEL32 ref: 008F2DDD
                                                                          • Part of subcall function 008F2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 008F2DE4
                                                                        • GetFocus.USER32 ref: 008F2F78
                                                                          • Part of subcall function 008F2DEE: GetParent.USER32(00000000), ref: 008F2DF9
                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 008F2FC3
                                                                        • EnumChildWindows.USER32(?,008F303B), ref: 008F2FEB
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                        • String ID: %s%d
                                                                        • API String ID: 1272988791-1110647743
                                                                        • Opcode ID: 5e3ccc3fa9890d249e6728b6157e5ccd4c203776fd56e31437d4331902cff76d
                                                                        • Instruction ID: 64e0b0b8af70665d11d9ff2456bd06aa49a0bed4a8f783f184a6d5421a6be198
                                                                        • Opcode Fuzzy Hash: 5e3ccc3fa9890d249e6728b6157e5ccd4c203776fd56e31437d4331902cff76d
                                                                        • Instruction Fuzzy Hash: B11190B16002096BCF14BF788C85EFD376AFF84314F044075BA09EB252EE70994A9B71
                                                                        Function 00925882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009258C1
                                                                        • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009258EE
                                                                        • DrawMenuBar.USER32(?), ref: 009258FD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$InfoItem$Draw
                                                                        • String ID: 0
                                                                        • API String ID: 3227129158-4108050209
                                                                        • Opcode ID: ac3a385fb4b000c95b301116d84a4e400fe7edb6a3cc20093f0bc599630e6180
                                                                        • Instruction ID: 8fab075a7c3c769a971878585ea293976800cc36107eb0c203718a32f7588d0a
                                                                        • Opcode Fuzzy Hash: ac3a385fb4b000c95b301116d84a4e400fe7edb6a3cc20093f0bc599630e6180
                                                                        • Instruction Fuzzy Hash: AC01C031514228EFDB209F51EC44FAEBBB8FF45360F108099F848DA165DB308A94EF21
                                                                        Function 008ED3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 008ED3BF
                                                                        • FreeLibrary.KERNEL32 ref: 008ED3E5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AddressFreeLibraryProc
                                                                        • String ID: GetSystemWow64DirectoryW$X64
                                                                        • API String ID: 3013587201-2590602151
                                                                        • Opcode ID: 74849476ac59ca70e728ae875e0f080d4ca115f6beb6b6416f8e90d6ea32c305
                                                                        • Instruction ID: 91ced510ec9539a3fb5908540f2794317a951b155fa1ba4f4062fcc059781c8c
                                                                        • Opcode Fuzzy Hash: 74849476ac59ca70e728ae875e0f080d4ca115f6beb6b6416f8e90d6ea32c305
                                                                        • Instruction Fuzzy Hash: F9F0ABB190EB71DBD33152134C5496E3320FF03706B588115FA02E624AE720CD4E82E2
                                                                        Function 008F007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 82fd82c879ba3e2ce31200dd62e86fd83288cb32c85ae1efcdf299202c12ba24
                                                                        • Instruction ID: 4130767e3c14e18ebe636a3cab7592b375abbdb4300e7b0c8d3d5072d138eb31
                                                                        • Opcode Fuzzy Hash: 82fd82c879ba3e2ce31200dd62e86fd83288cb32c85ae1efcdf299202c12ba24
                                                                        • Instruction Fuzzy Hash: ADC12A75A0021AEFDB15CFA4C894ABEB7B5FF48704F208598E605EB252D731ED81DB90
                                                                        Function 008C3E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: __alldvrm$_strrchr
                                                                        • String ID:
                                                                        • API String ID: 1036877536-0
                                                                        • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                        • Instruction ID: c08e07e51b4fd94e79180bc41c65dcaf2998f5b0c10ab6e6b2f9086b70116184
                                                                        • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                        • Instruction Fuzzy Hash: 9CA13571E107869FDB21CE18C8A1FAABBF5FF65350F18816EE585DB282C634C982C751
                                                                        Function 0091342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearInitInitializeUninitialize
                                                                        • String ID:
                                                                        • API String ID: 1998397398-0
                                                                        • Opcode ID: 65f288a40c5ab73a70cac958fc35b6087887df398d59b48e7b6305a1d4620310
                                                                        • Instruction ID: 742f202015e15bc9f9fc1bf0996dde310161d19123fc40c7d44675c433d21e2c
                                                                        • Opcode Fuzzy Hash: 65f288a40c5ab73a70cac958fc35b6087887df398d59b48e7b6305a1d4620310
                                                                        • Instruction Fuzzy Hash: E1A13A753082049FDB10EF28C585A6AB7E5FF88710F098859F98ADB362DB30ED45CB52
                                                                        Function 008F0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0092FC08,?), ref: 008F05F0
                                                                        • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0092FC08,?), ref: 008F0608
                                                                        • CLSIDFromProgID.OLE32(?,?,00000000,0092CC40,000000FF,?,00000000,00000800,00000000,?,0092FC08,?), ref: 008F062D
                                                                        • _memcmp.LIBVCRUNTIME ref: 008F064E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FromProg$FreeTask_memcmp
                                                                        • String ID:
                                                                        • API String ID: 314563124-0
                                                                        • Opcode ID: 9bad9861abfa99440f53a438982106ed930d28ce6e0eba9738933c111f0763b0
                                                                        • Instruction ID: 26ce51c5aff3e83f511b9377f9417743ca22f17b4ca6402062f8b1063042c107
                                                                        • Opcode Fuzzy Hash: 9bad9861abfa99440f53a438982106ed930d28ce6e0eba9738933c111f0763b0
                                                                        • Instruction Fuzzy Hash: 1481D975A00209EFCB04DFA4C984DEEB7B9FF89315B204558E616EB251DB71AE06CF60
                                                                        Function 0091A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 0091A6AC
                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 0091A6BA
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 0091A79C
                                                                        • CloseHandle.KERNEL32(00000000), ref: 0091A7AB
                                                                          • Part of subcall function 008ACE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,008D3303,?), ref: 008ACE8A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                        • String ID:
                                                                        • API String ID: 1991900642-0
                                                                        • Opcode ID: 00dbfd6d3a97aa11d443a4113d710079b78675a4f079ad7a72a13ac126ef109f
                                                                        • Instruction ID: 86b233e5b4786c7cd723c5340a458d6f8b93d5101d43d6bb31081086cbb7fa6f
                                                                        • Opcode Fuzzy Hash: 00dbfd6d3a97aa11d443a4113d710079b78675a4f079ad7a72a13ac126ef109f
                                                                        • Instruction Fuzzy Hash: B5512B71608300AFD710EF28C886A6BBBE8FF89754F44492DF595D7252EB70E904CB92
                                                                        Function 008D1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _free
                                                                        • String ID:
                                                                        • API String ID: 269201875-0
                                                                        • Opcode ID: 89070ddf0fdda9ee470bb391120bc39a19c4b3944ebb2fb53891fad9bfcd25a4
                                                                        • Instruction ID: 1a1279d3e089065fa9cfddb69c944f2229467312d94438136aa2f59905e33132
                                                                        • Opcode Fuzzy Hash: 89070ddf0fdda9ee470bb391120bc39a19c4b3944ebb2fb53891fad9bfcd25a4
                                                                        • Instruction Fuzzy Hash: 47412475A00504BBDF256ABD9C4EAAE3BB7FF41330F24432BF418D2392E67488415267
                                                                        Function 00926278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetWindowRect.USER32(?,?), ref: 009262E2
                                                                        • ScreenToClient.USER32(?,?), ref: 00926315
                                                                        • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00926382
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ClientMoveRectScreen
                                                                        • String ID:
                                                                        • API String ID: 3880355969-0
                                                                        • Opcode ID: 6b30a8aa40d2b6126ed9fbf550d9b704b5868d3a4114cee7ed26577e57fc5910
                                                                        • Instruction ID: 798bface995f71b5cf6cd1ac41f0f252c0ad0f7197750c5d839f295922deb718
                                                                        • Opcode Fuzzy Hash: 6b30a8aa40d2b6126ed9fbf550d9b704b5868d3a4114cee7ed26577e57fc5910
                                                                        • Instruction Fuzzy Hash: A6512B74900219EFCF24DF68E880AAE7BB9FF45360F108159F855976A4D730AD41DB90
                                                                        Function 00911AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • socket.WSOCK32(00000002,00000002,00000011), ref: 00911AFD
                                                                        • WSAGetLastError.WSOCK32 ref: 00911B0B
                                                                        • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00911B8A
                                                                        • WSAGetLastError.WSOCK32 ref: 00911B94
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLast$socket
                                                                        • String ID:
                                                                        • API String ID: 1881357543-0
                                                                        • Opcode ID: 601bca06601fcda3590bbf91bb3637ed9d92aff5db98ff84313f464c447f84b6
                                                                        • Instruction ID: 59caa3116eee64fede5f6db0402b6df154ed850fc9040ffe5ca55cc64c2faa40
                                                                        • Opcode Fuzzy Hash: 601bca06601fcda3590bbf91bb3637ed9d92aff5db98ff84313f464c447f84b6
                                                                        • Instruction Fuzzy Hash: 5141D5747402006FEB20AF24C886F6977E5FB44718F588458F6199F7D2D772ED818B91
                                                                        Function 008CB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bac22f416fec5f2bf2208fe80ca2d466cadaf261f1b52cd597e293bec2ca1e98
                                                                        • Instruction ID: e72b8d36d85f8e7ebf2f4de132728259fb73fa95fd62b10238296a765e08dc96
                                                                        • Opcode Fuzzy Hash: bac22f416fec5f2bf2208fe80ca2d466cadaf261f1b52cd597e293bec2ca1e98
                                                                        • Instruction Fuzzy Hash: 0041C175A04B04AFD7289F7CC842FAABBB9FB88710F10862EF141DB282D771D9018781
                                                                        Function 009056D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00905783
                                                                        • GetLastError.KERNEL32(?,00000000), ref: 009057A9
                                                                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 009057CE
                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 009057FA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                                        • String ID:
                                                                        • API String ID: 3321077145-0
                                                                        • Opcode ID: e3e8e560df0a048135829d047a4dc9211116fbecbbe0354182028d773b3090f5
                                                                        • Instruction ID: 5385bc8e31355a438028d2b0756fcd2278fc72a1f741eea3d6697b52e461d3f2
                                                                        • Opcode Fuzzy Hash: e3e8e560df0a048135829d047a4dc9211116fbecbbe0354182028d773b3090f5
                                                                        • Instruction Fuzzy Hash: 2B410935614610DFCF11EF19C544A1EBBE5FF89320B1A8488E84A9B362CB34FD419B92
                                                                        Function 008CD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,008B6D71,00000000,00000000,008B82D9,?,008B82D9,?,00000001,008B6D71,8BE85006,00000001,008B82D9,008B82D9), ref: 008CD910
                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008CD999
                                                                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 008CD9AB
                                                                        • __freea.LIBCMT ref: 008CD9B4
                                                                          • Part of subcall function 008C3820: RtlAllocateHeap.NTDLL(00000000,?,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6,?,00891129), ref: 008C3852
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                        • String ID:
                                                                        • API String ID: 2652629310-0
                                                                        • Opcode ID: 9c1ec47517e66a7a9cac3521f4e9b84053197cb04568473857172fabddd0a503
                                                                        • Instruction ID: f079282be524134ace47738c51287a74fd8e35d494c0b509a7050da71d6da63f
                                                                        • Opcode Fuzzy Hash: 9c1ec47517e66a7a9cac3521f4e9b84053197cb04568473857172fabddd0a503
                                                                        • Instruction Fuzzy Hash: 0C31AD72A0020AABDF24EF69DC85EAE7BB5FB41310B05426CFC04DA291EB35CD55CB91
                                                                        Function 009252C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00925352
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00925375
                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00925382
                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009253A8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: LongWindow$InvalidateMessageRectSend
                                                                        • String ID:
                                                                        • API String ID: 3340791633-0
                                                                        • Opcode ID: d5eabcf720bd80113ef99abef95dbf76e888e3d428370175af2a221caceb8894
                                                                        • Instruction ID: e9e29a58f8dca7897d40da7ea534f2dfb486d59b99833f767306e52895e082f7
                                                                        • Opcode Fuzzy Hash: d5eabcf720bd80113ef99abef95dbf76e888e3d428370175af2a221caceb8894
                                                                        • Instruction Fuzzy Hash: 6331F670A69A28EFEF34DF14EC05FE83769AB043D0F596401FA10961E4C7B49D40EB81
                                                                        Function 008FAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 008FABF1
                                                                        • SetKeyboardState.USER32(00000080,?,00008000), ref: 008FAC0D
                                                                        • PostMessageW.USER32(00000000,00000101,00000000), ref: 008FAC74
                                                                        • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 008FACC6
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                        • String ID:
                                                                        • API String ID: 432972143-0
                                                                        • Opcode ID: c68e3abd3e4f788650584ce442043a80a16b798156a7cf98bf845534ad52238f
                                                                        • Instruction ID: a6fac4739232d13d0a6ebad90cf6ba2d9becfb0c7119e95d927b2228646300dd
                                                                        • Opcode Fuzzy Hash: c68e3abd3e4f788650584ce442043a80a16b798156a7cf98bf845534ad52238f
                                                                        • Instruction Fuzzy Hash: 583116B0A0471CAFEB388B75CC047FE7AA5FB49320F04421AE689D22D0D37589859752
                                                                        Function 00927674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ClientToScreen.USER32(?,?), ref: 0092769A
                                                                        • GetWindowRect.USER32(?,?), ref: 00927710
                                                                        • PtInRect.USER32(?,?,00928B89), ref: 00927720
                                                                        • MessageBeep.USER32(00000000), ref: 0092778C
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                                        • String ID:
                                                                        • API String ID: 1352109105-0
                                                                        • Opcode ID: 1a7f5894a961813bf3d387967eea9afa8ce53fa52048ae5c671b2d20f44eb78c
                                                                        • Instruction ID: bfddaac8164bbb246eb0ffafecfbecf5c625249e7f449b394fe14045c6415a16
                                                                        • Opcode Fuzzy Hash: 1a7f5894a961813bf3d387967eea9afa8ce53fa52048ae5c671b2d20f44eb78c
                                                                        • Instruction Fuzzy Hash: BA41BF34609225DFCB11CF98E894EA9B7F8FF49304F1840A8E814EB269C370E942DF90
                                                                        Function 009216DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetForegroundWindow.USER32 ref: 009216EB
                                                                          • Part of subcall function 008F3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 008F3A57
                                                                          • Part of subcall function 008F3A3D: GetCurrentThreadId.KERNEL32 ref: 008F3A5E
                                                                          • Part of subcall function 008F3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008F25B3), ref: 008F3A65
                                                                        • GetCaretPos.USER32(?), ref: 009216FF
                                                                        • ClientToScreen.USER32(00000000,?), ref: 0092174C
                                                                        • GetForegroundWindow.USER32 ref: 00921752
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                        • String ID:
                                                                        • API String ID: 2759813231-0
                                                                        • Opcode ID: 569325f60ef5cadb35debbecf0baab3b7162b148bde2ece5391a56d5869d3013
                                                                        • Instruction ID: f7e41268c6ca2ba7f501f07f915b7499d5e9f874fb4aeb573265cd53d5c692f0
                                                                        • Opcode Fuzzy Hash: 569325f60ef5cadb35debbecf0baab3b7162b148bde2ece5391a56d5869d3013
                                                                        • Instruction Fuzzy Hash: 98314171D00159AFCB10EFAAC881CAEB7FDFF88304B548069E415E7211EB319E45CBA1
                                                                        Function 008FDF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00897620: _wcslen.LIBCMT ref: 00897625
                                                                        • _wcslen.LIBCMT ref: 008FDFCB
                                                                        • _wcslen.LIBCMT ref: 008FDFE2
                                                                        • _wcslen.LIBCMT ref: 008FE00D
                                                                        • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 008FE018
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _wcslen$ExtentPoint32Text
                                                                        • String ID:
                                                                        • API String ID: 3763101759-0
                                                                        • Opcode ID: 13082c45e68b9fdc1df9807538e2155f31a28104065b44cb4cfaca81e2e2beff
                                                                        • Instruction ID: 122450ede1d2ba2a19eebcac1bc8d72507a6c5faf3094ba1e68eb5605a7e3f60
                                                                        • Opcode Fuzzy Hash: 13082c45e68b9fdc1df9807538e2155f31a28104065b44cb4cfaca81e2e2beff
                                                                        • Instruction Fuzzy Hash: 3E219471900618AFCB219FA8D982BBE77F8FF85750F144065EA05FB352D6709E41CBA2
                                                                        Function 00928FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                        • GetCursorPos.USER32(?), ref: 00929001
                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,008E7711,?,?,?,?,?), ref: 00929016
                                                                        • GetCursorPos.USER32(?), ref: 0092905E
                                                                        • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,008E7711,?,?,?), ref: 00929094
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                        • String ID:
                                                                        • API String ID: 2864067406-0
                                                                        • Opcode ID: c69698f5cee9c2f3ecf27dabacb501b6cdb5bd8aaa9ac061e8e31e3811d93e73
                                                                        • Instruction ID: 32ba5bd4a1cd5ccaf7a5c060a8f8ec7ddd98a88ba959f6d9f5d89c4e1622b8b7
                                                                        • Opcode Fuzzy Hash: c69698f5cee9c2f3ecf27dabacb501b6cdb5bd8aaa9ac061e8e31e3811d93e73
                                                                        • Instruction Fuzzy Hash: C521D131611028EFDB258F98EC58EFA3BB9FF8A360F044159F90587261C3359991EBA0
                                                                        Function 008FD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetFileAttributesW.KERNEL32(?,0092CB68), ref: 008FD2FB
                                                                        • GetLastError.KERNEL32 ref: 008FD30A
                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 008FD319
                                                                        • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0092CB68), ref: 008FD376
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CreateDirectory$AttributesErrorFileLast
                                                                        • String ID:
                                                                        • API String ID: 2267087916-0
                                                                        • Opcode ID: 7e0b90c92b7e803adc11f673bad25db16fbfd1bae55d82375e3bc6a9f1719332
                                                                        • Instruction ID: 0f260e00316c9bdcbc2e5c2c4ec768b623e05182feebf32697b9a5932b1ee261
                                                                        • Opcode Fuzzy Hash: 7e0b90c92b7e803adc11f673bad25db16fbfd1bae55d82375e3bc6a9f1719332
                                                                        • Instruction Fuzzy Hash: 43217E715093059F8710EF38C88186E77E5FE55324F244A1DF6A9C32A1EB31D946CB93
                                                                        Function 008F1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008F1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 008F102A
                                                                          • Part of subcall function 008F1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 008F1036
                                                                          • Part of subcall function 008F1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008F1045
                                                                          • Part of subcall function 008F1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 008F104C
                                                                          • Part of subcall function 008F1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008F1062
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 008F15BE
                                                                        • _memcmp.LIBVCRUNTIME ref: 008F15E1
                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F1617
                                                                        • HeapFree.KERNEL32(00000000), ref: 008F161E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                        • String ID:
                                                                        • API String ID: 1592001646-0
                                                                        • Opcode ID: b4e1d2e701957b8902b02fc8172f477efa40ffa9767dfb803465ae2afad638e1
                                                                        • Instruction ID: c8f79198c2246d97357567c91d74550cb1ecc7df74b7e8ceb5b42ce836940ce2
                                                                        • Opcode Fuzzy Hash: b4e1d2e701957b8902b02fc8172f477efa40ffa9767dfb803465ae2afad638e1
                                                                        • Instruction Fuzzy Hash: D6215571E00108EBDF10DFA4C949BEEB7B8FF94344F084459E541EB241E735AA05DBA0
                                                                        Function 00922782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 0092280A
                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00922824
                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00922832
                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00922840
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Long$AttributesLayered
                                                                        • String ID:
                                                                        • API String ID: 2169480361-0
                                                                        • Opcode ID: d502cc79dbac718b5ce954c0db0225e34ddc3cf8c5c2d06b34008606c81a48ee
                                                                        • Instruction ID: a37063b9e522e960bc4e8f15effb0a8112a9cf4468e2279113067c982a12e8a0
                                                                        • Opcode Fuzzy Hash: d502cc79dbac718b5ce954c0db0225e34ddc3cf8c5c2d06b34008606c81a48ee
                                                                        • Instruction Fuzzy Hash: 0E21D331209121BFD714AB24EC44FAA7B99EF85324F148258F426CB6E2CB75FC42CB90
                                                                        Function 008F78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008F8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,008F790A,?,000000FF,?,008F8754,00000000,?,0000001C,?,?), ref: 008F8D8C
                                                                          • Part of subcall function 008F8D7D: lstrcpyW.KERNEL32(00000000,?), ref: 008F8DB2
                                                                          • Part of subcall function 008F8D7D: lstrcmpiW.KERNEL32(00000000,?,008F790A,?,000000FF,?,008F8754,00000000,?,0000001C,?,?), ref: 008F8DE3
                                                                        • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,008F8754,00000000,?,0000001C,?,?,00000000), ref: 008F7923
                                                                        • lstrcpyW.KERNEL32(00000000,?), ref: 008F7949
                                                                        • lstrcmpiW.KERNEL32(00000002,cdecl,?,008F8754,00000000,?,0000001C,?,?,00000000), ref: 008F7984
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: lstrcmpilstrcpylstrlen
                                                                        • String ID: cdecl
                                                                        • API String ID: 4031866154-3896280584
                                                                        • Opcode ID: 7fffa8f558c4bbf101a560a9c1c034e57f11ba9008176e73b10f1a863af6ed88
                                                                        • Instruction ID: 59872374963902ac81e67198721e3df609d09ca7b130a801a4debf293a721292
                                                                        • Opcode Fuzzy Hash: 7fffa8f558c4bbf101a560a9c1c034e57f11ba9008176e73b10f1a863af6ed88
                                                                        • Instruction Fuzzy Hash: 0611293A304305AFEB259F39CC45D7A77A5FF85350B40402AFA02CB2A5EB759811D791
                                                                        Function 00927CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00927D0B
                                                                        • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00927D2A
                                                                        • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00927D42
                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0090B7AD,00000000), ref: 00927D6B
                                                                          • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Long
                                                                        • String ID:
                                                                        • API String ID: 847901565-0
                                                                        • Opcode ID: 3fa4e5a4fea251a3521ddaba4b3045c0b620fef0b8f3f1a3b76c791afe5d33a4
                                                                        • Instruction ID: 389961a5b4fcd88ce375810800a1ca7647df326802876eae9373a06a2de5e052
                                                                        • Opcode Fuzzy Hash: 3fa4e5a4fea251a3521ddaba4b3045c0b620fef0b8f3f1a3b76c791afe5d33a4
                                                                        • Instruction Fuzzy Hash: 4111D231119625AFCB108F68EC04E6A7BA9AF46360B154728F835E72F4D7309951DB50
                                                                        Function 00925660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(?,00001060,?,00000004), ref: 009256BB
                                                                        • _wcslen.LIBCMT ref: 009256CD
                                                                        • _wcslen.LIBCMT ref: 009256D8
                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00925816
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend_wcslen
                                                                        • String ID:
                                                                        • API String ID: 455545452-0
                                                                        • Opcode ID: 6453d33c1820feb9e89b8dc1a04fe909a708f28de5743986acc7560e81473262
                                                                        • Instruction ID: dd84743543f980d5c2b708a66201f49f14c492795880fed0937b23c2d64866a8
                                                                        • Opcode Fuzzy Hash: 6453d33c1820feb9e89b8dc1a04fe909a708f28de5743986acc7560e81473262
                                                                        • Instruction Fuzzy Hash: 6211387560062896DF20DF65EC85AFE77BCFF10360F504426F915D6199E774CA84CB60
                                                                        Function 008C1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3fb6d26c475b6a8b5b92af036aa4ddda19e2b10b635d6c81d6fac47d33a00bf7
                                                                        • Instruction ID: a62a5d7f87af05d0f2a068882d801cb21cdb35a7e05092f79ac88993496767e2
                                                                        • Opcode Fuzzy Hash: 3fb6d26c475b6a8b5b92af036aa4ddda19e2b10b635d6c81d6fac47d33a00bf7
                                                                        • Instruction Fuzzy Hash: 31012CB2209A1A7EFA2126786CC5F67666DFF423B8B35032DF622D11D7DA70CC5051A1
                                                                        Function 008F1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 008F1A47
                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 008F1A59
                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 008F1A6F
                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 008F1A8A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend
                                                                        • String ID:
                                                                        • API String ID: 3850602802-0
                                                                        • Opcode ID: 1dec06718db233bd0ca63044cb45a6e6d8dcaf9ca5d75fa99849ae18dd11ca30
                                                                        • Instruction ID: 750c48f9d343d9e45917f30a6592ac7c18023ee596236027b370e9a5d68159c7
                                                                        • Opcode Fuzzy Hash: 1dec06718db233bd0ca63044cb45a6e6d8dcaf9ca5d75fa99849ae18dd11ca30
                                                                        • Instruction Fuzzy Hash: C811F77A901229FFEF119BA5C985FADBB78FB08750F200091EA04B7290D7716E51DB94
                                                                        Function 008FE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetCurrentThreadId.KERNEL32 ref: 008FE1FD
                                                                        • MessageBoxW.USER32(?,?,?,?), ref: 008FE230
                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 008FE246
                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 008FE24D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                        • String ID:
                                                                        • API String ID: 2880819207-0
                                                                        • Opcode ID: 216f156306e76b2a8a0dcc422c5471e22bacffaf61431cca212f425ee7992e78
                                                                        • Instruction ID: d31aab29ede730631f3d2aab7e3e9ce5c24457fdc85029fbcf95c8e5a5013109
                                                                        • Opcode Fuzzy Hash: 216f156306e76b2a8a0dcc422c5471e22bacffaf61431cca212f425ee7992e78
                                                                        • Instruction Fuzzy Hash: 481108B2918258BBD7119FB89C05EAE7FACFB45320F144619F925E3391E2B0990097A0
                                                                        Function 008BD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateThread.KERNEL32(00000000,?,008BCFF9,00000000,00000004,00000000), ref: 008BD218
                                                                        • GetLastError.KERNEL32 ref: 008BD224
                                                                        • __dosmaperr.LIBCMT ref: 008BD22B
                                                                        • ResumeThread.KERNEL32(00000000), ref: 008BD249
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                        • String ID:
                                                                        • API String ID: 173952441-0
                                                                        • Opcode ID: 2f9bfb831f534cbb8ce986e377c24d36baab95e0f4a2b5f1fda2a4f16dedf7a7
                                                                        • Instruction ID: 3d9176804ee7190e17d038734e6780790144f707bfa095af7e4cf304e8d54cab
                                                                        • Opcode Fuzzy Hash: 2f9bfb831f534cbb8ce986e377c24d36baab95e0f4a2b5f1fda2a4f16dedf7a7
                                                                        • Instruction Fuzzy Hash: 1301C476405309BBCB215BA9DC05BEE7A69FF81330F104219F925D22D1EB71990196A1
                                                                        Function 00929EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                        • GetClientRect.USER32(?,?), ref: 00929F31
                                                                        • GetCursorPos.USER32(?), ref: 00929F3B
                                                                        • ScreenToClient.USER32(?,?), ref: 00929F46
                                                                        • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00929F7A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Client$CursorLongProcRectScreenWindow
                                                                        • String ID:
                                                                        • API String ID: 4127811313-0
                                                                        • Opcode ID: 9c1e42d0786ef6b40a1397f480ee5ccdd321cd51489754ee8195380d2659865f
                                                                        • Instruction ID: f535664f3eee255dbceff041aa3d4a08070f033030f57fc89c514883e20543dd
                                                                        • Opcode Fuzzy Hash: 9c1e42d0786ef6b40a1397f480ee5ccdd321cd51489754ee8195380d2659865f
                                                                        • Instruction Fuzzy Hash: C711337290422AABDB60DFA8E9899EE77B8FF45311F000455F911E3150D334BE86DBA1
                                                                        Function 0089600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0089604C
                                                                        • GetStockObject.GDI32(00000011), ref: 00896060
                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 0089606A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CreateMessageObjectSendStockWindow
                                                                        • String ID:
                                                                        • API String ID: 3970641297-0
                                                                        • Opcode ID: 3c32de1d6360b3bbeda2c5727e20c8255cccea8c33c6f6d4b7786b911dc35a5e
                                                                        • Instruction ID: 06475054b23b93f8439d38bc9ded5b8be98eb9c5b3cb40c4dc594ac5c3ab91d2
                                                                        • Opcode Fuzzy Hash: 3c32de1d6360b3bbeda2c5727e20c8255cccea8c33c6f6d4b7786b911dc35a5e
                                                                        • Instruction Fuzzy Hash: D51161B2505909BFEF225F949C94EEA7B6DFF183A4F080215FA14A2120D7329C60EB91
                                                                        Function 008B3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ___BuildCatchObject.LIBVCRUNTIME ref: 008B3B56
                                                                          • Part of subcall function 008B3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 008B3AD2
                                                                          • Part of subcall function 008B3AA3: ___AdjustPointer.LIBCMT ref: 008B3AED
                                                                        • _UnwindNestedFrames.LIBCMT ref: 008B3B6B
                                                                        • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 008B3B7C
                                                                        • CallCatchBlock.LIBVCRUNTIME ref: 008B3BA4
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                        • String ID:
                                                                        • API String ID: 737400349-0
                                                                        • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                        • Instruction ID: dd7f69345c1145cb169f70d04742fcbb0a6cc857663fc4095cc2161966690ea8
                                                                        • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                        • Instruction Fuzzy Hash: AE010C32100149BBDF126E99CC46EEB7F6DFF58764F054014FE48A6221D732E961EBA1
                                                                        Function 008C3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,008913C6,00000000,00000000,?,008C301A,008913C6,00000000,00000000,00000000,?,008C328B,00000006,FlsSetValue), ref: 008C30A5
                                                                        • GetLastError.KERNEL32(?,008C301A,008913C6,00000000,00000000,00000000,?,008C328B,00000006,FlsSetValue,00932290,FlsSetValue,00000000,00000364,?,008C2E46), ref: 008C30B1
                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,008C301A,008913C6,00000000,00000000,00000000,?,008C328B,00000006,FlsSetValue,00932290,FlsSetValue,00000000), ref: 008C30BF
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: LibraryLoad$ErrorLast
                                                                        • String ID:
                                                                        • API String ID: 3177248105-0
                                                                        • Opcode ID: 70f9b874865b3d9ff79edde9898a40747d0b89a130150700597576f379fac956
                                                                        • Instruction ID: 29dc78262edc63637ed034c8e8f9bfa9239c889f03a68f7f2133f3e3ae7d55ac
                                                                        • Opcode Fuzzy Hash: 70f9b874865b3d9ff79edde9898a40747d0b89a130150700597576f379fac956
                                                                        • Instruction Fuzzy Hash: E501FC73315A26ABC7314B78AC44F6777A8FF45761B108628F956D3140C731D903C6D0
                                                                        Function 008F7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 008F747F
                                                                        • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 008F7497
                                                                        • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 008F74AC
                                                                        • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 008F74CA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Type$Register$FileLoadModuleNameUser
                                                                        • String ID:
                                                                        • API String ID: 1352324309-0
                                                                        • Opcode ID: f1c816c952e505468976bba74103811dfc5b595a72b4ad07329a020740e51061
                                                                        • Instruction ID: edb388fe435087a25e7e9f651e0c7f1b922b3d6a469a16ace76bcb25da837505
                                                                        • Opcode Fuzzy Hash: f1c816c952e505468976bba74103811dfc5b595a72b4ad07329a020740e51061
                                                                        • Instruction Fuzzy Hash: 58118BB1209319ABF7309F24EC09BA67BFCFB00B04F108569E616D7191D7B0E944DBA4
                                                                        Function 008FB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,008FACD3,?,00008000), ref: 008FB0C4
                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,008FACD3,?,00008000), ref: 008FB0E9
                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,008FACD3,?,00008000), ref: 008FB0F3
                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,008FACD3,?,00008000), ref: 008FB126
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CounterPerformanceQuerySleep
                                                                        • String ID:
                                                                        • API String ID: 2875609808-0
                                                                        • Opcode ID: f2c60a7b782ab5fc113e9abb707f0399b3ee08d45f9dddb62f9d257473ca4d45
                                                                        • Instruction ID: 3f76639b403c8b03467e82f74c801e107f38e7731bde82dc8ff6df25c9fc562d
                                                                        • Opcode Fuzzy Hash: f2c60a7b782ab5fc113e9abb707f0399b3ee08d45f9dddb62f9d257473ca4d45
                                                                        • Instruction Fuzzy Hash: 30117970C08A2DEBCF10AFF4E9A96FEBB78FF49311F004085DA41B2281DB3046919B61
                                                                        Function 00927E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetWindowRect.USER32(?,?), ref: 00927E33
                                                                        • ScreenToClient.USER32(?,?), ref: 00927E4B
                                                                        • ScreenToClient.USER32(?,?), ref: 00927E6F
                                                                        • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00927E8A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ClientRectScreen$InvalidateWindow
                                                                        • String ID:
                                                                        • API String ID: 357397906-0
                                                                        • Opcode ID: bb0f57c91d2b1753e0054cc685b4041333757bc10b31b2e22ec2331839ffdbd0
                                                                        • Instruction ID: 4ae4962cc10eee0dd1d7a32f77d67d73ae68a21955ed522b8bb01b0bf597415d
                                                                        • Opcode Fuzzy Hash: bb0f57c91d2b1753e0054cc685b4041333757bc10b31b2e22ec2331839ffdbd0
                                                                        • Instruction Fuzzy Hash: D01160B9D0420AAFDB51CF98C884AEEBBF9FF08310F108066E911E2210D734AA55DF90
                                                                        Function 008F2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 008F2DC5
                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 008F2DD6
                                                                        • GetCurrentThreadId.KERNEL32 ref: 008F2DDD
                                                                        • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 008F2DE4
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                        • String ID:
                                                                        • API String ID: 2710830443-0
                                                                        • Opcode ID: 83dd3dd6f55e1ae36fdee80db46bc1a0fb7e97533fa8de9e01eef3d28ec7a98c
                                                                        • Instruction ID: 87a785268d23765320b9063e35b5056cb82876f106046326ef4e952040c1003e
                                                                        • Opcode Fuzzy Hash: 83dd3dd6f55e1ae36fdee80db46bc1a0fb7e97533fa8de9e01eef3d28ec7a98c
                                                                        • Instruction Fuzzy Hash: C6E06DB111962C7BE7302B729C0EEFB7E6CFB42BA1F400215B205D10809AA48842D6F0
                                                                        Function 00928863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008A9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 008A9693
                                                                          • Part of subcall function 008A9639: SelectObject.GDI32(?,00000000), ref: 008A96A2
                                                                          • Part of subcall function 008A9639: BeginPath.GDI32(?), ref: 008A96B9
                                                                          • Part of subcall function 008A9639: SelectObject.GDI32(?,00000000), ref: 008A96E2
                                                                        • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00928887
                                                                        • LineTo.GDI32(?,?,?), ref: 00928894
                                                                        • EndPath.GDI32(?), ref: 009288A4
                                                                        • StrokePath.GDI32(?), ref: 009288B2
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                        • String ID:
                                                                        • API String ID: 1539411459-0
                                                                        • Opcode ID: 610e930ac1e129eb4a5608cf87dc42dca45165be9538c8877888d124a3e2121e
                                                                        • Instruction ID: 8c8db0735fb03b45bca9111309acb2e33eb9c421d088ddf6ab4ae5483e0fde28
                                                                        • Opcode Fuzzy Hash: 610e930ac1e129eb4a5608cf87dc42dca45165be9538c8877888d124a3e2121e
                                                                        • Instruction Fuzzy Hash: B0F05E3605A668FAEF225F94BC0AFCE3F59AF06311F048000FA11A50E2C7B55522EFE5
                                                                        Function 008A98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetSysColor.USER32(00000008), ref: 008A98CC
                                                                        • SetTextColor.GDI32(?,?), ref: 008A98D6
                                                                        • SetBkMode.GDI32(?,00000001), ref: 008A98E9
                                                                        • GetStockObject.GDI32(00000005), ref: 008A98F1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Color$ModeObjectStockText
                                                                        • String ID:
                                                                        • API String ID: 4037423528-0
                                                                        • Opcode ID: 17d614107d90901e72335e0cb96e054e78f1ff6a5ca4cddd16df5d10a11ca089
                                                                        • Instruction ID: cc613b10b2ba7454426d4d5879d2da23f9ba84c9af7164d5a93a3698507a766e
                                                                        • Opcode Fuzzy Hash: 17d614107d90901e72335e0cb96e054e78f1ff6a5ca4cddd16df5d10a11ca089
                                                                        • Instruction Fuzzy Hash: 69E0657125C680AADB315B75AC09BED3F10FB12336F048219F6F5940E2C3714651AB11
                                                                        Function 008F162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetCurrentThread.KERNEL32 ref: 008F1634
                                                                        • OpenThreadToken.ADVAPI32(00000000,?,?,?,008F11D9), ref: 008F163B
                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,008F11D9), ref: 008F1648
                                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,008F11D9), ref: 008F164F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentOpenProcessThreadToken
                                                                        • String ID:
                                                                        • API String ID: 3974789173-0
                                                                        • Opcode ID: b4c41071408deff3d9416af61e6acc2934f530c8444e7ede1762d5fda7be2996
                                                                        • Instruction ID: 45d9d1e0f13b3042dbbf4779e1874588660ee1a3d7240a26efdbe0d31aab375a
                                                                        • Opcode Fuzzy Hash: b4c41071408deff3d9416af61e6acc2934f530c8444e7ede1762d5fda7be2996
                                                                        • Instruction Fuzzy Hash: 72E086B1655211DBDB301FB09D0DB5A3B7CFF54791F144808F345DA080D6388442D754
                                                                        Function 008ED858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetDesktopWindow.USER32 ref: 008ED858
                                                                        • GetDC.USER32(00000000), ref: 008ED862
                                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 008ED882
                                                                        • ReleaseDC.USER32(?), ref: 008ED8A3
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                        • String ID:
                                                                        • API String ID: 2889604237-0
                                                                        • Opcode ID: eb3103cd93b4075b57ee3a850edbd38abde5b2b4931f5a290020e80bf8c6cd86
                                                                        • Instruction ID: d1d083a760360a0b902bcd2a3f02459f12aad86d00a9109c261d778d1b5c5148
                                                                        • Opcode Fuzzy Hash: eb3103cd93b4075b57ee3a850edbd38abde5b2b4931f5a290020e80bf8c6cd86
                                                                        • Instruction Fuzzy Hash: DFE01AB1814209DFCF51AFA0D80C66DBBB1FB08710F148419F806E7250CB385902AF40
                                                                        Function 008ED86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetDesktopWindow.USER32 ref: 008ED86C
                                                                        • GetDC.USER32(00000000), ref: 008ED876
                                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 008ED882
                                                                        • ReleaseDC.USER32(?), ref: 008ED8A3
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                        • String ID:
                                                                        • API String ID: 2889604237-0
                                                                        • Opcode ID: 75315b9e7f102a52682c9c249b48fc9222a21a04290f68dfdaae7900e117d80b
                                                                        • Instruction ID: 4e2351a7cd76e5f7e7912e87894e0742cf4ba641740ac6d54a06fc148bd825c9
                                                                        • Opcode Fuzzy Hash: 75315b9e7f102a52682c9c249b48fc9222a21a04290f68dfdaae7900e117d80b
                                                                        • Instruction Fuzzy Hash: E4E046B1C18209EFCF60AFA0D80C66DBBB1FF08710F148008F80AE7250CB385902AF80
                                                                        Function 00904D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00897620: _wcslen.LIBCMT ref: 00897625
                                                                        • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00904ED4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Connection_wcslen
                                                                        • String ID: *$LPT
                                                                        • API String ID: 1725874428-3443410124
                                                                        • Opcode ID: 76184b12203a9724cc86d0f64bf28e606770f61b9623e736a0fda5552d2aa657
                                                                        • Instruction ID: 183ef9c6edd7a807e40c2337f49914a303ca38fe1b03c4fac9d790e340152397
                                                                        • Opcode Fuzzy Hash: 76184b12203a9724cc86d0f64bf28e606770f61b9623e736a0fda5552d2aa657
                                                                        • Instruction Fuzzy Hash: 009151B5A042059FCB14DF58C484EAABBF5FF44304F198099E60A9F3A2D735ED85CB91
                                                                        Function 008BE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • __startOneArgErrorHandling.LIBCMT ref: 008BE30D
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorHandling__start
                                                                        • String ID: pow
                                                                        • API String ID: 3213639722-2276729525
                                                                        • Opcode ID: c726548844aef3ce719b6865fd9411d52276f7a285e14f39cf8f14852e957594
                                                                        • Instruction ID: 20fa2c59e782c4ba88b6bda300176c5591e2a39a43cb647f16fe087a964c32b4
                                                                        • Opcode Fuzzy Hash: c726548844aef3ce719b6865fd9411d52276f7a285e14f39cf8f14852e957594
                                                                        • Instruction Fuzzy Hash: 9F515B61A1C6069ADB117718C941BFA2BF4FB40B40F34896CF096C23ADDB35CC959E86
                                                                        Function 008AE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: #
                                                                        • API String ID: 0-1885708031
                                                                        • Opcode ID: 97dccae56cb8ee8da10713373f8c5abe5e5b9a90e185ffa66c0fad642bf68bea
                                                                        • Instruction ID: f8ef2165b607d9e03b634b0d2b661fe02970c1cecece70b989dd2e5764a190c4
                                                                        • Opcode Fuzzy Hash: 97dccae56cb8ee8da10713373f8c5abe5e5b9a90e185ffa66c0fad642bf68bea
                                                                        • Instruction Fuzzy Hash: 2451127550429ADFEF25EF29C881ABA7BA8FF57310F244459FC91DB280D6309D42CB91
                                                                        Function 008AF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • Sleep.KERNEL32(00000000), ref: 008AF2A2
                                                                        • GlobalMemoryStatusEx.KERNEL32(?), ref: 008AF2BB
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: GlobalMemorySleepStatus
                                                                        • String ID: @
                                                                        • API String ID: 2783356886-2766056989
                                                                        • Opcode ID: 396f1206c0c46b536047595e3d402307e9cf826c3e9a3e76436dec83b30b7549
                                                                        • Instruction ID: ce6f411bf9a209eaf79de95eb4acaef18f4010aae72db4202a84a3f047b74edf
                                                                        • Opcode Fuzzy Hash: 396f1206c0c46b536047595e3d402307e9cf826c3e9a3e76436dec83b30b7549
                                                                        • Instruction Fuzzy Hash: 3F51677241C7449BD720AF14D886BAFBBF8FB85300F85884CF29981195EB718569CB67
                                                                        Function 00915745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 009157E0
                                                                        • _wcslen.LIBCMT ref: 009157EC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: BuffCharUpper_wcslen
                                                                        • String ID: CALLARGARRAY
                                                                        • API String ID: 157775604-1150593374
                                                                        • Opcode ID: 101ac242c2c44777a0d939033b51b05b8906464ffd37d8c7b36bd34d66332323
                                                                        • Instruction ID: d602f0fcccb00ac9e8b770eb5f7f8abfaa145aeaeffce3a017b3d67ec40abfbe
                                                                        • Opcode Fuzzy Hash: 101ac242c2c44777a0d939033b51b05b8906464ffd37d8c7b36bd34d66332323
                                                                        • Instruction Fuzzy Hash: 11417D71A00209DFCB14DFA9C8829EEBBB9FF99314F164169E505A72A1E7309D81CB91
                                                                        Function 0090D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _wcslen.LIBCMT ref: 0090D130
                                                                        • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0090D13A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CrackInternet_wcslen
                                                                        • String ID: |
                                                                        • API String ID: 596671847-2343686810
                                                                        • Opcode ID: 9ad3ba355ab9312cd5846891ae46684a41b1536d3762e4f6a43cfd7d9d8c631f
                                                                        • Instruction ID: 33c5594afe47378fce896c339df466befb8283bcf9c6d739f19472c644142d64
                                                                        • Opcode Fuzzy Hash: 9ad3ba355ab9312cd5846891ae46684a41b1536d3762e4f6a43cfd7d9d8c631f
                                                                        • Instruction Fuzzy Hash: 17311971D01219AFCF15EFE8CC85AEE7FB9FF04340F140019E815A6262EB31AA16DB51
                                                                        Function 0092356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DestroyWindow.USER32(?,?,?,?), ref: 00923621
                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0092365C
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$DestroyMove
                                                                        • String ID: static
                                                                        • API String ID: 2139405536-2160076837
                                                                        • Opcode ID: 884b6018a0eaf188b63333564dcf2242d194ba24d56c20d5efa6f6dfaf6d507b
                                                                        • Instruction ID: 3c6e0496939df917bd1463b9a8175ae3deff56ea1caa8e0628f72e13914536a2
                                                                        • Opcode Fuzzy Hash: 884b6018a0eaf188b63333564dcf2242d194ba24d56c20d5efa6f6dfaf6d507b
                                                                        • Instruction Fuzzy Hash: DD318F71110614AADB209F28EC81FBB73ADFF88724F108619F8A9D7280DA35AD91D760
                                                                        Function 00924537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0092461F
                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00924634
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend
                                                                        • String ID: '
                                                                        • API String ID: 3850602802-1997036262
                                                                        • Opcode ID: 85003bc60696edba0970cb855c5c5e9ad547417e6ac508106c4823099a3b4894
                                                                        • Instruction ID: e32b0d08dea804f7eb8f3b34eab4c4846ea30159e321d09be7f1e0b9f970ee41
                                                                        • Opcode Fuzzy Hash: 85003bc60696edba0970cb855c5c5e9ad547417e6ac508106c4823099a3b4894
                                                                        • Instruction Fuzzy Hash: 27314A74A0131A9FDF14CFA9D980BDA7BB9FF09300F14406AE904AB345D770A941CF90
                                                                        Function 009231EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0092327C
                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00923287
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend
                                                                        • String ID: Combobox
                                                                        • API String ID: 3850602802-2096851135
                                                                        • Opcode ID: 704d12aeadd0c078f551213144304156f8361c93d16cc908382c4e09f63dbab1
                                                                        • Instruction ID: 35abfb027a21a278ef5ba2c6b02abe55fadc2ab6f0e35d08433aa45c0a44dfb0
                                                                        • Opcode Fuzzy Hash: 704d12aeadd0c078f551213144304156f8361c93d16cc908382c4e09f63dbab1
                                                                        • Instruction Fuzzy Hash: 1E110471300218BFFF21DF94EC80EBB3B6EEB94364F108128F928A7294D6359D519760
                                                                        Function 00923710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 0089600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0089604C
                                                                          • Part of subcall function 0089600E: GetStockObject.GDI32(00000011), ref: 00896060
                                                                          • Part of subcall function 0089600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0089606A
                                                                        • GetWindowRect.USER32(00000000,?), ref: 0092377A
                                                                        • GetSysColor.USER32(00000012), ref: 00923794
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                        • String ID: static
                                                                        • API String ID: 1983116058-2160076837
                                                                        • Opcode ID: 57c62ec37b555fbefad97a555071acb8a64534806048a27fbdd303d71bbcddae
                                                                        • Instruction ID: e8a8300af1ff272f92cac695c1f4f4a7ba32b3b5dfdfc89effc6ef16af06e803
                                                                        • Opcode Fuzzy Hash: 57c62ec37b555fbefad97a555071acb8a64534806048a27fbdd303d71bbcddae
                                                                        • Instruction Fuzzy Hash: 821129B261021AAFDF10DFA8DC45EEE7BB8FB08314F004914F955E2250E775E861DB50
                                                                        Function 0090CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0090CD7D
                                                                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0090CDA6
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Internet$OpenOption
                                                                        • String ID: <local>
                                                                        • API String ID: 942729171-4266983199
                                                                        • Opcode ID: adb4467dd1f1cba49eb94e30712fa94470f1783abf24033a408e28cca90877e7
                                                                        • Instruction ID: bc4460c4de04dc3bc633fafda91496d0f483812ac28c95858cbd0b6cb006e0be
                                                                        • Opcode Fuzzy Hash: adb4467dd1f1cba49eb94e30712fa94470f1783abf24033a408e28cca90877e7
                                                                        • Instruction Fuzzy Hash: 3B11A0B1215631BED7384B668C49EE7BEACEF127A4F00472AB109930C0E6649885D6F0
                                                                        Function 00923429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetWindowTextLengthW.USER32(00000000), ref: 009234AB
                                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 009234BA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: LengthMessageSendTextWindow
                                                                        • String ID: edit
                                                                        • API String ID: 2978978980-2167791130
                                                                        • Opcode ID: feef85c44b3273d9faaf5d60dff90b1da49dc7881dbb9ac882c65b466c205cc3
                                                                        • Instruction ID: 5551a2ec559fce5342beab7cb2083a9c3832fa0b8cab1437240054476d5b39d7
                                                                        • Opcode Fuzzy Hash: feef85c44b3273d9faaf5d60dff90b1da49dc7881dbb9ac882c65b466c205cc3
                                                                        • Instruction Fuzzy Hash: 7211B271110118ABEB116F64EC40AAB376EEB04374F508754F961931E8C779DC519B50
                                                                        Function 008F6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                        • CharUpperBuffW.USER32(?,?,?), ref: 008F6CB6
                                                                        • _wcslen.LIBCMT ref: 008F6CC2
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _wcslen$BuffCharUpper
                                                                        • String ID: STOP
                                                                        • API String ID: 1256254125-2411985666
                                                                        • Opcode ID: c775227b405f7c1e56afca3c9a7c6a2994927e3312464c6333682fe6ed635c95
                                                                        • Instruction ID: b889a45e179380783792d39e0dd16872db8edb0861e8ac35aaa2f06abe476c0a
                                                                        • Opcode Fuzzy Hash: c775227b405f7c1e56afca3c9a7c6a2994927e3312464c6333682fe6ed635c95
                                                                        • Instruction Fuzzy Hash: 3C01C432A1052E9ACB20AFBDDC819BF77B5FB617147110628E9A2D6195FA32D920C650
                                                                        Function 008F1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                          • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 008F1D4C
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                        • String ID: ComboBox$ListBox
                                                                        • API String ID: 624084870-1403004172
                                                                        • Opcode ID: 35431c7f3c0d3f3ec9d9c8e603b31364b4fabc731a6214101600162ff7677709
                                                                        • Instruction ID: 0a7232112114af1511888f2b58acdf2c4166093011fd0cc40a439492bbe7d734
                                                                        • Opcode Fuzzy Hash: 35431c7f3c0d3f3ec9d9c8e603b31364b4fabc731a6214101600162ff7677709
                                                                        • Instruction Fuzzy Hash: EA019E7160121CAB8F18FBB9CC698FE73A8FB46354B04061EF962A72D1EA3159088661
                                                                        Function 008F1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                          • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 008F1C46
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                        • String ID: ComboBox$ListBox
                                                                        • API String ID: 624084870-1403004172
                                                                        • Opcode ID: 01aec8b75e8d8c6e306912170e59bb474f8d2614d2c9829cbc4c0db504ba23eb
                                                                        • Instruction ID: abacfa5fe9ed7903835757bdf3ed4032d8a35a9b5d64eb5501945c5438419398
                                                                        • Opcode Fuzzy Hash: 01aec8b75e8d8c6e306912170e59bb474f8d2614d2c9829cbc4c0db504ba23eb
                                                                        • Instruction Fuzzy Hash: A501847568110CA6CF14FBA9C9659FF77A8FB61344F140019EA56F7282EA209B08D6B2
                                                                        Function 008F1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                          • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 008F1CC8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                        • String ID: ComboBox$ListBox
                                                                        • API String ID: 624084870-1403004172
                                                                        • Opcode ID: 4a446b29b8aa5ae001f866b66e001c88d7215ce3cd707451f553d78ea8ca90ee
                                                                        • Instruction ID: c70b375d115e2d6a206ae9350af5aac3e2ee7cc38ae6c14e0ea95ddc90a7a618
                                                                        • Opcode Fuzzy Hash: 4a446b29b8aa5ae001f866b66e001c88d7215ce3cd707451f553d78ea8ca90ee
                                                                        • Instruction Fuzzy Hash: 8C01DB71A4011CA7CF14FBB9CE15AFE77A8FB11344F140019B952F3281EA219F08C672
                                                                        Function 008F1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                          • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                        • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 008F1DD3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                        • String ID: ComboBox$ListBox
                                                                        • API String ID: 624084870-1403004172
                                                                        • Opcode ID: c094a9082f924796f96d13966fe442360c8bf41040437831a0f607f8288af5ca
                                                                        • Instruction ID: 6e27e3044c3c43a1efd4ed41200dee472fb466408b8f271f0c69d6a45b6827a2
                                                                        • Opcode Fuzzy Hash: c094a9082f924796f96d13966fe442360c8bf41040437831a0f607f8288af5ca
                                                                        • Instruction Fuzzy Hash: 10F0A471A4121DA6DF14FBBDCC66AFE77B8FB41354F080919F962E32C2DA605A088261
                                                                        Function 0091747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: _wcslen
                                                                        • String ID: 3, 3, 16, 1
                                                                        • API String ID: 176396367-3042988571
                                                                        • Opcode ID: 51bdc0981eba0067d64e8bba9b0b7e7dadd657812850740f46de180f2bf04455
                                                                        • Instruction ID: 9ccb18a867a110d3cd584ac7405d563808b1caca59a5b7e87f4cefea30b0b062
                                                                        • Opcode Fuzzy Hash: 51bdc0981eba0067d64e8bba9b0b7e7dadd657812850740f46de180f2bf04455
                                                                        • Instruction Fuzzy Hash: 63E0931571521110533112BEACC25FFDA9EDFC57517141417F945C23B7D6548DD193A1
                                                                        Function 008F0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 008F0B23
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Message
                                                                        • String ID: AutoIt$Error allocating memory.
                                                                        • API String ID: 2030045667-4017498283
                                                                        • Opcode ID: 9b593980b8d1abdd9d6e1106e0bbc957cf8962f7eb4db1168596300f09734c9d
                                                                        • Instruction ID: 79d1b34979f8825693da7cd9c45fdfcd54ad2b71bbd0195dc54c43491d67ceb8
                                                                        • Opcode Fuzzy Hash: 9b593980b8d1abdd9d6e1106e0bbc957cf8962f7eb4db1168596300f09734c9d
                                                                        • Instruction Fuzzy Hash: 75E0D8712443183AD22437987C03F8D7AC4EF05B65F100426FB88D55C38AE164A006EB
                                                                        Function 008B0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 008AF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,008B0D71,?,?,?,0089100A), ref: 008AF7CE
                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,0089100A), ref: 008B0D75
                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0089100A), ref: 008B0D84
                                                                        Strings
                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 008B0D7F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                        • API String ID: 55579361-631824599
                                                                        • Opcode ID: e98187f232b8467cc365c7cd1f765f001b969a9d1dd04f8f425674ef77066a75
                                                                        • Instruction ID: d646998588b46130a2f3afb4fecbde7ce1920fd40d686c662604a90993414a1c
                                                                        • Opcode Fuzzy Hash: e98187f232b8467cc365c7cd1f765f001b969a9d1dd04f8f425674ef77066a75
                                                                        • Instruction Fuzzy Hash: 46E039B02007518BD7309FA8E4087867BE0FB00744F084A2DE492C6796DBB0E4499F91
                                                                        Function 00903017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0090302F
                                                                        • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00903044
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Temp$FileNamePath
                                                                        • String ID: aut
                                                                        • API String ID: 3285503233-3010740371
                                                                        • Opcode ID: d4012091efd5484bd595383e65a2380cf9f2718dcfc6d7b6bf61e24a1f63977f
                                                                        • Instruction ID: 0394b88951df0064eaec9f4940d163594cc46867615844116412a8ab2b47e187
                                                                        • Opcode Fuzzy Hash: d4012091efd5484bd595383e65a2380cf9f2718dcfc6d7b6bf61e24a1f63977f
                                                                        • Instruction Fuzzy Hash: 90D05EB2500328B7DA30A7A5AC0EFCB3A6CDB04751F4002A1BA65E2095DEB0D989CBD0
                                                                        Function 008ED21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: LocalTime
                                                                        • String ID: %.3d$X64
                                                                        • API String ID: 481472006-1077770165
                                                                        • Opcode ID: 29b5fccc01c1ac0aa2f55ecaf9d58f9d2ce7bc6c0da12847850a498f3443ee6f
                                                                        • Instruction ID: ff8db162e1a5e97f2d19b51c8341910749e4975a4092f31511a82fa09e5cd8f8
                                                                        • Opcode Fuzzy Hash: 29b5fccc01c1ac0aa2f55ecaf9d58f9d2ce7bc6c0da12847850a498f3443ee6f
                                                                        • Instruction Fuzzy Hash: 92D012A180834CE9CB5096E2DC458B9B37CFB0A345F508452FE16E1041D634E50D6761
                                                                        Function 00922322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0092232C
                                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0092233F
                                                                          • Part of subcall function 008FE97B: Sleep.KERNEL32 ref: 008FE9F3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FindMessagePostSleepWindow
                                                                        • String ID: Shell_TrayWnd
                                                                        • API String ID: 529655941-2988720461
                                                                        • Opcode ID: 82322f1408afeb82d1c8fb161d120173cc8cda0002a7367d1852b9836bcaf9e0
                                                                        • Instruction ID: fc6f4ea7844e00c6cff70682b6c522e98cc019e8476d8e7ef0982aac0d4d25bf
                                                                        • Opcode Fuzzy Hash: 82322f1408afeb82d1c8fb161d120173cc8cda0002a7367d1852b9836bcaf9e0
                                                                        • Instruction Fuzzy Hash: 79D0A9723A8300B6E274A730AC0FFCA6A04AB00B00F000A06B705AA0E0C8F0A8028A10
                                                                        Function 00922356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0092236C
                                                                        • PostMessageW.USER32(00000000), ref: 00922373
                                                                          • Part of subcall function 008FE97B: Sleep.KERNEL32 ref: 008FE9F3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FindMessagePostSleepWindow
                                                                        • String ID: Shell_TrayWnd
                                                                        • API String ID: 529655941-2988720461
                                                                        • Opcode ID: d899c4ceed68254f761c66023bfdba019560ae0b347000d421f9f6efded274e5
                                                                        • Instruction ID: 513052c7c9e4d86b2dcba99e51c63b9c590a32d61a2473f2823d5ebfbd0ef576
                                                                        • Opcode Fuzzy Hash: d899c4ceed68254f761c66023bfdba019560ae0b347000d421f9f6efded274e5
                                                                        • Instruction Fuzzy Hash: D0D0A972398300BAE274A730AC0FFCA6A04AB04B00F000A06B701EA0E0C8F0A8028A14
                                                                        Function 008CBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 008CBE93
                                                                        • GetLastError.KERNEL32 ref: 008CBEA1
                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008CBEFC
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1658288724.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                        • Associated: 00000000.00000002.1658022728.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659357339.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1659843365.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1660209975.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_890000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                        • String ID:
                                                                        • API String ID: 1717984340-0
                                                                        • Opcode ID: 592420267e7f047f2d6918299a6d4389c1436ca798cf8bcf1322cb577a9e8e7a
                                                                        • Instruction ID: e805b988fc35f49ccc34fe6ef4027bca71bf8c7ff91eadd3fe229f692f2db99d
                                                                        • Opcode Fuzzy Hash: 592420267e7f047f2d6918299a6d4389c1436ca798cf8bcf1322cb577a9e8e7a
                                                                        • Instruction Fuzzy Hash: 7141CF34614A16ABDB218FA8CC46FAA7BB4FF41720F14416DF959DB2A1DB30CC01DB61

                                                                        Execution Graph

                                                                        Execution Coverage:1%
                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                        Signature Coverage:100%
                                                                        Total number of Nodes:6
                                                                        Total number of Limit Nodes:0
                                                                        execution_graph 5105 1a5842496f7 5106 1a584249707 NtQuerySystemInformation 5105->5106 5107 1a5842496a4 5106->5107 5108 1a584366932 5109 1a584366989 NtQuerySystemInformation 5108->5109 5110 1a584364d04 5108->5110 5109->5110

                                                                        Callgraph

                                                                        Executed Functions

                                                                        Function 000001A5842496F7 Relevance: 8.4, APIs: 1, Instructions: 6852nativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000010.00000002.2906368728.000001A584247000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001A584247000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_16_2_1a584247000_firefox.jbxd
                                                                        Similarity
                                                                        • API ID: InformationQuerySystem
                                                                        • String ID:
                                                                        • API String ID: 3562636166-0
                                                                        • Opcode ID: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                        • Instruction ID: be3f4d54490b3137bf170c5814cdf60a1e048635a652c76321476014f68a4650
                                                                        • Opcode Fuzzy Hash: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                        • Instruction Fuzzy Hash: 22A3D531718A488BDB2DDF29DC857E977E5FB55300F04426EED4BC7252DE34EA428A82
                                                                        Function 000001A584245542 Relevance: .7, Instructions: 656COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 2953 1a584245542-1a584245a03 2955 1a584245a07-1a584245a09 2953->2955 2956 1a584245a0b-1a584245a42 2955->2956 2957 1a584245a5f-1a584245a91 2955->2957 2956->2957
                                                                        Memory Dump Source
                                                                        • Source File: 00000010.00000002.2906368728.000001A584245000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001A584245000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_16_2_1a584245000_firefox.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 50fce37a3ac4add4b41dd1858f5a37d59c54902073cd1adf2447a19620b83efb
                                                                        • Instruction ID: 21e45b9da4fdbb1d5bcf7348e8ff9e17c454981a9de014dd9589413bacd3918e
                                                                        • Opcode Fuzzy Hash: 50fce37a3ac4add4b41dd1858f5a37d59c54902073cd1adf2447a19620b83efb
                                                                        • Instruction Fuzzy Hash: 7B219F3150DB8C4FD746EF28C844A96BBE0FB5A310F0506AFE08AC32A2D638D9458782