Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1505467
MD5:9720060a0108d1a36b6f051e31353414
SHA1:b76f37758bddb8c2c42a640c4ebf395fb48b4375
SHA256:e00ec3523cb3f1729f64dc91a3f37b9db418b0a48f8c3a50eaf4f5a064ce28cc
Tags:exe
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection

Classification

  • System is w10x64
  • file.exe (PID: 1736 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 9720060A0108D1A36B6F051E31353414)
    • msedge.exe (PID: 2344 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 6748 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2180,i,11385975426524790474,2291032491079240300,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 3280 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 1280 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 6832 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7696 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20230927232528 -prefsHandle 2272 -prefMapHandle 2264 -prefsLen 25298 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfa01b6f-fa55-4040-aa0b-785369d38a76} 6832 "\\.\pipe\gecko-crash-server-pipe.6832" 22755a6e110 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 4464 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4532 -parentBuildID 20230927232528 -prefsHandle 4516 -prefMapHandle 3888 -prefsLen 26313 -prefMapSize 238442 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b8c35b2-355b-43e8-bc2c-ddf9c5e64bd7} 6832 "\\.\pipe\gecko-crash-server-pipe.6832" 22765d1cf10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 6192 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 4124 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2800 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8548 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6872 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8556 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7012 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9148 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6752 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8364 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7272 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8968 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7892 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8008 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7892 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: file.exeReversingLabs: Detection: 26%
Source: file.exeVirustotal: Detection: 28%Perma Link
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49775 version: TLS 1.0
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.8:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.8:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.65.39.31:443 -> 192.168.2.8:49784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.8:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.8:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49800 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49797 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49803 version: TLS 1.2
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A9DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00A9DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6C2A2 FindFirstFileExW,0_2_00A6C2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA68EE FindFirstFileW,FindClose,0_2_00AA68EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00AA698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A9D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00A9D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A9D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00A9D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00AA9642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00AA979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00AA9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00AA5C97
Source: firefox.exeMemory has grown: Private usage: 0MB later: 96MB
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewIP Address: 23.219.161.132 23.219.161.132
Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownHTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49775 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AACE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_00AACE44
Source: global trafficHTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=690438195&timestamp=1725609513689 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MTBHKczA2sLotkD&MD=RkYwNnal HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726214309&P2=404&P3=2&P4=O%2fpNuAiZNSYI4XIQUfSOTCiwltcz2p%2f8SpepG6ovVCzhorby60reVGx5WtBO2lzb6dUuTPXRM2mCEHyJ0PUKGA%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: S6cG+brGM4y5ndlTt0FJylSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MTBHKczA2sLotkD&MD=RkYwNnal HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591334837.0000022762C38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591334837.0000022762C38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: 0e8f1764-dfe5-4084-a4c1-d846bd854a0a.tmp.9.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372675107448475","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370176709704740","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372675109739744","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372675109855287","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372675114782505","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",true],"server":"https://accounts.youtube.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372675115938534","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372675115296635","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":258891},"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372675145242053","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://play.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372675116647746","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":237139},"server":"https://accounts.google.com"}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}} equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: firefox.exe, 00000006.00000003.1813760723.000002276549B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000006.00000003.1523400561.00000227663F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1818763082.00000227663F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 00000006.00000003.1523400561.00000227663F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1818763082.00000227663F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000006.00000003.1814558178.0000022762C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000006.00000003.1818763082.000002276636F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1890470433.000002276589E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000006.00000003.1818763082.000002276636F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1890470433.000002276589E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000006.00000003.1818763082.000002276636F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1890470433.000002276589E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000006.00000003.1818763082.000002276636F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1890470433.000002276589E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000006.00000003.1818763082.000002276636F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1890470433.000002276589E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.1818763082.000002276636F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1890470433.000002276589E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.1818763082.000002276636F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1890470433.000002276589E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000006.00000003.1818763082.000002276636F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1890470433.000002276589E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000006.00000003.1818763082.000002276636F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1890470433.000002276589E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.1818763082.000002276636F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1890470433.000002276589E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1813310522.0000022765823000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.1818763082.000002276636F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1890470433.000002276589E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.1813504731.0000022765816000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org0
Source: firefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627683979.0000022763A8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000006.00000003.1523400561.00000227663F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1818763082.00000227663F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 00000006.00000003.1819700324.0000022761BD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000006.00000003.1523400561.00000227663F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1818763082.00000227663F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 00000006.00000003.1523400561.00000227663F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1818763082.00000227663F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000006.00000003.1523400561.00000227663F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1818763082.00000227663F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000006.00000003.1523400561.00000227663F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1818763082.00000227663F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000006.00000003.2125933648.0000022763AA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2126404219.0000022761B98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1890863956.0000022761B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000006.00000003.1577692699.00000227694A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000006.00000003.2125933648.0000022763AA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000006.00000003.1814825826.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000006.00000003.1588902587.000002276695A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000006.00000003.1629582113.0000022761181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 00000006.00000003.1629582113.0000022761181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000006.00000003.1569944583.00000227651F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1786255784.0000022765AA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1495140259.0000022765AE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1579720973.0000022768E22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1890301448.0000022765B60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1609724047.0000022A0003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2106502884.0000022765B60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1572580099.000002276683A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1495140259.0000022765ABB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1492949124.0000022765AF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1811199665.0000022765B60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1586911640.000002276544F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1579486506.0000022768E34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1580467703.000002276833F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1584091393.0000022765AF6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1624996487.000002276683A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1579887718.00000227683FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1579887718.00000227683EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1493442226.000002276683A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1493509353.0000022765AF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2100483699.000002276535B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000006.00000003.1523400561.00000227663F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1818763082.00000227663F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000006.00000003.1523400561.00000227663F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1818763082.00000227663F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 00000006.00000003.1819700324.0000022761BD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627683979.0000022763A8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627683979.0000022763A8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000006.00000003.2185760044.000002276729F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173087661.0000022761A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: firefox.exe, 00000006.00000003.2185760044.0000022767422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: firefox.exe, 00000006.00000003.2185760044.000002276729F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: firefox.exe, 00000006.00000003.2174054361.0000022761A47000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2185760044.000002276729F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: firefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627683979.0000022763A8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000006.00000003.1819700324.0000022761BD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000006.00000003.1587577463.000002276535B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2125814412.0000022765B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000006.00000003.2185760044.0000022767422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: firefox.exe, 00000006.00000003.2185760044.0000022767422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: mozilla-temp-41.6.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000006.00000003.2185760044.000002276729F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: firefox.exe, 00000006.00000003.1523400561.00000227663F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1818763082.00000227663F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000006.00000003.1523400561.00000227663F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1818763082.00000227663F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000006.00000003.1478429365.0000022765616000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1474957647.0000022765400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481921953.000002276567B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1480284018.000002276563E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481529818.0000022765667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1479829450.000002276562A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481369900.0000022765653000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000006.00000003.1579980812.00000227683BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000006.00000003.2106234970.0000022767DB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1580853058.0000022767DB1000.00000004.00000800.00020000.00000000.sdmp, Session_13370083106262370.8.drString found in binary or memory: https://accounts.google.com
Source: MediaDeviceSalts.8.dr, Session_13370083106262370.8.drString found in binary or memory: https://accounts.google.com/
Source: MediaDeviceSalts.8.drString found in binary or memory: https://accounts.google.com//
Source: History.8.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: firefox.exe, 0000000A.00000002.2669999343.000001CE1454A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Service
Source: firefox.exe, 00000012.00000002.2674246924.0000014489280000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.goog
Source: History.8.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Session_13370083106262370.8.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.8.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: file.exe, 00000000.00000003.1423972111.00000000010AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1424533246.00000000010AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1423972111.0000000001090000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1424533246.0000000001090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000002.1427116270.0000016E9D272000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1426397815.0000016E9D26D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: file.exe, 00000000.00000003.1423972111.0000000001090000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1424533246.0000000001090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd44
Source: file.exe, 00000000.00000002.1424533246.0000000001050000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd_6
Source: file.exe, 00000000.00000003.1423972111.0000000001090000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1424533246.0000000001090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdx
Source: WebAssistDatabase.8.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: 000003.log.8.drString found in binary or memory: https://accounts.youtube.com/
Source: Session_13370083106262370.8.drString found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=69043
Source: firefox.exe, 00000006.00000003.2125933648.0000022763AA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: f7c96f42-b478-4dc8-b0df-1e9c15eddb5f.tmp.9.drString found in binary or memory: https://assets.msn.com
Source: firefox.exe, 00000006.00000003.1890887864.0000022761B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000006.00000003.1890887864.0000022761B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000006.00000003.1819843658.0000022761BB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1812177202.0000022761BB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1816077559.0000022761BB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2106749698.0000022761BB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1789455882.0000022761BB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://bard.google.com/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591334837.0000022762C38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814825826.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1629162929.00000227611B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1789125916.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2672078954.000001CE148C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2670269468.00000144891CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591334837.0000022762C38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814825826.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1629162929.00000227611B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1789125916.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2672078954.000001CE148C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2670269468.00000144891CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
Source: firefox.exe, 00000006.00000003.1590540028.0000022762C96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628008751.0000022762C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: Reporting and NEL.9.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.8.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.8.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json0.8.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.8.drString found in binary or memory: https://chromewebstore.google.com/
Source: 0e8f1764-dfe5-4084-a4c1-d846bd854a0a.tmp.9.dr, f7c96f42-b478-4dc8-b0df-1e9c15eddb5f.tmp.9.drString found in binary or memory: https://clients2.google.com
Source: manifest.json.8.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: f7c96f42-b478-4dc8-b0df-1e9c15eddb5f.tmp.9.drString found in binary or memory: https://clients2.googleusercontent.com
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000006.00000003.1478429365.0000022765616000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1474957647.0000022765400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481921953.000002276567B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1480284018.000002276563E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481529818.0000022765667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1479829450.000002276562A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481369900.0000022765653000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591334837.0000022762C38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814825826.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1629162929.00000227611B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1789125916.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2672078954.000001CE148C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2670269468.00000144891CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591334837.0000022762C38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814825826.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1629162929.00000227611B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1789125916.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2672078954.000001CE148C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2670269468.00000144891CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: Reporting and NEL.9.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json.8.drString found in binary or memory: https://docs.google.com/
Source: firefox.exe, 00000006.00000003.2168210984.0000022761A47000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173087661.0000022761A2E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2168140304.0000022761A44000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2172381941.0000022761A2E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2172663004.0000022761A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.mic
Source: manifest.json.8.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000006.00000003.1819631650.0000022765DE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1478429365.0000022765616000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1474957647.0000022765400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481921953.000002276567B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627041135.0000022765DE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1480284018.000002276563E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481529818.0000022765667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1479829450.000002276562A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1525357991.0000022765DD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481369900.0000022765653000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: Web Data.8.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.8.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.8.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627629021.0000022763A9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1573820306.0000022764E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1487850537.0000022764E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1485019079.0000022764E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1486590344.0000022764E1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627683979.0000022763A8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627683979.0000022763A8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: f7c96f42-b478-4dc8-b0df-1e9c15eddb5f.tmp.9.drString found in binary or memory: https://edgeassetservice.azureedge.net
Source: 000003.log6.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log6.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log6.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log8.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCate
Source: 000003.log6.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: firefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627629021.0000022763A9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1573820306.0000022764E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1487850537.0000022764E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1485019079.0000022764E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1486590344.0000022764E1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000006.00000003.2107134493.0000022761B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000006.00000003.1890887864.0000022761B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000006.00000003.1789125916.0000022762C34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 00000006.00000003.2125933648.0000022763AA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2107134493.0000022761B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://gaana.com/
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000006.00000003.1478429365.0000022765616000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1474957647.0000022765400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1480284018.000002276563E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481529818.0000022765667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1479829450.000002276562A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481369900.0000022765653000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000006.00000003.2106382931.0000022767D97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: prefs-1.js.6.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000006.00000003.2106749698.0000022761BB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000006.00000003.2106650476.0000022765B2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2125814412.0000022765B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/008ede48-c825-4f89-a2a2-325df2c42c07/first-s
Source: firefox.exe, 00000006.00000003.2106650476.0000022765B2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2125814412.0000022765B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/1036486f-a56a-437b-b1e7-a2f1fa5fb914/main/Fi
Source: firefox.exe, 00000006.00000003.2106650476.0000022765B2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2125814412.0000022765B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/1912e5a9-a49a-44a5-95c6-6e047a7410c8/new-pro
Source: firefox.exe, 00000006.00000003.2106650476.0000022765B2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2125814412.0000022765B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/975fa64d-84a3-45a6-931b-6d9e916c1153/event/F
Source: firefox.exe, 00000006.00000003.2106650476.0000022765B2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2125814412.0000022765B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/a2d29e6c-ac08-481c-a5a2-3b45379df53a/health/
Source: firefox.exe, 00000006.00000003.2106650476.0000022765B2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2125814412.0000022765B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/d1a7a52e-e3c7-4e69-93b1-055dbe542ec9/main/Fi
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: firefox.exe, 00000006.00000003.1627459152.0000022765808000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1813647715.0000022765808000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000006.00000003.1812177202.0000022761B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000006.00000003.1789125916.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1518339052.0000022767EA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000006.00000003.2039769893.0000262102D80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1579980812.00000227683BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000006.00000003.2039769893.0000262102D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.comZ
Source: firefox.exe, 00000006.00000003.1579980812.00000227683BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://m.kugou.com/
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://m.soundcloud.com/
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://m.vk.com/
Source: firefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627629021.0000022763A9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1573820306.0000022764E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1487850537.0000022764E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1485019079.0000022764E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1486590344.0000022764E1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: firefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627629021.0000022763A9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1573820306.0000022764E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1487850537.0000022764E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1485019079.0000022764E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1486590344.0000022764E1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627683979.0000022763A8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627629021.0000022763A9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1573820306.0000022764E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1487850537.0000022764E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1485019079.0000022764E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1486590344.0000022764E1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627683979.0000022763A8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: firefox.exe, 00000012.00000002.2670269468.0000014489192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000A.00000002.2672078954.000001CE14872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestabout
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000006.00000003.2125933648.0000022763AA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://music.amazon.com
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://music.apple.com
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://music.yandex.com
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://open.spotify.com
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: firefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627629021.0000022763A9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1573820306.0000022764E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1487850537.0000022764E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1485019079.0000022764E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1486590344.0000022764E1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627629021.0000022763A9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1573820306.0000022764E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1487850537.0000022764E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1485019079.0000022764E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1486590344.0000022764E1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627683979.0000022763A8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000006.00000003.2125995114.0000022763A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000006.00000003.1813504731.0000022765816000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000006.00000003.1814825826.0000022762C34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000006.00000003.2125933648.0000022763AA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000006.00000003.1481369900.0000022765653000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000006.00000003.1789245579.0000022761BEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000006.00000003.1813869399.0000022763ADF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814825826.0000022762C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000006.00000003.1524760241.000002276634F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000006.00000003.1524760241.000002276634F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000006.00000003.2125933648.0000022763AA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000006.00000003.1518339052.0000022767EC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1522409187.0000022767EC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2124294610.0000022767EC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1812771622.0000022767EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000006.00000003.1811363658.0000022765482000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1813310522.0000022765823000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2125676360.0000022765B60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2125814412.0000022765B2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://tidal.com/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000006.00000003.2125933648.0000022763AA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1789125916.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://vibe.naver.com/today
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://web.telegram.org/
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://web.whatsapp.com
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000006.00000003.1587506098.00000227653C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591334837.0000022762C38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814825826.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1629162929.00000227611B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1789125916.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2672078954.000001CE148C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2670269468.00000144891CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
Source: firefox.exe, 00000006.00000003.1478429365.0000022765616000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1474957647.0000022765400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481921953.000002276567B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1480284018.000002276563E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481529818.0000022765667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1479829450.000002276562A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1525357991.0000022765DD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481369900.0000022765653000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.deezer.com/
Source: firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000006.00000003.1590540028.0000022762C96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628008751.0000022762C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: content_new.js.8.dr, content.js.8.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000006.00000003.1478429365.0000022765616000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1474957647.0000022765400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481921953.000002276567B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1480284018.000002276563E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481529818.0000022765667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1479829450.000002276562A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481369900.0000022765653000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: Web Data.8.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000006.00000003.1478429365.0000022765616000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1474957647.0000022765400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481921953.000002276567B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1480284018.000002276563E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481529818.0000022765667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1479829450.000002276562A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1525357991.0000022765DD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481369900.0000022765653000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: 0e8f1764-dfe5-4084-a4c1-d846bd854a0a.tmp.9.dr, f7c96f42-b478-4dc8-b0df-1e9c15eddb5f.tmp.9.drString found in binary or memory: https://www.googleapis.com
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.iheart.com/podcast/
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.instagram.com
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591334837.0000022762C38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814825826.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1629162929.00000227611B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1789125916.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2672078954.000001CE148C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2670269468.00000144891CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.last.fm/
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.messenger.com
Source: firefox.exe, 00000006.00000003.1788582453.0000022762CFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000006.00000003.1629582113.000002276115E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2672078954.000001CE148C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2670269468.0000014489192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000006.00000003.2039769893.0000262102D80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628474009.0000022762C88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591140946.0000022762C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.office.com
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: firefox.exe, 00000006.00000003.1587506098.00000227653C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1789125916.0000022762C34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 00000006.00000003.2039769893.0000262102D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.ca
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1789125916.0000022762C34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000006.00000003.1587506098.00000227653C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
Source: 40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.8:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.8:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.65.39.31:443 -> 192.168.2.8:49784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.8:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.8:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49800 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49797 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49803 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AAEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00AAEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AAED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00AAED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AAEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00AAEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A9AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_00A9AA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AC9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00AC9576

System Summary

barindex
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.1419258712.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_841742ed-0
Source: file.exe, 00000000.00000000.1419258712.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_5a5c787b-2
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_d719e0a8-5
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_3b3880aa-7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000014489627077 NtQuerySystemInformation,18_2_0000014489627077
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000014489647232 NtQuerySystemInformation,18_2_0000014489647232
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A9D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_00A9D5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A91201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00A91201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A9E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00A9E8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A380600_2_00A38060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA20460_2_00AA2046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A982980_2_00A98298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6E4FF0_2_00A6E4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6676B0_2_00A6676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AC48730_2_00AC4873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A5CAA00_2_00A5CAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3CAF00_2_00A3CAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A4CC390_2_00A4CC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A66DD90_2_00A66DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A4D0640_2_00A4D064
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A391C00_2_00A391C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A4B1190_2_00A4B119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A513940_2_00A51394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A517060_2_00A51706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A5781B0_2_00A5781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A519B00_2_00A519B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A379200_2_00A37920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A4997D0_2_00A4997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A57A4A0_2_00A57A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A57CA70_2_00A57CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A51C770_2_00A51C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A69EEE0_2_00A69EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ABBE440_2_00ABBE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A51F320_2_00A51F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001448962707718_2_0000014489627077
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001448964723218_2_0000014489647232
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001448964727218_2_0000014489647272
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001448964795C18_2_000001448964795C
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00A50A30 appears 46 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00A4F9F2 appears 40 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00A39CB3 appears 31 times
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal64.evad.winEXE@71/277@30/24
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA37B5 GetLastError,FormatMessageW,0_2_00AA37B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A910BF AdjustTokenPrivileges,CloseHandle,0_2_00A910BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A916C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00A916C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00AA51CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A9D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_00A9D4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00AA648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A342A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00A342A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DAB61E-928.pmaJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: file.exeReversingLabs: Detection: 26%
Source: file.exeVirustotal: Detection: 28%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2180,i,11385975426524790474,2291032491079240300,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2800 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20230927232528 -prefsHandle 2272 -prefMapHandle 2264 -prefsLen 25298 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfa01b6f-fa55-4040-aa0b-785369d38a76} 6832 "\\.\pipe\gecko-crash-server-pipe.6832" 22755a6e110 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6872 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7012 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4532 -parentBuildID 20230927232528 -prefsHandle 4516 -prefMapHandle 3888 -prefsLen 26313 -prefMapSize 238442 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b8c35b2-355b-43e8-bc2c-ddf9c5e64bd7} 6832 "\\.\pipe\gecko-crash-server-pipe.6832" 22765d1cf10 rdd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6752 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7272 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7892 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7892 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2180,i,11385975426524790474,2291032491079240300,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20230927232528 -prefsHandle 2272 -prefMapHandle 2264 -prefsLen 25298 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfa01b6f-fa55-4040-aa0b-785369d38a76} 6832 "\\.\pipe\gecko-crash-server-pipe.6832" 22755a6e110 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4532 -parentBuildID 20230927232528 -prefsHandle 4516 -prefMapHandle 3888 -prefsLen 26313 -prefMapSize 238442 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b8c35b2-355b-43e8-bc2c-ddf9c5e64bd7} 6832 "\\.\pipe\gecko-crash-server-pipe.6832" 22765d1cf10 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2800 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6872 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7012 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6752 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7272 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7892 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7892 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00A342DE
Source: gmpopenh264.dll.tmp.6.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A50A76 push ecx; ret 0_2_00A50A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A4F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00A4F98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AC1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00AC1C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96732
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000014489627077 rdtsc 18_2_0000014489627077
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.2 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A9DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00A9DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6C2A2 FindFirstFileExW,0_2_00A6C2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA68EE FindFirstFileW,FindClose,0_2_00AA68EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00AA698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A9D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00A9D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A9D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00A9D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00AA9642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00AA979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00AA9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00AA5C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00A342DE
Source: Web Data.8.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
Source: Web Data.8.drBinary or memory string: discord.comVMware20,11696494690f
Source: Web Data.8.drBinary or memory string: AMC password management pageVMware20,11696494690
Source: Web Data.8.drBinary or memory string: outlook.office.comVMware20,11696494690s
Source: Web Data.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: Web Data.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: Web Data.8.drBinary or memory string: interactivebrokers.comVMware20,11696494690
Source: Web Data.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: Web Data.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: firefox.exe, 0000000A.00000002.2675867850.000001CE14A10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW4
Source: Web Data.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: Web Data.8.drBinary or memory string: outlook.office365.comVMware20,11696494690t
Source: firefox.exe, 0000000A.00000002.2675867850.000001CE14A10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllf
Source: firefox.exe, 0000000A.00000002.2669999343.000001CE1454A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2669077729.0000014488E0A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2675002798.0000014489810000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 0000000A.00000002.2675130176.000001CE14914000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: Web Data.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: Web Data.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: firefox.exe, 0000000A.00000002.2675867850.000001CE14A10000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2675002798.0000014489810000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: Web Data.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: Web Data.8.drBinary or memory string: tasks.office.comVMware20,11696494690o
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: firefox.exe, 00000012.00000002.2675002798.0000014489810000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll{
Source: Web Data.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: Web Data.8.drBinary or memory string: dev.azure.comVMware20,11696494690j
Source: Web Data.8.drBinary or memory string: global block list test formVMware20,11696494690
Source: firefox.exe, 0000000A.00000002.2675867850.000001CE14A10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4
Source: Web Data.8.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: Web Data.8.drBinary or memory string: bankofamerica.comVMware20,11696494690x
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: Web Data.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: Web Data.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000014489627077 rdtsc 18_2_0000014489627077
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AAEAA2 BlockInput,0_2_00AAEAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A62622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A62622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00A342DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A54CE8 mov eax, dword ptr fs:[00000030h]0_2_00A54CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A90B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00A90B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A62622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A62622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A5083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A5083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A509D5 SetUnhandledExceptionFilter,0_2_00A509D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A50C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00A50C21
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A91201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00A91201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A72BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00A72BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A9B226 SendInput,keybd_event,0_2_00A9B226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AB22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00AB22DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A90B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00A90B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A91663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00A91663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A50698 cpuid 0_2_00A50698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AA8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00AA8195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A8D27A GetUserNameW,0_2_00A8D27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_00A6B952
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00A342DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AB1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00AB1204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AB1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00AB1806
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts
1
Native API
1
DLL Side-Loading
1
Exploitation for Privilege Escalation
1
Disable or Modify Tools
21
Input Capture
2
System Time Discovery
Remote Services1
Archive Collected Data
2
Ingress Tool Transfer
Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts
1
DLL Side-Loading
1
Deobfuscate/Decode Files or Information
LSASS Memory1
Account Discovery
Remote Desktop Protocol21
Input Capture
11
Encrypted Channel
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection
2
Obfuscated Files or Information
Security Account Manager2
File and Directory Discovery
SMB/Windows Admin Shares3
Clipboard Data
3
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts
1
DLL Side-Loading
NTDS15
System Information Discovery
Distributed Component Object ModelInput Capture4
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation
1
Extra Window Memory Injection
LSA Secrets131
Security Software Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
Process Injection
1
Masquerading
Cached Domain Credentials1
Virtualization/Sandbox Evasion
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
Valid Accounts
DCSync3
Process Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion
Proc Filesystem1
Application Window Discovery
Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation
/etc/passwd and /etc/shadow1
System Owner/User Discovery
Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
Process Injection
Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1505467 Sample: file.exe Startdate: 06/09/2024 Architecture: WINDOWS Score: 64 42 telemetry-incoming.r53-2.services.mozilla.com 2->42 44 sni1gl.wpc.nucdn.net 2->44 46 13 other IPs or domains 2->46 66 Multi AV Scanner detection for submitted file 2->66 68 Binary is likely a compiled AutoIt script file 2->68 70 Machine Learning detection for sample 2->70 72 AI detected suspicious sample 2->72 8 file.exe 1 2->8         started        11 msedge.exe 151 408 2->11         started        14 firefox.exe 1 2->14         started        signatures3 process4 dnsIp5 74 Binary is likely a compiled AutoIt script file 8->74 76 Found API chain indicative of sandbox detection 8->76 16 msedge.exe 11 8->16         started        18 firefox.exe 1 8->18         started        60 192.168.2.8, 138, 443, 49703 unknown unknown 11->60 62 192.168.2.9 unknown unknown 11->62 64 239.255.255.250 unknown Reserved 11->64 20 msedge.exe 11->20         started        23 msedge.exe 11->23         started        25 msedge.exe 11->25         started        30 4 other processes 11->30 27 firefox.exe 3 95 14->27         started        signatures6 process7 dnsIp8 32 msedge.exe 16->32         started        48 13.107.246.40, 443, 49757, 49758 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->48 50 s-part-0029.t-0009.t-msedge.net 13.107.246.57, 443, 49751, 49752 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->50 56 18 other IPs or domains 20->56 52 services.addons.mozilla.org 18.65.39.31, 443, 49784 MIT-GATEWAYSUS United States 27->52 54 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49754, 49756, 49786 GOOGLEUS United States 27->54 58 5 other IPs or domains 27->58 38 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 27->38 dropped 40 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 27->40 dropped 34 firefox.exe 27->34         started        36 firefox.exe 27->36         started        file9 process10

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
file.exe26%ReversingLabs
file.exe28%VirustotalBrowse
file.exe100%Joe Sandbox ML
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
No Antivirus matches
SourceDetectionScannerLabelLink
example.org0%VirustotalBrowse
chrome.cloudflare-dns.com0%VirustotalBrowse
prod.classify-client.prod.webservices.mozgcp.net0%VirustotalBrowse
prod.balrog.prod.cloudops.mozgcp.net0%VirustotalBrowse
prod.detectportal.prod.cloudops.mozgcp.net0%VirustotalBrowse
services.addons.mozilla.org0%VirustotalBrowse
ssl.bingadsedgeextension-prod-europe.azurewebsites.net0%VirustotalBrowse
detectportal.firefox.com0%VirustotalBrowse
clients2.googleusercontent.com0%VirustotalBrowse
firefox.settings.services.mozilla.com0%VirustotalBrowse
prod.remote-settings.prod.webservices.mozgcp.net0%VirustotalBrowse
googlehosted.l.googleusercontent.com0%VirustotalBrowse
bzib.nelreports.net0%VirustotalBrowse
ipv4only.arpa0%VirustotalBrowse
sni1gl.wpc.nucdn.net0%VirustotalBrowse
telemetry-incoming.r53-2.services.mozilla.com0%VirustotalBrowse
s-part-0029.t-0009.t-msedge.net0%VirustotalBrowse
SourceDetectionScannerLabelLink
https://services.addons.mozilla.org0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%URL Reputationsafe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge0%URL Reputationsafe
https://i.y.qq.com/n2/m/index.html0%URL Reputationsafe
https://www.deezer.com/0%URL Reputationsafe
https://excel.new?from=EdgeM365Shoreline0%URL Reputationsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%URL Reputationsafe
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg0%URL Reputationsafe
https://outlook.live.com/mail/0/0%URL Reputationsafe
https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e40%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%Avira URL Cloudsafe
https://www.tsn.ca0%URL Reputationsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
https://tidal.com/0%URL Reputationsafe
https://gaana.com/0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi0%URL Reputationsafe
https://outlook.live.com/mail/compose?isExtension=true0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%Avira URL Cloudsafe
http://detectportal.firefox.com/0%Avira URL Cloudsafe
https://merino.services.mozilla.com/api/v1/suggest0%Avira URL Cloudsafe
http://www.mozilla.com00%Avira URL Cloudsafe
https://deff.nelreports.net/api/report?cat=msn0%Avira URL Cloudsafe
http://www.fontbureau.com/designers0%Avira URL Cloudsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%Avira URL Cloudsafe
https://spocs.getpocket.com/spocs0%Avira URL Cloudsafe
https://docs.google.com/0%Avira URL Cloudsafe
https://screenshots.firefox.com0%Avira URL Cloudsafe
https://www.youtube.com0%Avira URL Cloudsafe
https://completion.amazon.com/search/complete?q=0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%Avira URL Cloudsafe
https://www.instagram.com0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%Avira URL Cloudsafe
https://monitor.firefox.com/breach-details/0%Avira URL Cloudsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://profiler.firefox.com/0%Avira URL Cloudsafe
https://www.msn.com0%Avira URL Cloudsafe
https://outlook.office.com/mail/compose?isExtension=true0%Avira URL Cloudsafe
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%Avira URL Cloudsafe
http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
https://tracking-protection-issues.herokuapp.com/new0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%Avira URL Cloudsafe
https://web.telegram.org/0%Avira URL Cloudsafe
https://accounts.youtube.com/0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%Avira URL Cloudsafe
https://drive-daily-2.corp.google.com/0%Avira URL Cloudsafe
https://api.accounts.firefox.com/v10%Avira URL Cloudsafe
https://fpn.firefox.com0%Avira URL Cloudsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%Avira URL Cloudsafe
http://exslt.org/dates-and-times0%Avira URL Cloudsafe
http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.0%Avira URL Cloudsafe
https://drive-daily-1.corp.google.com/0%Avira URL Cloudsafe
https://www.youtube.com/0%Avira URL Cloudsafe
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
https://drive-daily-5.corp.google.com/0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%Avira URL Cloudsafe
http://www.carterandcone.coml0%Avira URL Cloudsafe
http://127.0.0.1:0%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%Avira URL Cloudsafe
https://bugzilla.mo0%Avira URL Cloudsafe
https://mitmdetection.services.mozilla.com/0%Avira URL Cloudsafe
https://amazon.com0%Avira URL Cloudsafe
https://chromewebstore.google.com/0%Avira URL Cloudsafe
https://drive-preprod.corp.google.com/0%Avira URL Cloudsafe
https://chrome.google.com/webstore/0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%Avira URL Cloudsafe
https://spocs.getpocket.com/0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%Avira URL Cloudsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%Avira URL Cloudsafe
https://bard.google.com/0%Avira URL Cloudsafe
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r0%Avira URL Cloudsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%Avira URL Cloudsafe
https://merino.services.mozilla.com/api/v1/suggestabout0%Avira URL Cloudsafe
https://www.office.com0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%Avira URL Cloudsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%Avira URL Cloudsafe
http://www.inbox.lv/rfc2368/?value=%su0%Avira URL Cloudsafe
https://monitor.firefox.com/user/dashboard0%Avira URL Cloudsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%Avira URL Cloudsafe
https://monitor.firefox.com/about0%Avira URL Cloudsafe
http://mozilla.org/MPL/2.0/.0%Avira URL Cloudsafe
https://account.bellmedia.c0%Avira URL Cloudsafe
https://login.microsoftonline.com0%Avira URL Cloudsafe
https://coverage.mozilla.org0%Avira URL Cloudsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%Avira URL Cloudsafe
https://www.zhihu.com/0%Avira URL Cloudsafe
http://x1.c.lencr.org/00%Avira URL Cloudsafe
http://x1.i.lencr.org/00%Avira URL Cloudsafe
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true0%Avira URL Cloudsafe
https://blocked.cdn.mozilla.net/0%Avira URL Cloudsafe
https://profiler.firefox.com0%Avira URL Cloudsafe
https://outlook.live.com/default.aspx?rru=compose&to=%s0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalseunknown
chrome.cloudflare-dns.com
162.159.61.3
truefalseunknown
prod.classify-client.prod.webservices.mozgcp.net
35.190.72.216
truefalseunknown
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
truefalseunknown
prod.detectportal.prod.cloudops.mozgcp.net
34.107.221.82
truefalseunknown
services.addons.mozilla.org
18.65.39.31
truefalseunknown
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
truefalseunknown
prod.remote-settings.prod.webservices.mozgcp.net
34.149.100.209
truefalseunknown
sni1gl.wpc.nucdn.net
152.199.21.175
truefalseunknown
s-part-0029.t-0009.t-msedge.net
13.107.246.57
truefalseunknown
ipv4only.arpa
192.0.0.170
truefalseunknown
googlehosted.l.googleusercontent.com
216.58.206.33
truefalseunknown
telemetry-incoming.r53-2.services.mozilla.com
34.120.208.123
truefalseunknown
detectportal.firefox.com
unknown
unknownfalseunknown
clients2.googleusercontent.com
unknown
unknownfalseunknown
bzib.nelreports.net
unknown
unknownfalseunknown
firefox.settings.services.mozilla.com
unknown
unknownfalseunknown
NameMaliciousAntivirus DetectionReputation
https://www.google.com/favicon.icofalse
  • Avira URL Cloud: safe
unknown
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
  • Avira URL Cloud: safe
unknown
NameSourceMaliciousAntivirus DetectionReputation
https://duckduckgo.com/chrome_newtabWeb Data.8.drfalse
  • Avira URL Cloud: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://duckduckgo.com/ac/?q=Web Data.8.drfalse
  • Avira URL Cloud: safe
unknown
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://detectportal.firefox.com/firefox.exe, 00000006.00000003.1577692699.00000227694A9000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.orgfirefox.exe, 00000006.00000003.1789245579.0000022761BEB000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.mozilla.com0firefox.exe, 00000006.00000003.1819700324.0000022761BD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drfalse
  • Avira URL Cloud: safe
unknown
https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000012.00000002.2670269468.0000014489192000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.9.drfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designersfirefox.exe, 00000006.00000003.2174054361.0000022761A47000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2185760044.000002276729F000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://deff.nelreports.net/api/report?cat=msnReporting and NEL.9.drfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://spocs.getpocket.com/spocsfirefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.google.com/manifest.json.8.drfalse
  • Avira URL Cloud: safe
unknown
https://screenshots.firefox.comfirefox.exe, 00000006.00000003.2125933648.0000022763AA3000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.youtube.com40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://completion.amazon.com/search/complete?q=firefox.exe, 00000006.00000003.1478429365.0000022765616000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1474957647.0000022765400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481921953.000002276567B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1480284018.000002276563E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481529818.0000022765667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1479829450.000002276562A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481369900.0000022765653000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.instagram.com40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/breach-details/firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000006.00000003.1478429365.0000022765616000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1474957647.0000022765400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481921953.000002276567B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1480284018.000002276563E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481529818.0000022765667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1479829450.000002276562A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1525357991.0000022765DD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481369900.0000022765653000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://profiler.firefox.com/firefox.exe, 00000006.00000003.2125995114.0000022763A62000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.msn.comfirefox.exe, 00000006.00000003.2039769893.0000262102D80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628474009.0000022762C88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591140946.0000022762C88000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://outlook.office.com/mail/compose?isExtension=true40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://github.com/mozilla-services/screenshotsfirefox.exe, 00000006.00000003.1478429365.0000022765616000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1474957647.0000022765400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1480284018.000002276563E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481529818.0000022765667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1479829450.000002276562A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1481369900.0000022765653000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.zhongyicts.com.cnfirefox.exe, 00000006.00000003.2185760044.000002276729F000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://i.y.qq.com/n2/m/index.html40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://www.deezer.com/40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://web.telegram.org/40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://accounts.youtube.com/000003.log.8.drfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://api.accounts.firefox.com/v1firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://drive-daily-2.corp.google.com/manifest.json.8.drfalse
  • Avira URL Cloud: safe
unknown
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://fpn.firefox.comfirefox.exe, 00000006.00000003.2125933648.0000022763AA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2107134493.0000022761B87000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.8.drfalse
  • Avira URL Cloud: safe
unknown
http://exslt.org/dates-and-timesfirefox.exe, 00000006.00000003.1629582113.0000022761181000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://ocsp.rootca1.amazontrust.com0:firefox.exe, 00000006.00000003.1523400561.00000227663F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1818763082.00000227663F7000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591334837.0000022762C38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814825826.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1629162929.00000227611B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1789125916.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2672078954.000001CE148C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2670269468.00000144891CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drfalse
  • Avira URL Cloud: safe
unknown
https://drive-daily-1.corp.google.com/manifest.json.8.drfalse
  • Avira URL Cloud: safe
unknown
https://excel.new?from=EdgeM365Shoreline40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://www.youtube.com/firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1789125916.0000022762C34000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://drive-daily-5.corp.google.com/manifest.json.8.drfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.carterandcone.comlfirefox.exe, 00000006.00000003.2185760044.0000022767422000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.9.drfalse
  • URL Reputation: safe
unknown
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://127.0.0.1:firefox.exe, 00000006.00000003.1813760723.000002276549B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mofirefox.exe, 00000006.00000003.1590540028.0000022762C96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628008751.0000022762C97000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://mitmdetection.services.mozilla.com/firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://amazon.comfirefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://chromewebstore.google.com/manifest.json0.8.drfalse
  • Avira URL Cloud: safe
unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgfirefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591334837.0000022762C38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814825826.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1629162929.00000227611B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1789125916.0000022762C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2672078954.000001CE148C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2670269468.00000144891CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drfalse
  • URL Reputation: safe
unknown
https://drive-preprod.corp.google.com/manifest.json.8.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore/manifest.json0.8.drfalse
  • Avira URL Cloud: safe
unknown
https://spocs.getpocket.com/firefox.exe, 00000006.00000003.1814478156.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1591303021.0000022762C68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1788967769.0000022762C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1628570001.0000022762C68000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bard.google.com/40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://merino.services.mozilla.com/api/v1/suggestaboutfirefox.exe, 0000000A.00000002.2672078954.000001CE14872000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.office.com40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/0/40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000006.00000003.1813869399.0000022763ADF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814825826.0000022762C24000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627683979.0000022763A8D000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.tsn.cafirefox.exe, 00000006.00000003.2039769893.0000262102D80000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://tidal.com/40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/aboutfirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://mozilla.org/MPL/2.0/.firefox.exe, 00000006.00000003.1569944583.00000227651F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1786255784.0000022765AA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1495140259.0000022765AE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1579720973.0000022768E22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1890301448.0000022765B60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1609724047.0000022A0003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2106502884.0000022765B60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1572580099.000002276683A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1495140259.0000022765ABB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1492949124.0000022765AF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1811199665.0000022765B60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1586911640.000002276544F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1579486506.0000022768E34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1580467703.000002276833F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1584091393.0000022765AF6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1624996487.000002276683A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1579887718.00000227683FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1579887718.00000227683EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1493442226.000002276683A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1493509353.0000022765AF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2100483699.000002276535B000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://account.bellmedia.cfirefox.exe, 00000006.00000003.1579980812.00000227683BE000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://gaana.com/40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://login.microsoftonline.comfirefox.exe, 00000006.00000003.1579980812.00000227683BE000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://coverage.mozilla.orgfirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 00000006.00000003.1819700324.0000022761BD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1813182919.0000022765D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1821664053.0000022766C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drfalse
  • Avira URL Cloud: safe
unknown
https://csp.withgoogle.com/csp/report-to/AccountsSignInUiReporting and NEL.9.drfalse
  • URL Reputation: safe
unknown
https://www.zhihu.com/firefox.exe, 00000006.00000003.1587506098.00000227653C0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://x1.c.lencr.org/0firefox.exe, 00000006.00000003.1523400561.00000227663F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1818763082.00000227663F7000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://x1.i.lencr.org/0firefox.exe, 00000006.00000003.1523400561.00000227663F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1818763082.00000227663F7000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/compose?isExtension=true40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drfalse
  • URL Reputation: safe
unknown
https://blocked.cdn.mozilla.net/firefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true40f0f022-5821-47fe-87c3-832883ecf0b7.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://profiler.firefox.comfirefox.exe, 0000000A.00000002.2671369423.000001CE146C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2673383401.0000014489200000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 00000006.00000003.1590146400.0000022763A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1814112521.0000022763A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1627629021.0000022763A9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1573820306.0000022764E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1487850537.0000022764E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1485019079.0000022764E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1486590344.0000022764E1F000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs
IPDomainCountryFlagASNASN NameMalicious
142.250.80.68
unknownUnited States
15169GOOGLEUSfalse
13.107.246.40
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
152.195.19.97
unknownUnited States
15133EDGECASTUSfalse
172.253.63.84
unknownUnited States
15169GOOGLEUSfalse
216.58.206.33
googlehosted.l.googleusercontent.comUnited States
15169GOOGLEUSfalse
172.253.122.84
unknownUnited States
15169GOOGLEUSfalse
142.250.81.238
unknownUnited States
15169GOOGLEUSfalse
23.219.161.132
unknownUnited States
20940AKAMAI-ASN1EUfalse
162.159.61.3
chrome.cloudflare-dns.comUnited States
13335CLOUDFLARENETUSfalse
172.64.41.3
unknownUnited States
13335CLOUDFLARENETUSfalse
34.120.208.123
telemetry-incoming.r53-2.services.mozilla.comUnited States
15169GOOGLEUSfalse
23.57.90.143
unknownUnited States
35994AKAMAI-ASUSfalse
13.107.246.57
s-part-0029.t-0009.t-msedge.netUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.netUnited Kingdom
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
34.149.100.209
prod.remote-settings.prod.webservices.mozgcp.netUnited States
2686ATGS-MMD-ASUSfalse
18.65.39.31
services.addons.mozilla.orgUnited States
3MIT-GATEWAYSUSfalse
34.107.221.82
prod.detectportal.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
142.250.80.78
unknownUnited States
15169GOOGLEUSfalse
35.244.181.201
prod.balrog.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
239.255.255.250
unknownReserved
unknownunknownfalse
35.190.72.216
prod.classify-client.prod.webservices.mozgcp.netUnited States
15169GOOGLEUSfalse
IP
192.168.2.8
192.168.2.9
127.0.0.1
Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1505467
Start date and time:2024-09-06 09:57:26 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 7m 12s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:27
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:file.exe
Detection:MAL
Classification:mal64.evad.winEXE@71/277@30/24
EGA Information:
  • Successful, ratio: 66.7%
HCA Information:
  • Successful, ratio: 96%
  • Number of executed functions: 34
  • Number of non-executed functions: 315
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 74.125.133.84, 13.107.42.16, 204.79.197.239, 13.107.21.239, 142.250.186.142, 13.107.6.158, 2.19.126.145, 2.19.126.152, 216.58.206.67, 2.23.209.147, 2.23.209.156, 2.23.209.158, 2.23.209.157, 2.23.209.166, 2.23.209.154, 2.23.209.160, 2.23.209.163, 2.23.209.162, 172.217.16.195, 20.31.169.57, 192.229.221.95, 2.22.61.59, 2.22.61.56, 172.217.16.142, 142.250.186.110, 142.250.176.195, 142.251.32.99, 142.251.40.195
  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, incoming.telemetry.mozilla.org, edgeassetservice.afd.azureedge.net, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, arc.msn.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, redirector.gvt1.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficmanager.net, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, bingadsedgeextension-prod.trafficmanager.net, bzib.nelreports.net.akamaized.net, api.edgeoffer.microsoft.com, fonts.gstatic.com, wildcardtlu-ssl.ec.azureedge.net, b-0005.b-msedge.net, detectportal.prod.mozaws.net, www-ww
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtWriteVirtualMemory calls found.
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
No simulations
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
  • www.aib.gov.uk/
NEW ORDER.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/3zs
PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/42Q
06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
  • 2s.gg/3zk
Quotation.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/3zM
152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
  • www.ust.com/
23.219.161.132file.exeGet hashmaliciousUnknownBrowse
    file.exeGet hashmaliciousUnknownBrowse
      file.exeGet hashmaliciousUnknownBrowse
        file.exeGet hashmaliciousUnknownBrowse
          file.exeGet hashmaliciousUnknownBrowse
            file.exeGet hashmaliciousUnknownBrowse
              file.exeGet hashmaliciousUnknownBrowse
                file.exeGet hashmaliciousUnknownBrowse
                  file.exeGet hashmaliciousUnknownBrowse
                    tXwWf89bXc.exeGet hashmaliciousUnknownBrowse
                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      chrome.cloudflare-dns.com709827261526152615.exeGet hashmaliciousFormBookBrowse
                      • 172.64.41.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 172.64.41.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 172.64.41.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      example.orgfile.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.80
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.48
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.23
                      file.exeGet hashmaliciousUnknownBrowse
                      • 3.165.190.17
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.80
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.48
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.48
                      ssl.bingadsedgeextension-prod-europe.azurewebsites.netfile.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousCoinhive, XmrigBrowse
                      • 94.245.104.56
                      PO#86637.lzhGet hashmaliciousFormBookBrowse
                      • 94.245.104.56
                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      CLOUDFLARENETUSg082Q9DajU.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, PureLog StealerBrowse
                      • 188.114.97.3
                      file.exeGet hashmaliciousAgentTeslaBrowse
                      • 104.26.12.205
                      Wrong Bank Details.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                      • 172.67.139.29
                      PO_00978876.vbsGet hashmaliciousUnknownBrowse
                      • 162.159.133.233
                      doc330391202408011.exeGet hashmaliciousFormBookBrowse
                      • 172.67.192.47
                      709827261526152615.exeGet hashmaliciousFormBookBrowse
                      • 188.114.96.3
                      Recibo de env#U00edo de DHL_Gu#U00eda de embarque Doc_PRG211003417144356060.PDF.lzh.lzh.lzh.exeGet hashmaliciousSnake KeyloggerBrowse
                      • 188.114.96.3
                      Bill of Lading.xlsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                      • 188.114.96.3
                      DHL airwaybill # 6913321715 & BL Draft copy.exeGet hashmaliciousFormBookBrowse
                      • 188.114.96.3
                      Purchase Order.xlsmGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                      • 188.114.96.3
                      AKAMAI-ASN1EUfile.exeGet hashmaliciousUnknownBrowse
                      • 23.44.201.36
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.219.161.132
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.44.201.16
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.44.201.27
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.44.133.38
                      file.exeGet hashmaliciousUnknownBrowse
                      • 104.126.116.43
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.219.82.8
                      file.exeGet hashmaliciousUnknownBrowse
                      • 104.70.121.219
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.59.250.35
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.219.82.26
                      EDGECASTUS709827261526152615.exeGet hashmaliciousFormBookBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      https://xy2.eu/3k2fIGet hashmaliciousUnknownBrowse
                      • 192.229.221.25
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      MICROSOFT-CORP-MSN-AS-BLOCKUSODy57hA4Su.exeGet hashmaliciousTofseeBrowse
                      • 52.101.11.0
                      Uc84uB877e.exeGet hashmaliciousTofseeBrowse
                      • 52.101.8.49
                      file.exeGet hashmaliciousUnknownBrowse
                      • 13.107.253.72
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      All-in-one Calculation Tool.xlsmGet hashmaliciousUnknownBrowse
                      • 52.111.243.31
                      All-in-one Calculation Tool.xlsmGet hashmaliciousUnknownBrowse
                      • 13.107.246.57
                      file.exeGet hashmaliciousUnknownBrowse
                      • 13.107.246.57
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 20.75.60.91
                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      1138de370e523e824bbca92d049a3777All-in-one Calculation Tool.xlsmGet hashmaliciousUnknownBrowse
                      • 23.206.229.226
                      https://bafkreih4ip5zjsxef3jbe32pyegreos33fovmx4546n5bglt5plmopvjiq.ipfs.dweb.link/Get hashmaliciousHTMLPhisherBrowse
                      • 23.206.229.226
                      https://onyxbusinesssolutions.co.za/ie/yoww6n/as5kb3lub3zaaxmtymcubmv0/Get hashmaliciousUnknownBrowse
                      • 23.206.229.226
                      https://v70969.webmo.fr/auth-dk/de/login.phpGet hashmaliciousUnknownBrowse
                      • 23.206.229.226
                      http://geminiak.weebly.com/Get hashmaliciousUnknownBrowse
                      • 23.206.229.226
                      https://pub-8b553b2110994b549ea2c074400e9182.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                      • 23.206.229.226
                      http://usa-metsmk-loggie.webflow.io/Get hashmaliciousUnknownBrowse
                      • 23.206.229.226
                      http://mettamask--login.webflow.io/Get hashmaliciousUnknownBrowse
                      • 23.206.229.226
                      http://metamskwallet-visit.webflow.io/Get hashmaliciousUnknownBrowse
                      • 23.206.229.226
                      http://help-s-sso-metmeask.webflow.io/Get hashmaliciousUnknownBrowse
                      • 23.206.229.226
                      28a2c9bd18a11de089ef85a160da29e4http://seoattal.hosted.phplist.com/lists/lt.php?tid=fU9RVwRXBQ1dUE9QVVcFSQQDVFEVAAUABBRSUFtRUwEAAAFaUVNNAl1XU1JRVlFJAgMEXhVWUlMDFAVXAAAfVQcEUFZWBABQXAJRHgUGB1EEUVJeFVBSAlMUUAELUB8FVlcFTlFQBQdUAFNWAVYGBwGet hashmaliciousUnknownBrowse
                      • 184.28.90.27
                      • 40.68.123.157
                      • 20.12.23.50
                      https://dl.dropboxusercontent.com/scl/fi/vkqr9mbz83lcdol6vui87/DKM-991809-PDF.zip?rlkey=jp9ltq9urj994wf0gc2dbtsi1&st=2ozy3g4j&dl=0Get hashmaliciousUnknownBrowse
                      • 184.28.90.27
                      • 40.68.123.157
                      • 20.12.23.50
                      file.exeGet hashmaliciousUnknownBrowse
                      • 184.28.90.27
                      • 40.68.123.157
                      • 20.12.23.50
                      http://cache.cloudswiftcdn.comGet hashmaliciousUnknownBrowse
                      • 184.28.90.27
                      • 40.68.123.157
                      • 20.12.23.50
                      http://cdn.staticfile.net/jquery.imagesloaded/3.1.8/imagesloaded.pkgd.min.jsGet hashmaliciousUnknownBrowse
                      • 184.28.90.27
                      • 40.68.123.157
                      • 20.12.23.50
                      file.exeGet hashmaliciousUnknownBrowse
                      • 184.28.90.27
                      • 40.68.123.157
                      • 20.12.23.50
                      file.exeGet hashmaliciousUnknownBrowse
                      • 184.28.90.27
                      • 40.68.123.157
                      • 20.12.23.50
                      https://u1404228.ct.sendgrid.net/ls/click?upn=u001.53NsXfgUBOeYzK87Mt8UmmFmJrZ7XUeaM2H1JJzIOlLD8XdRMGUjLjiETSkkNSOO1aPcOhsB-2B6p58337PPTvLBJHf93ZwdhKuc0pYJ3CCFhPzGYkRFXax0jGvIeRFmcP5G0BUyJ6YhdCuxj2rmKfEA3sfYg2UNxl72w1Me3oPfdrF6jbhGk315PA9TABMIUQaw-2BWiKWUThNlxL-2FiIJdoH5tiTQT-2Bm8o6f2DtPJqJqYyOmKsC6Z8r8BDMH-2BRyR0DPAbc1o4jsJAeLDJ31LwWjsFQYr3zFK5cIf8Mbd-2BRzOeXFDSMm6es3Y0fepvpPG5r7pfagssMFSYnyu8MHsVv5hRcIKJqjAZyLx1ckeV-2FaCznPfw8naJb82iSt3TNueNL1vH7DevWmKVRPxk4wZ5wzTJXKbWW9anlXuh-2BQXFzp8R8-2BdEEizEjCv3UcDuHMQ1pDH865wy4DUZnYMpZjJQJPawcQswhgRnWgvPzhIRyQE-2Bc-3DkIeO_CR4Iv1KReyG-2BUTiHEM2iSrmxUTGCd7nll-2F8pyW4fRHUIiL68JldL5hjEvlqIxpWk9hPYxNH8eo9VRHfVERALBwpMyAhjDc4FUwScFs2ucRUabaJ73tdO-2FPebairfMf4xwZ2dpDlmkqO5pmgc1gE0gGghSpi3dDGJNhz4YymAGUOPzRzAYltzk0Ba7IAVZeXH7Jn8rume2KIoU57-2Fl62ae-2FaTXSu1TIVQ6Migf-2F6NGXqO6vztNaikiQe23mzDzfi19JJ-2FVN5j6ZPVhD34lLHzKpdiifzixAZur7VZCR5Hc24MfYQGTYVbJWBIhMdpT2lgG-2Bg-2FTIWWIZlY-2Fzm-2BK3i-2F0Q-3D-3DGet hashmaliciousUnknownBrowse
                      • 184.28.90.27
                      • 40.68.123.157
                      • 20.12.23.50
                      http://31.41.244.9/nokia/lamp.exeGet hashmaliciousStealcBrowse
                      • 184.28.90.27
                      • 40.68.123.157
                      • 20.12.23.50
                      All-in-one Calculation Tool.xlsmGet hashmaliciousUnknownBrowse
                      • 184.28.90.27
                      • 40.68.123.157
                      • 20.12.23.50
                      fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.31
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.31
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.31
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.31
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.31
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.31
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.31
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.31
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.31
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.31
                      • 34.120.208.123
                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                        file.exeGet hashmaliciousUnknownBrowse
                          file.exeGet hashmaliciousUnknownBrowse
                            file.exeGet hashmaliciousUnknownBrowse
                              file.exeGet hashmaliciousUnknownBrowse
                                file.exeGet hashmaliciousUnknownBrowse
                                  file.exeGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousUnknownBrowse
                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6439
                                                              Entropy (8bit):5.141792277907768
                                                              Encrypted:false
                                                              SSDEEP:192:AJ99wMX4d4p4qcbhbVbTbfbRbObtbyEznDnSrDtTZdB:29bIS2qcNhnzFSJtnSrDhZdB
                                                              MD5:2611E617850BEB4860FA96A1423030BA
                                                              SHA1:567841D37330074DBEEC2B6362F6858D787CD7A9
                                                              SHA-256:AC24F5CDD40979CAA8085700BF0BE0D5287E2224EB22432A9E34026F8451E7EE
                                                              SHA-512:782A90E3DE6220B3A50501198554391AC76673DEDA2E2CB029621518526A8799D31AF2BEA3B27C77E752DE107C5CCD38C053AF4B7117A5A3395D3EB04F8A7885
                                                              Malicious:false
                                                              Preview:{"type":"uninstall","id":"5e8eaf30-99cf-461b-92a7-987b6fa67eb3","creationDate":"2024-09-06T09:57:01.134Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"965729a8-84e4-4cad-a75d-ac8181902c4b","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6439
                                                              Entropy (8bit):5.141792277907768
                                                              Encrypted:false
                                                              SSDEEP:192:AJ99wMX4d4p4qcbhbVbTbfbRbObtbyEznDnSrDtTZdB:29bIS2qcNhnzFSJtnSrDhZdB
                                                              MD5:2611E617850BEB4860FA96A1423030BA
                                                              SHA1:567841D37330074DBEEC2B6362F6858D787CD7A9
                                                              SHA-256:AC24F5CDD40979CAA8085700BF0BE0D5287E2224EB22432A9E34026F8451E7EE
                                                              SHA-512:782A90E3DE6220B3A50501198554391AC76673DEDA2E2CB029621518526A8799D31AF2BEA3B27C77E752DE107C5CCD38C053AF4B7117A5A3395D3EB04F8A7885
                                                              Malicious:false
                                                              Preview:{"type":"uninstall","id":"5e8eaf30-99cf-461b-92a7-987b6fa67eb3","creationDate":"2024-09-06T09:57:01.134Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"965729a8-84e4-4cad-a75d-ac8181902c4b","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):45904
                                                              Entropy (8bit):6.087683948503008
                                                              Encrypted:false
                                                              SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4nXn9LmZCnyHXSsPtedFabwzlrC1oowWE7RTupzKscDX/q:mMGQ5XMBGXeG1IoooRTuiC
                                                              MD5:3181BCD94A4719B822AE8529FA515D59
                                                              SHA1:F03028CD33A8D71D56D489C207BB3E1EE0676C3C
                                                              SHA-256:DBBD97A4D0CFA5ADBED9907CD9EB32937CE5517E893AEA1B865A8DDF221EE300
                                                              SHA-512:7C17952E373C517A16E560B89F1F0EDC8F3494171484CD1436E5695B649053FED84306A7D3C97279820B90BAFD683EC0AF6C2996D004716DCDBF6C218CC84ECD
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44170
                                                              Entropy (8bit):6.090490931448009
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kuCLmZt1tR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynAtGhOxqQoRTuiVIos
                                                              MD5:A6EA78E1A821C62DE52473D7F7B064C9
                                                              SHA1:ED36228DC667AF9A6D2303B7973D0AA080CFF16C
                                                              SHA-256:4E54175F6D9040E8CF0A37F0A9839CCF39372D474F70BD87B04DBE495A898119
                                                              SHA-512:BB903CD34E650E6A87C5BD6786818F48B394C90E7ADDF4C10D70B7C17DC2ACFB2D2F1399DB271EF1FCE438D476E3186132DEBF9365F28BA1895F5239092B1E18
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44625
                                                              Entropy (8bit):6.0956869622596335
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kpkLmZCnyJRSK7TFbKwWE7RTupzKscDX//NPC1os:z/Ps+wsI7yntKoRTuiVIos
                                                              MD5:FFFBCEC4ED621CFEBC03C39CEEA0397B
                                                              SHA1:CEACA1849401B171FD41452679AA3C4FE5A98488
                                                              SHA-256:B8EA5C61C30000A8204A14F756091D95A694DD19CD88F52BF2F97D1FED01B4A2
                                                              SHA-512:636070CB1567D0B444FB54B728DEEB76DE5171576F7C1B0696CB2DFCC122D93E085C9148C83578D08EED529D67353A0338E5F4EB9118BF67823779412EB6E3EA
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44681
                                                              Entropy (8bit):6.095978391958959
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xMkLmZCnyHXSsPtedFaKwWE7RTupzKscDX//NPC1os:z/Ps+wsI7yO0KoRTuiVIos
                                                              MD5:837861E531EDE4A8DD63194E2D779F54
                                                              SHA1:E0257DC1BFDCFBC6297BC57A9C5727DA1DAA34E4
                                                              SHA-256:EA14AE511469AF79CC88FC9CC523B6FE4E2A000DED1A2FD1006AC751579B1F2F
                                                              SHA-512:9BC298ED084537845A5ED50BB1B348F7C1BD5A3FAB6641D4604B3A8EC8470C3BE7C0E33BE3188B9AFC94E316CDFE431D7587EDB3B1EA000BB832E08E81EF76BF
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):45981
                                                              Entropy (8bit):6.087570742037788
                                                              Encrypted:false
                                                              SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4jKn9LmZCnyCXSsPtedFabwzlrC1oowWE7RTupzKscDX/q:mMGQ5XMB0KDG1IoooRTuiC
                                                              MD5:A4D0E0E605B962CC4210758741612AAE
                                                              SHA1:EBE94950EC6D04A37BEB64F3AD33419CE529219F
                                                              SHA-256:BFD07F8B84C8A4DE1E3672756A28B7779A284F045D45E3C3EF49DC19BCCD34EB
                                                              SHA-512:879EECE5F3BA3231C3EB23ED5AE7F9A3EAA29FAC417292E7388340807085EDC74F75EEB46994CF28A01DC3CFD337AE0DF9FA93EB63DE6861FAE3C528938E57CE
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):107893
                                                              Entropy (8bit):4.640149995732079
                                                              Encrypted:false
                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                                                              MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                                                              SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                                                              SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                                                              SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                                                              Malicious:false
                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):107893
                                                              Entropy (8bit):4.640149995732079
                                                              Encrypted:false
                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                                                              MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                                                              SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                                                              SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                                                              SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                                                              Malicious:false
                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.047647548579715614
                                                              Encrypted:false
                                                              SSDEEP:192:QC/O10pqtm1nOAQ5YPJPi6VBK/7+G1gsXqIIW5EvjBAIhu5NYf+RQ9abUwf1n8ys:QwO10ctWl8qgOhuMmcwt08T2RGOD
                                                              MD5:6F7D88B9E55FF1D193EB84990687768F
                                                              SHA1:3F43E461AB0275E8E21DB480528E472EC134A58C
                                                              SHA-256:85067DFAB9361DCD4D277D2D98DA91505A25DA61B932C13F98BDEB7A62DC3A0B
                                                              SHA-512:95B60679E1EA660E7D0D7C9C4F2FE71989299F9B384841D961ADF71C443E7BF3743E43E9468FA1359385C413E1C3D068045FD55955C3C4E0162585647D253937
                                                              Malicious:false
                                                              Preview:...@..@...@.....C.].....@............... k...Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".ooyufe20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............!......................w..U.>.........."....."...24.."."h5wmA/c+VK/+HCTGwU1TrwNY52XBTo9O05htSkjnNRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...V.-../Q@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2........V...... .2............... .2.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.4900839546750805
                                                              Encrypted:false
                                                              SSDEEP:6144:Cs9+lKrXhFn0aHBNcePq6eqnLNgQaHqhE1:bFn38e5A
                                                              MD5:9489AEADB126386F4BFBC0354D7BD5EF
                                                              SHA1:D625E9CFD87DE434FCB2E2FB6016D208549777AC
                                                              SHA-256:AF4E8A49EBC65D12C7AA713CBA8F16505759C124D470E1F73FDA4CB83B837499
                                                              SHA-512:A69FB1C3FF6AA8E64D3BD0E6A7F0620EE989F0406E5DBC4F41ADC97538A95FF11EA6F91EE4FD3C6EB3DC3306A4F7AA364250CD50B96311ED331E61AE677D4F2D
                                                              Malicious:false
                                                              Preview:...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".ooyufe20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............!......................w..U?:K..>.........."....."...24.."."h5wmA/c+VK/+HCTGwU1TrwNY52XBTo9O05htSkjnNRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...V.-../Q@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.........m...... .2...............
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):280
                                                              Entropy (8bit):4.195531555605597
                                                              Encrypted:false
                                                              SSDEEP:3:FiWWltlMpKoKuNoDZbkDURSHxig5ABVP/Sh/JzvNKIUBUhX9USWXQPWllt:o1GVKCoD4Hxi2ABVsJDZYeulX+W/
                                                              MD5:B43C738AB1422F16D60B4C4B49CC7DF2
                                                              SHA1:98C07F5F5E4F25C2BC0B2B5E6A3A2245F7D18215
                                                              SHA-256:C28208A8D5052C44515333D67BE35E9900BB0C1E68DECF8C8CDC8DB67DE51E4C
                                                              SHA-512:07A58D40C283CBDB4063D1EF70EBDAFF8E84CB47F530B939FA25195F9652976CB3E439F315A18D732128E60B5F2856DC1CA42E814DE45F2301DC143A0D22798E
                                                              Malicious:false
                                                              Preview:sdPC.........................TJ.[Y....."h5wmA/c+VK/+HCTGwU1TrwNY52XBTo9O05htSkjnNRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................ecadf109-1d88-4bd2-8ebf-85346832b43e............
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40470
                                                              Entropy (8bit):5.560971087470068
                                                              Encrypted:false
                                                              SSDEEP:768:55UAeK7pLGLv3VWPSsfjp8F1+UoAYDCx9Tuqh0VfUC9xbog/OVtGYf8OirwLjG42:55UAeicv3VWPSsfjpu1jaoGYEOHLjLbq
                                                              MD5:DC5FEB79CF24F68E063FE535B9480223
                                                              SHA1:41ECC74A9EEFBC95FD45A9F88C446106F1D60680
                                                              SHA-256:B594056925434857B233245FEEC69432EC9EA80D7E7FADCEF35B90F46C754A9E
                                                              SHA-512:B97159E42ACF5C40BF659E72E48E289BEF3B25BB39CD95271C96BA974CC3D36824659024725305CC110FFDF5CECEBEC6FD49E288A4962F335210AA5EA8C9E6FE
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370083103747481","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370083103747481","location":5,"ma
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):35272
                                                              Entropy (8bit):5.556657014827204
                                                              Encrypted:false
                                                              SSDEEP:768:55UAeVWPSsf4p8F1+UoAYDCx9Tuqh0VfUC9xbog/OVNf8OirwLjW4ElqKp7tugr/:55UAeVWPSsf4pu1jakEOHLjbEUOthL
                                                              MD5:3D7F5768A1C5891E2C7072FBD14EE3A2
                                                              SHA1:2A5E169C945ACE0DE1A3E4237D0721EEC41877DE
                                                              SHA-256:8DCF7B9B55F0458882CAFA92CD613FE2315D19B713EB11FF9F5D700E48899CD6
                                                              SHA-512:4DB361B3D96E257405DCD847B9042DCC55305710DB0E6E4F6241365177F30A42A2DB99D5CA1EECCAB821B3C5373AC0CC825ED4B32CBA2FACD9A27DF7502BF272
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370083103747481","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370083103747481","location":5,"ma
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):115717
                                                              Entropy (8bit):5.183660917461099
                                                              Encrypted:false
                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                              Malicious:false
                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):13123
                                                              Entropy (8bit):5.277686265617686
                                                              Encrypted:false
                                                              SSDEEP:192:stDJ99QTryDiuabatSuyEsfm+ZIa34OTOgNoIkv3J86bV+FD4QA4nf7NITPXYJ:stDPGQSuvsfZZXb6jbGUQxnf7NIY
                                                              MD5:49F76E9EF8BD523D5BA635EFDA21A150
                                                              SHA1:2886A61C32D1DC021143B7EC45DD9A7AB202E76D
                                                              SHA-256:89A1BDC2C56290367D07EA15BB2DDAB1940D8A822FFCB62BEC5672792DA42D6E
                                                              SHA-512:0C054781F17C4C926B6939CEEF15F329CE03420B31FEF9D9C9D435EA5CADC837CF550B320FF9FCCD886340CB6DB233283C791AE492B1FAF95E6988D62E2AC47D
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370083104500963","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12288
                                                              Entropy (8bit):5.202302598162962
                                                              Encrypted:false
                                                              SSDEEP:192:stDJ99QTryDigabatSuyEsfm+ZIa34Hkf3J86bV+FD4QA4Vq7NITPXYJ:stDPGKSuvsfZZXBbGUQxY7NIY
                                                              MD5:63DEB92D12A280ADA1950E471D900E03
                                                              SHA1:EDBA0E84C18B40EC64C5057D2CCDD2D99EB36FFC
                                                              SHA-256:8B667176F7BF54ECC5F8AB6A00FA7C1B119F77DE519237CA7E839857F50E81C0
                                                              SHA-512:EF8293CA3F9C7C9C20990FFB03FABE79BC0194D650096A76AC20F7B5AEA3CD7785A8AB12FE659021D4207C8FE57F5071FDEF7DAB7FD9589B7B9BEC84DFEBA821
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370083104500963","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):33
                                                              Entropy (8bit):3.5394429593752084
                                                              Encrypted:false
                                                              SSDEEP:3:iWstvhYNrkUn:iptAd
                                                              MD5:F27314DD366903BBC6141EAE524B0FDE
                                                              SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                              SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                              SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):309
                                                              Entropy (8bit):5.274613625160734
                                                              Encrypted:false
                                                              SSDEEP:6:Ph21QM1CHhJ23oH+Tcwtp3hBtB2KLllh2Vq2PCHhJ23oH+Tcwtp3hBWsIFUv:Ph2GAYebp3dFLnh2VvBYebp3eFUv
                                                              MD5:0B909F164AD8426B3DFB57FDF9F8756C
                                                              SHA1:816A34B18620BF4705F46ED77E4F66E774419366
                                                              SHA-256:D56A31AAD7CF283E7C315C5FDB2ED48A9CBF9D228881443E51B5D540484A5F7A
                                                              SHA-512:C49091C785C67B78F95F4FCADA1CCA5FA7E8A0BDC6002690699C428E3B2B359E5B364E4C77CC1171AF739C869EA79A6BAC8306DAFF119FBAE9C11EC458C92214
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:29.091 2064 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/09/06-03:58:29.166 2064 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):1764710
                                                              Entropy (8bit):5.1381041038489945
                                                              Encrypted:false
                                                              SSDEEP:24576:hKPsfKfgXaHbMhFQlmADAbpENUdifYOBHbc2r:hK0fqJmcx
                                                              MD5:A58790CE64696274A70872DA5CD8F715
                                                              SHA1:95A77666DA664D574F2BC267EFA160D3A28B11EC
                                                              SHA-256:E0504A1347CF47E763793B8CAB9ED9D1D693301689EED26C667D2908825064F4
                                                              SHA-512:D767627C51E14938F49959D2C01C2299AC95297711587C5FD362887FEC31F1143D5BEC7DFBBA1514C6BD74640433497EB791274512AD1CB52BEB75EF9388DB61
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1.Go..................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340967444415546.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):336
                                                              Entropy (8bit):5.186272166288817
                                                              Encrypted:false
                                                              SSDEEP:6:Ph2vmQ+q2PCHhJ23oH+Tcwt9Eh1tIFUt82h2jgZmw+2h23trSQVkwOCHhJ23oH+8:Ph2vL+vBYeb9Eh16FUt82h28/+2h2dLj
                                                              MD5:C46EAF8C9119DBBD923A28BBCF42D02C
                                                              SHA1:76AFB616A135FDBE2CFD213CD4D7114AEF9EEB41
                                                              SHA-256:7075671991BECCEFB434B0F4387BB5DD5303AB6532CA394B7AF2F7A4563A2A2C
                                                              SHA-512:084F6B74DFB4FAE1D8E68CF94DC351DBE96DDBB92E6699A2151001D802C082CC71FEE61168C042C156D038EF9E7404A23FE48416F4F169524A3A6E2B58F68447
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:29.079 21dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/06-03:58:29.081 21dc Recovering log #3.2024/09/06-03:58:29.114 21dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):336
                                                              Entropy (8bit):5.186272166288817
                                                              Encrypted:false
                                                              SSDEEP:6:Ph2vmQ+q2PCHhJ23oH+Tcwt9Eh1tIFUt82h2jgZmw+2h23trSQVkwOCHhJ23oH+8:Ph2vL+vBYeb9Eh16FUt82h28/+2h2dLj
                                                              MD5:C46EAF8C9119DBBD923A28BBCF42D02C
                                                              SHA1:76AFB616A135FDBE2CFD213CD4D7114AEF9EEB41
                                                              SHA-256:7075671991BECCEFB434B0F4387BB5DD5303AB6532CA394B7AF2F7A4563A2A2C
                                                              SHA-512:084F6B74DFB4FAE1D8E68CF94DC351DBE96DDBB92E6699A2151001D802C082CC71FEE61168C042C156D038EF9E7404A23FE48416F4F169524A3A6E2B58F68447
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:29.079 21dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/06-03:58:29.081 21dc Recovering log #3.2024/09/06-03:58:29.114 21dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):28672
                                                              Entropy (8bit):0.4648298626578175
                                                              Encrypted:false
                                                              SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBNjq:TouQq3qh7z3bY2LNW9WMcUvBQ
                                                              MD5:F2C1E8E0B2C8C78DAD41AB9EE41441DF
                                                              SHA1:78ADB66CE49936B7F2A27DE07FC985B972FC8831
                                                              SHA-256:D87AB406B0169CB497781A513685A21B4C65F602F283D5AA16BA7948D62AD6CB
                                                              SHA-512:9A3E8ACC6E685B7C1756DDD0E217DEC5A7931232B2A025F1F2E3B3417969C5BDD2DFFD36154160BB33D37EAB01CE31788FF640C6ABB3EF870BD41ADDE921020D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                              Category:dropped
                                                              Size (bytes):10240
                                                              Entropy (8bit):0.8708334089814068
                                                              Encrypted:false
                                                              SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                              MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                              SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                              SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                              SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):636554
                                                              Entropy (8bit):6.0127694795093625
                                                              Encrypted:false
                                                              SSDEEP:12288:BhjHVMIvgjD8xIXualvzHR7iaQKR+8JbtlmkdBC1esJxrVcQNaiBa:Bhq+kaIXnQs+Qb3mkGbJo5
                                                              MD5:CDE9ABB05D9CF09C0DA933480FEC3B64
                                                              SHA1:D28F62243CA290594B0EB556FE0831AA6FCC6C8A
                                                              SHA-256:036961C14225D6DD3397D4EA5B38D010A7F0EE778CFDBEFE9437F37DDE78E39F
                                                              SHA-512:FFD65D76C5DF99F63EDE9695B15CE7D3AD175FB87AD8C708DDBBF5E3747379CBCA0F30C5146E7EE1A86037DB96A63F36AAAD5606D6D95BF45022E3024BF2F018
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1.!Z2.................BLOOM_FILTER:..&{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3767945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+o3+RncW1oGSCAJdFuTFqUW6YaGaAbCC0mXuZLc6TAdWf+a3VWHilOI7HUSutZN7jjBKd4Xi34zSVDgDggvk4iE7SFOUe0to/ca2Z9NKMxb3353s+Xz5MJEyQlwFGH9Q4NPsSG7/Mg0OzIizAAoQKAb68INGxcqMD8b8cjATmbZA8J3gaDgCBh+FwkLSt7ItZOvFiz1UWGdFoGeWLVoid0mXBF1tVxiUsnfZrTOYUq+ybxegQgLR7oDn/09U0naczNrckPPeVov9TOq080La20glc39nrbTQ161ERvbKrN6QBMsgiTOHVfZfSTGNbPb7sPb+5dDTy5Pj4SDC6TCZj8jX3zHAoaELBAojh3rXGAdRcmlzljl/F2zoyuFBIUzr1kW7W1ersVw2uiPbjdETQ6f6PzQr5AIUQSnGkCAK4eY8TDM6HLdxH8VjohD4l8UWF3Y9XOks322TYQmhq7J/I5qw0+ibgaYj2D0vvNSxCuIJMAcBjJAiV3jSfyJZCI7hs3VWZSRjobGr+J4EqQa3vtIovMi1uA9KKefV9pM81NjK5N2TORH5BQe9Np+dJNRjevW/vXAW4n+oqu76r1jaC4FKAy9+Xb5xIFPlpZDNzVhz/6/ct6Hct8kU9B96g6Gv3o9/8jKq///viYVNKvcp+tGhn40YSm6uaOjATydJjaZqudEoej2VEh/hMKMwBMZNV2DvJuxJfXP9Vxyc06+ZH2XLctB6KM125+jdQ7UtY9dujxJcJ6P5ONGgAQohAe9Jqk8wYOnC5u/cDvlnwhGVt8QSnkPqM+ce4mL
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):142
                                                              Entropy (8bit):5.005553648117314
                                                              Encrypted:false
                                                              SSDEEP:3:lcZlt38E28xp4m3rscUSXQTt1LkkzJtlf+nETPxpK2x7LuX4VhvCTG:lcZX38D8xSEsIXGPLl+n0PxEWA4VF
                                                              MD5:A5896AA7C5C5F6AB1F068C9A5EDC716F
                                                              SHA1:CA2E85BE39981ABA221114FAB2C5B90B9FB7C9B3
                                                              SHA-256:7E12E0600A21DD250039E2D6A29B4236078D54B1452EB7C5C859F7AA8CE2BF09
                                                              SHA-512:BCAB7E55683F4A4E7685B60FF7EF67429B65C1F722DDB48919EB55F2C18626B1C646A25E475B41818BD40FB7CF922B61BBE06197DEF13175B9856076AAB09795
                                                              Malicious:false
                                                              Preview:....9................BLOOM_FILTER_EXPIRY_TIME:.1725695910.480615L.a.G................BLOOM_FILTER_LAST_MODIFIED:.Fri, 06 Sep 2024 01:06:01 GMT
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):636529
                                                              Entropy (8bit):6.012178686683981
                                                              Encrypted:false
                                                              SSDEEP:12288:vhEHVMavgBg8bIXuHlvzHM7iawKRt8AbtA0kdBO1esJxLVcWGaiQX:vh7cNaIXxwstXb+0kKbJ1l
                                                              MD5:D06FF4898FA4B70F70844C78C74E85F1
                                                              SHA1:343AACAE98E528494912A7795CFDA3320598B8B9
                                                              SHA-256:7075C56053C9821ACF183DBB7CF38F0EB58DED5773450E7FC5D015DAF9885A11
                                                              SHA-512:ADD667D77284908B8DE405827BA3BFA0D56A8E19DEC93D4E3B5CB6731001D86AA65899CEC389DDC0D50D40A95DFBFEF10838C3BB3E565330EE72F7E5C43A1AC1
                                                              Malicious:false
                                                              Preview:....&BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3767945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+o3+RncW1oGSCAJdFuTFqUW6YaGaAbCC0mXuZLc6TAdWf+a3VWHilOI7HUSutZN7jjBKd4Xi34zSVDgDggvk4iE7SFOUe0to/ca2Z9NKMxb3353s+Xz5MJEyQlwFGH9Q4NPsSG7/Mg0OzIizAAoQKAb68INGxcqMD8b8cjATmbZA8J3gaDgCBh+FwkLSt7ItZOvFiz1UWGdFoGeWLVoid0mXBF1tVxiUsnfZrTOYUq+ybxegQgLR7oDn/09U0naczNrckPPeVov9TOq080La20glc39nrbTQ161ERvbKrN6QBMsgiTOHVfZfSTGNbPb7sPb+5dDTy5Pj4SDC6TCZj8jX3zHAoaELBAojh3rXGAdRcmlzljl/F2zoyuFBIUzr1kW7W1ersVw2uiPbjdETQ6f6PzQr5AIUQSnGkCAK4eY8TDM6HLdxH8VjohD4l8UWF3Y9XOks322TYQmhq7J/I5qw0+ibgaYj2D0vvNSxCuIJMAcBjJAiV3jSfyJZCI7hs3VWZSRjobGr+J4EqQa3vtIovMi1uA9KKefV9pM81NjK5N2TORH5BQe9Np+dJNRjevW/vXAW4n+oqu76r1jaC4FKAy9+Xb5xIFPlpZDNzVhz/6/ct6Hct8kU9B96g6Gv3o9/8jKq///viYVNKvcp+tGhn40YSm6uaOjATydJjaZqudEoej2VEh/hMKMwBMZNV2DvJuxJfXP9Vxyc06+ZH2XLctB6KM125+jdQ7UtY9dujxJcJ6P5ONGgAQohAe9Jqk8wYOnC5u/cDvlnwhGVt8QSnkPqM+ce4mLoqavVr1W6M2pkmSIpauEh0cez8hN+5N/u78l15yvzNT5
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):509
                                                              Entropy (8bit):5.256670087912316
                                                              Encrypted:false
                                                              SSDEEP:12:PhdFjvBYebn9GFUt82hdFY1/+2hdFq56Yebn95Z9lhqf0nhqfr1K2ha+7h:XFjBYeb9ig8qFCF06Yeb9zpaGih
                                                              MD5:1E11A909BD7804325D6530A82E73470A
                                                              SHA1:54AB82B13B7046E52F38AA8FD6FB230054A41B8F
                                                              SHA-256:8329CAB6DED9887F8F46355B61663C6C4A5E04D4ACD04E773012E9FE09026B08
                                                              SHA-512:3B3E032B350D1332595FA53BF3B7C68902B30AD33618EA92B38B0EDF6D0B4F36068EA29C059C79C2081CB43EA35BE52C917BDE9C455DE7F61FA3B83020D99D39
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:23.814 1150 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/06-03:58:23.814 1150 Recovering log #3.2024/09/06-03:58:23.814 1150 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/09/06-03:58:30.583 cd0 Level-0 table #5: started.2024/09/06-03:58:30.709 cd0 Level-0 table #5: 636529 bytes OK.2024/09/06-03:58:30.710 cd0 Delete type=0 #3.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):509
                                                              Entropy (8bit):5.256670087912316
                                                              Encrypted:false
                                                              SSDEEP:12:PhdFjvBYebn9GFUt82hdFY1/+2hdFq56Yebn95Z9lhqf0nhqfr1K2ha+7h:XFjBYeb9ig8qFCF06Yeb9zpaGih
                                                              MD5:1E11A909BD7804325D6530A82E73470A
                                                              SHA1:54AB82B13B7046E52F38AA8FD6FB230054A41B8F
                                                              SHA-256:8329CAB6DED9887F8F46355B61663C6C4A5E04D4ACD04E773012E9FE09026B08
                                                              SHA-512:3B3E032B350D1332595FA53BF3B7C68902B30AD33618EA92B38B0EDF6D0B4F36068EA29C059C79C2081CB43EA35BE52C917BDE9C455DE7F61FA3B83020D99D39
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:23.814 1150 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/06-03:58:23.814 1150 Recovering log #3.2024/09/06-03:58:23.814 1150 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/09/06-03:58:30.583 cd0 Level-0 table #5: started.2024/09/06-03:58:30.709 cd0 Level-0 table #5: 636529 bytes OK.2024/09/06-03:58:30.710 cd0 Delete type=0 #3.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):103
                                                              Entropy (8bit):5.287315490441997
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjGtCSluhFhinvsD8xFxN3erkEtl:scoBY7j6CSluGvlxFDkHl
                                                              MD5:BBF990808A624C34FC58008F69BE5414
                                                              SHA1:8E91249954C47ED58AFAA34373006A9A907A8B87
                                                              SHA-256:2E9DF06E07493794BAE755C1954FDC37401D757916EBFBAA7F0EE64A8FD16E9E
                                                              SHA-512:9F6863BCEE0782B211E95986AEDB74E0563A24D7FE448A7CA56EC94CD489A5BE0999757C25CB75DB6789759DCB81C20236EFB96945165E15E3D139CA4836B844
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator..........7...............&.BLOOM_FILTER:.........DB_VERSION........
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6121946220214336
                                                              Encrypted:false
                                                              SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+ji1JpCzmL:TO8D4jJ/6Up+4KA
                                                              MD5:8FDAFD2B2500D0FE55165D6F31842631
                                                              SHA1:A788212A98B36FD7C9A62BF473DDFBA368B8CE12
                                                              SHA-256:6603D65E83961B0E80253A8EF9D1A48769DBF27A342476652E3F4CC32E6F76FC
                                                              SHA-512:297031A3C9B6DF76C18454249FE01E442FCE203C24D8B89DA97C81CA84484D4E9C8E32D00FD55DF1CB7413D157AEE5E3AA692418A0D075F33667DAA2520EFB94
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):375520
                                                              Entropy (8bit):5.354085129353103
                                                              Encrypted:false
                                                              SSDEEP:6144:QA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:QFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                              MD5:1CFC4C9BA30A1700C2303C730DCEED65
                                                              SHA1:E362DB5D135E1F86A7E890E87DA2BBC0B8CFE507
                                                              SHA-256:1C4872DB78B0C64670058410D67E8CE3E610A6021E53C8E1B945447598D64C11
                                                              SHA-512:0040D8FAEF3EEE439229FD86628C0F4F5F8C396D7AC03F0CEE6A9ED618A60EBD932B3AA329F4F7A7A1C1607B3E35AE8A1B9B1BA1363396F79843847B95DAFD92
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1..iPq...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13370083110194986..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):311
                                                              Entropy (8bit):5.198724340169813
                                                              Encrypted:false
                                                              SSDEEP:6:Ph2ZTR1CHhJ23oH+Tcwtk2WwnvB2KLllh2pq2PCHhJ23oH+Tcwtk2WwnvIFUv:Ph2ZTNYebkxwnvFLnh2pvBYebkxwnQF2
                                                              MD5:8FB3A435367CAF926278CD71AE82923D
                                                              SHA1:9DEFA13FA5FCF0B2475590D1FB1AA00F65FD3674
                                                              SHA-256:9CF02C189E971BBD17335288FFC7962117D00649318559868DBC76BBC5648500
                                                              SHA-512:6DA5F1D3740447C92AE7EE63A4D58561FAAA53B7B647245E1402B165CFB44A5075CF5F32F834CFD9AC861389FCDCE9746C42C00C8B8D524477463FE7B2BE7E9E
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:29.130 21c0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/06-03:58:29.182 21c0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:modified
                                                              Size (bytes):358859
                                                              Entropy (8bit):5.324600235318911
                                                              Encrypted:false
                                                              SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RN:C1gAg1zfvV
                                                              MD5:B92055459CF17FD55F873F916DEFC460
                                                              SHA1:C98778487E35A38A72A3B6CAD88037F73C25AB6B
                                                              SHA-256:C10906CFF053D4D53EF8685691861538E029A87C1E657CC33F1F4AD63C312510
                                                              SHA-512:FFB0178F00893D334EC5C218490C41501B52F01EDDFBA3CD2F34A9453D56200878AF7891F9918FEF3B63E36BD94F8B51AE72EB7709F091339997AF43A093E4EB
                                                              Malicious:false
                                                              Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):418
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                              MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                              SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                              SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                              SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                              Malicious:false
                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):321
                                                              Entropy (8bit):5.222647398457483
                                                              Encrypted:false
                                                              SSDEEP:6:Ph82FkdFN+q2PCHhJ23oH+Tcwt8aPrqIFUt82h82FkdFZZmw+2h8W3VkwOCHhJ2E:PhRFkHIvBYebL3FUt82hRFkHZ/+2hX5/
                                                              MD5:0AB0F80189B5DDDEF94924C53A6947E0
                                                              SHA1:4627A96C359AEB997E7F720F6843D13346A140CC
                                                              SHA-256:1B47B170CC33EC8672378D0179F3FEB39895B12019E2433CB097BFE27C7A69C7
                                                              SHA-512:0ACD006CB7E353BFC27842DD175D5D62FD85F443BC3DD4345FDDD0BE629767FFC9CD2DE229C24BB10ACE5A1BD8C83D2BCD64CD2EAAD6047AA95FFA8C9BCFDD2A
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:23.818 ed8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/09/06-03:58:23.818 ed8 Recovering log #3.2024/09/06-03:58:23.819 ed8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):321
                                                              Entropy (8bit):5.222647398457483
                                                              Encrypted:false
                                                              SSDEEP:6:Ph82FkdFN+q2PCHhJ23oH+Tcwt8aPrqIFUt82h82FkdFZZmw+2h8W3VkwOCHhJ2E:PhRFkHIvBYebL3FUt82hRFkHZ/+2hX5/
                                                              MD5:0AB0F80189B5DDDEF94924C53A6947E0
                                                              SHA1:4627A96C359AEB997E7F720F6843D13346A140CC
                                                              SHA-256:1B47B170CC33EC8672378D0179F3FEB39895B12019E2433CB097BFE27C7A69C7
                                                              SHA-512:0ACD006CB7E353BFC27842DD175D5D62FD85F443BC3DD4345FDDD0BE629767FFC9CD2DE229C24BB10ACE5A1BD8C83D2BCD64CD2EAAD6047AA95FFA8C9BCFDD2A
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:23.818 ed8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/09/06-03:58:23.818 ed8 Recovering log #3.2024/09/06-03:58:23.819 ed8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):418
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                              MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                              SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                              SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                              SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                              Malicious:false
                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):325
                                                              Entropy (8bit):5.218439741637872
                                                              Encrypted:false
                                                              SSDEEP:6:Ph8gBHN+q2PCHhJ23oH+Tcwt865IFUt82h8+Zmw+2h86VkwOCHhJ23oH+Tcwt86L:PhBovBYeb/WFUt82hF/+2hX56Yeb/+SJ
                                                              MD5:2FFB9372189D9272992E50B135843BAD
                                                              SHA1:759EC0808C494591B33B69851AF59FEEDCBD8162
                                                              SHA-256:896A90AE7888048D918B50848E219CCDABD06FA88DF23D8DA82B3F99175422CB
                                                              SHA-512:ADAAE47CEBE823D5FC1ADF0B06C98A133EF263738B0B034401C558E2ED6D82B4D94362B2875F124D06712FF7F861C1AFFDFD65E96F7A533D168DD3C2CCAE0DC4
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:23.840 ed8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/09/06-03:58:23.842 ed8 Recovering log #3.2024/09/06-03:58:23.842 ed8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):325
                                                              Entropy (8bit):5.218439741637872
                                                              Encrypted:false
                                                              SSDEEP:6:Ph8gBHN+q2PCHhJ23oH+Tcwt865IFUt82h8+Zmw+2h86VkwOCHhJ23oH+Tcwt86L:PhBovBYeb/WFUt82hF/+2hX56Yeb/+SJ
                                                              MD5:2FFB9372189D9272992E50B135843BAD
                                                              SHA1:759EC0808C494591B33B69851AF59FEEDCBD8162
                                                              SHA-256:896A90AE7888048D918B50848E219CCDABD06FA88DF23D8DA82B3F99175422CB
                                                              SHA-512:ADAAE47CEBE823D5FC1ADF0B06C98A133EF263738B0B034401C558E2ED6D82B4D94362B2875F124D06712FF7F861C1AFFDFD65E96F7A533D168DD3C2CCAE0DC4
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:23.840 ed8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/09/06-03:58:23.842 ed8 Recovering log #3.2024/09/06-03:58:23.842 ed8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):1254
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                              MD5:826B4C0003ABB7604485322423C5212A
                                                              SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                              SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                              SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                              Malicious:false
                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):321
                                                              Entropy (8bit):5.173304914132866
                                                              Encrypted:false
                                                              SSDEEP:6:PhPgVOq2PCHhJ23oH+Tcwt8NIFUt82hPgVXZmw+2hPgVFkwOCHhJ23oH+Tcwt8+Q:PhPBvBYebpFUt82hP8/+2hP856YebqJ
                                                              MD5:F20557DFB0388E8C2532CB8EE59D84B6
                                                              SHA1:156C07EB6B58529546D743C5C22483D92D29EB3A
                                                              SHA-256:7D325CEA92E930C03F3CFA5B03DF6FDC7FA753C53E1943453B0C1186D58F5349
                                                              SHA-512:FFA06E2305D25460E671559C2D3E72A100AE39B17F68D649B3F708A9CA9E16C913EDB23F1ED5334E57A26E72D68C987CE298A6705E5E4BEC15FB0DCD678D3938
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:24.620 ba0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/06-03:58:24.620 ba0 Recovering log #3.2024/09/06-03:58:24.620 ba0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):321
                                                              Entropy (8bit):5.173304914132866
                                                              Encrypted:false
                                                              SSDEEP:6:PhPgVOq2PCHhJ23oH+Tcwt8NIFUt82hPgVXZmw+2hPgVFkwOCHhJ23oH+Tcwt8+Q:PhPBvBYebpFUt82hP8/+2hP856YebqJ
                                                              MD5:F20557DFB0388E8C2532CB8EE59D84B6
                                                              SHA1:156C07EB6B58529546D743C5C22483D92D29EB3A
                                                              SHA-256:7D325CEA92E930C03F3CFA5B03DF6FDC7FA753C53E1943453B0C1186D58F5349
                                                              SHA-512:FFA06E2305D25460E671559C2D3E72A100AE39B17F68D649B3F708A9CA9E16C913EDB23F1ED5334E57A26E72D68C987CE298A6705E5E4BEC15FB0DCD678D3938
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:24.620 ba0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/06-03:58:24.620 ba0 Recovering log #3.2024/09/06-03:58:24.620 ba0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):429
                                                              Entropy (8bit):5.809210454117189
                                                              Encrypted:false
                                                              SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                              MD5:5D1D9020CCEFD76CA661902E0C229087
                                                              SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                              SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                              SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                              Malicious:false
                                                              Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):2.445173025969794
                                                              Encrypted:false
                                                              SSDEEP:96:0BCymIz4DM6EelS9nsH4/AztccuuoKwq4DRH:mNm2N6MsHXzCcPo1q0H
                                                              MD5:66D34DC4E026A036F9C91D363F3BE445
                                                              SHA1:48BDB55D500FB6315698348397FEA0F09C739698
                                                              SHA-256:BDD23C05313231F6DB5F1A3E9DC243D38D293546C8B3977E2C8995C9C5D984D8
                                                              SHA-512:7D862A301EF816C4A5D3BBF69BB77AB5CF31600D69300ECA8BA9598A775022E10C186B1EEAF41A75F90D41E2FED554CD9D8B2844586B8DF8FEC1F707D2F3E39E
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):155648
                                                              Entropy (8bit):0.676466487167869
                                                              Encrypted:false
                                                              SSDEEP:96:Z4DZYmLcpYWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kEps+4DA4:ZyYTphhH+bDo3iN0Z2TVJkXBBE3ybUl4
                                                              MD5:4A3C09DB2E40A156B7C18F190E73918A
                                                              SHA1:6301E19040F4B3B55DEBD141237CDCD0F7ABC972
                                                              SHA-256:E79CB33A5A70310E423C051FFE2E8540892D54E622D045B5EF0EC4C44FB012A7
                                                              SHA-512:E3512F55F7123853314C9A63606801E25816565958C853D612F64DAE92065373682EA9D6BFEADBEBEDF231325AE7FE2E01B7754C3837340F033D3595824DCC6A
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8720
                                                              Entropy (8bit):0.2191763562065486
                                                              Encrypted:false
                                                              SSDEEP:3:rlL/ntFlljq7A/mhWJFuQ3yy7IOWUmu4/dweytllrE9SFcTp4AGbNCV9RUIXs:xw75fOkl/d0Xi99pEYC
                                                              MD5:975F5C390F8181391D6AA3CC50C2FFDA
                                                              SHA1:09581C0DDA09A84452495212F33BAE9F2EE1D14F
                                                              SHA-256:7FE9322C684657B48D593A94E78B3CC0E0BDCBE7DED3551AE819077A3A28CE1E
                                                              SHA-512:3640D461E986A7316ABA62977C1E0B0B805A554ECE1DCE7B9C556872C7490D039F0FED199A51DDB74DB4B830F718202D7EF6676A7F4426D93BA77ABD5D87077D
                                                              Malicious:false
                                                              Preview:...............I...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):115717
                                                              Entropy (8bit):5.183660917461099
                                                              Encrypted:false
                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                              Malicious:false
                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):49152
                                                              Entropy (8bit):3.6481491983412413
                                                              Encrypted:false
                                                              SSDEEP:384:aj9P0acAjlxQkQerPP/KbtIgam6IThj773pLLRKToaAu:adkKlxe2PP/SjF7NRKcC
                                                              MD5:BFC796D91447B65CFFE9C1CBF0F76602
                                                              SHA1:AC8E2D2B5FA5F7236388439A564DB617D50992C7
                                                              SHA-256:6B48E190D354E780A68643808BB86D5CC430F6C175D9C3F5D66965862FD6FB1A
                                                              SHA-512:8ED7612BCC0E9FD38AA009510B64AC27C9BF00ECDEFF7B65927E7EF62725ABD90664F90D0B23A6BF72B196CE334EF3BAD13549C93108B6F34D993E4A2C255C26
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):405
                                                              Entropy (8bit):5.305006999047533
                                                              Encrypted:false
                                                              SSDEEP:12:PhifEAvBYeb8rcHEZrELFUt82hifEh/+2hicQ56Yeb8rcHEZrEZSJ:8syBYeb8nZrExg8nsmca6Yeb8nZrEZe
                                                              MD5:84DC7AE074883C6E5B054F61D34D245A
                                                              SHA1:59AADB9F5C457F9B775129F36AD174918697A70E
                                                              SHA-256:C605E981C6CD7312B78A97D254189C40D54AF316ABBC8E6065B40648E3122F20
                                                              SHA-512:F2B99121F2FE0BA608FA0C8414682B22DCC56AE6E5129698E897B2B7A013F23798AF037289284E860A0F068E52EEB5B4CAE146F33C5C684AB9219024617A511D
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:26.870 ba0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/06-03:58:26.870 ba0 Recovering log #3.2024/09/06-03:58:26.871 ba0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):405
                                                              Entropy (8bit):5.305006999047533
                                                              Encrypted:false
                                                              SSDEEP:12:PhifEAvBYeb8rcHEZrELFUt82hifEh/+2hicQ56Yeb8rcHEZrEZSJ:8syBYeb8nZrExg8nsmca6Yeb8nZrEZe
                                                              MD5:84DC7AE074883C6E5B054F61D34D245A
                                                              SHA1:59AADB9F5C457F9B775129F36AD174918697A70E
                                                              SHA-256:C605E981C6CD7312B78A97D254189C40D54AF316ABBC8E6065B40648E3122F20
                                                              SHA-512:F2B99121F2FE0BA608FA0C8414682B22DCC56AE6E5129698E897B2B7A013F23798AF037289284E860A0F068E52EEB5B4CAE146F33C5C684AB9219024617A511D
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:26.870 ba0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/06-03:58:26.870 ba0 Recovering log #3.2024/09/06-03:58:26.871 ba0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):336
                                                              Entropy (8bit):5.192011184403944
                                                              Encrypted:false
                                                              SSDEEP:6:PhPmVrVN4q2PCHhJ23oH+Tcwt8a2jMGIFUt82h6vL3JZmw+2h64DkwOCHhJ23oHr:PhPmVBN4vBYeb8EFUt82h6rJ/+2h64D5
                                                              MD5:C0C587E8E10DC0E19473752405A2D929
                                                              SHA1:0C16219C3023B4D683F892FE75C09101DD1AE5B4
                                                              SHA-256:62E8C7F2716E0E82A0DCF4EDB0E6377D593D5EC2BF2EE792A25D1D4CBCFC3FCB
                                                              SHA-512:0EAEEE03FE4089732ECE537DADF46A5246958D72E4142CD460A82BD8F4C3471AC48FE946F24D1E632D3EE34D62DEA74975D2C2A305F2644C8FD8A2FD0FE007C5
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:24.922 1cf0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/06-03:58:25.093 1cf0 Recovering log #3.2024/09/06-03:58:25.096 1cf0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):336
                                                              Entropy (8bit):5.192011184403944
                                                              Encrypted:false
                                                              SSDEEP:6:PhPmVrVN4q2PCHhJ23oH+Tcwt8a2jMGIFUt82h6vL3JZmw+2h64DkwOCHhJ23oHr:PhPmVBN4vBYeb8EFUt82h6rJ/+2h64D5
                                                              MD5:C0C587E8E10DC0E19473752405A2D929
                                                              SHA1:0C16219C3023B4D683F892FE75C09101DD1AE5B4
                                                              SHA-256:62E8C7F2716E0E82A0DCF4EDB0E6377D593D5EC2BF2EE792A25D1D4CBCFC3FCB
                                                              SHA-512:0EAEEE03FE4089732ECE537DADF46A5246958D72E4142CD460A82BD8F4C3471AC48FE946F24D1E632D3EE34D62DEA74975D2C2A305F2644C8FD8A2FD0FE007C5
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:24.922 1cf0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/06-03:58:25.093 1cf0 Recovering log #3.2024/09/06-03:58:25.096 1cf0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 6, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):24576
                                                              Entropy (8bit):0.40346803929258107
                                                              Encrypted:false
                                                              SSDEEP:24:TLiCwbvwsw9VwLwcORslcDw3wJ6UwccI5fB5I6dv:TxKX0wxORAmA/U1cEB5I6dv
                                                              MD5:B2234E1A17B1217C9E64CFDD1D1C495B
                                                              SHA1:CA0AD353222ACE7069C1ABC1F177B5210611EEF1
                                                              SHA-256:6214D2254316133D28F9457B3BF178AC37A74FA891197BA1F98CD3CFB5B66E89
                                                              SHA-512:7E0567B2FC8EF8FC15BFC427F37034D1FDB7D26ECE364B512DB74FA14B7A0B7B4BF8661E2FB1B6F9C1A488D2C31BEB9A0B693B0D5CAE710387DB7DB236A8D352
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...p."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2950
                                                              Entropy (8bit):5.2956959102716885
                                                              Encrypted:false
                                                              SSDEEP:48:YcCpfC0gCzsOtsaC5safcKs/gs9acsL4akEsI+HAs0Ysu+HpOCbc:F2fh5dScFaH4akE4MO4pn4
                                                              MD5:D0FCE183D231146038B8616C6CDFD6EE
                                                              SHA1:91003BDB7FC288E7ABE0EEABA1439696AF27DFE0
                                                              SHA-256:FEA869EA7C7D14DDDBCC54E5229AEF31B4E59B3CDA5343CEF95DB7EDC566ABD4
                                                              SHA-512:89412A759505EF607D8C1E31812E7E954F4FE9A5FF4B95A01CD47C6E0B96AADC4F152CD1ECF406207C1404BAE008D4C315A3E924BD7D60B90C9F56E3458D78F3
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372675107448475","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370176709704740","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372675109739744","port":443,"protocol_str":"quic"}],"anonymiza
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):188
                                                              Entropy (8bit):5.313182185642351
                                                              Encrypted:false
                                                              SSDEEP:3:YWRAWNjYAQtYWlPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZzFl5/:YWyWNsA2lBv31dB8wXwlmUUAnIMp5F5/
                                                              MD5:94F87139F148ED05CA7B58A1C0445043
                                                              SHA1:5062FC4F8CBEAAA230375F127170621AF885D4A9
                                                              SHA-256:4134A6BC94D4DD53CF918356E7D96E93F0537714182CCCA9A1D43649D44D8FB8
                                                              SHA-512:846463EF278C6F1961738D5FA7124B4F3A7FAF35FC09BBF35B1E05F28313597AC0B227ACFB55C4E8F5B02880C61597A463FBFD08E9C00DABD3345FAEE58BD029
                                                              Malicious:false
                                                              Preview:{"sts":[{"expiry":1757145516.647873,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725609516.647878}],"version":2}
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):187
                                                              Entropy (8bit):5.282070641391649
                                                              Encrypted:false
                                                              SSDEEP:3:YWRAWNjY+yTW8PI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZzwjKSQ:YWyWNs+AW8Bv31dB8wXwlmUUAnIMp56+
                                                              MD5:AAF900556CC12FC1FC5089866A46C678
                                                              SHA1:A37B7256DDC2BBB53FDEBB1BD66D81F738527986
                                                              SHA-256:F7A4A21E5C4D4108E6337D80278399BC3FB0096CC5FC00FFFD1F8EB7AAF38ACA
                                                              SHA-512:EECB8A8998E43CBA29FEBDCAD9DC13C252224CCB0EA0BB9770BA644FFC7552D7EB3E1F01D531FCDD73898B3E05CE943FCC4A6D24EDD7F577CA10A6283F6B6D81
                                                              Malicious:false
                                                              Preview:{"sts":[{"expiry":1757145576.677986,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725609576.67799}],"version":2}
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):1.084510437448951
                                                              Encrypted:false
                                                              SSDEEP:48:T2dKLopF+SawLUO1Xj8Bm6lwvQ5UrttI2gDO0roYpR4OFyPr:ige+AumGw42aysRyr
                                                              MD5:4F43C01E8368412AA9FD42135CC395B6
                                                              SHA1:D5CD13FD7058D92DFDA53C76E3E9662F46531365
                                                              SHA-256:4828F7EF5F15114A05B2B5173EC9DFC8598E685DAE06E7CC14C7F14BD7ADDAAE
                                                              SHA-512:7507970518214FCEAA019EF0A7DE28A3B3CDABF694F5F12F7B30DE898852CB600A5705A1CE7F39ED50E5CE3079EFD81A78CA212C9BE4474DF75171F19822DC88
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1452
                                                              Entropy (8bit):5.293818359480967
                                                              Encrypted:false
                                                              SSDEEP:24:YcCp/WRdsZZVMdmwC5mWRdsHPyZFRudFGRRds9JZFGJ/I3w6C1E6maPsQYhbS7n7:YcCpWsPuCvs+fcKsFgCgakhYhbc
                                                              MD5:B0733CD56C6DAEC03253582405A3C607
                                                              SHA1:EBFFEB5D568DFC774355F3329BB1DD69A06D9D17
                                                              SHA-256:BB4556F6A892CD298278B5D16EB81F2B815018687B11F789213CE95806E5A11C
                                                              SHA-512:F6F90123E0314680B23966126634511E879E761A8094AB17BD3B0F3D58F09DEB8780519C56F319B4C3FB723FE3148453E6B4A14338D052F3518D809761FD2344
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343559442531603","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343559443198826","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343559451800699","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1452
                                                              Entropy (8bit):5.293818359480967
                                                              Encrypted:false
                                                              SSDEEP:24:YcCp/WRdsZZVMdmwC5mWRdsHPyZFRudFGRRds9JZFGJ/I3w6C1E6maPsQYhbS7n7:YcCpWsPuCvs+fcKsFgCgakhYhbc
                                                              MD5:B0733CD56C6DAEC03253582405A3C607
                                                              SHA1:EBFFEB5D568DFC774355F3329BB1DD69A06D9D17
                                                              SHA-256:BB4556F6A892CD298278B5D16EB81F2B815018687B11F789213CE95806E5A11C
                                                              SHA-512:F6F90123E0314680B23966126634511E879E761A8094AB17BD3B0F3D58F09DEB8780519C56F319B4C3FB723FE3148453E6B4A14338D052F3518D809761FD2344
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343559442531603","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343559443198826","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343559451800699","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):1.6473408995460534
                                                              Encrypted:false
                                                              SSDEEP:96:JkIEumQv8m1ccnvS65m2V2DQnv02mQ4cByVZsB15LMhHRViDp1a:+IEumQv8m1ccnvS6YI24M2pyVZ8XoXN
                                                              MD5:BF69EF7B81B774F6E77C2D822D97C493
                                                              SHA1:A61A3738E925010CEA0D4D5978ED253D61E69803
                                                              SHA-256:95BAF85CF5EA5925B4D2DC01771D59CB8074E75CD55AA3C21FE7BDA9686D5F91
                                                              SHA-512:2AD72D7348CC3D623CC0B4B5F54FCB73A1F46C874878A98EE60A28D1600BCE22FF556C1A6EF99B0F011E71FF96FBD937408E0674030858833DABFC4DB8D5C8BB
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):188
                                                              Entropy (8bit):5.313182185642351
                                                              Encrypted:false
                                                              SSDEEP:3:YWRAWNjYAQtYWlPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZzFl5/:YWyWNsA2lBv31dB8wXwlmUUAnIMp5F5/
                                                              MD5:94F87139F148ED05CA7B58A1C0445043
                                                              SHA1:5062FC4F8CBEAAA230375F127170621AF885D4A9
                                                              SHA-256:4134A6BC94D4DD53CF918356E7D96E93F0537714182CCCA9A1D43649D44D8FB8
                                                              SHA-512:846463EF278C6F1961738D5FA7124B4F3A7FAF35FC09BBF35B1E05F28313597AC0B227ACFB55C4E8F5B02880C61597A463FBFD08E9C00DABD3345FAEE58BD029
                                                              Malicious:false
                                                              Preview:{"sts":[{"expiry":1757145516.647873,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725609516.647878}],"version":2}
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):188
                                                              Entropy (8bit):5.313182185642351
                                                              Encrypted:false
                                                              SSDEEP:3:YWRAWNjYAQtYWlPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZzFl5/:YWyWNsA2lBv31dB8wXwlmUUAnIMp5F5/
                                                              MD5:94F87139F148ED05CA7B58A1C0445043
                                                              SHA1:5062FC4F8CBEAAA230375F127170621AF885D4A9
                                                              SHA-256:4134A6BC94D4DD53CF918356E7D96E93F0537714182CCCA9A1D43649D44D8FB8
                                                              SHA-512:846463EF278C6F1961738D5FA7124B4F3A7FAF35FC09BBF35B1E05F28313597AC0B227ACFB55C4E8F5B02880C61597A463FBFD08E9C00DABD3345FAEE58BD029
                                                              Malicious:false
                                                              Preview:{"sts":[{"expiry":1757145516.647873,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725609516.647878}],"version":2}
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1452
                                                              Entropy (8bit):5.293818359480967
                                                              Encrypted:false
                                                              SSDEEP:24:YcCp/WRdsZZVMdmwC5mWRdsHPyZFRudFGRRds9JZFGJ/I3w6C1E6maPsQYhbS7n7:YcCpWsPuCvs+fcKsFgCgakhYhbc
                                                              MD5:B0733CD56C6DAEC03253582405A3C607
                                                              SHA1:EBFFEB5D568DFC774355F3329BB1DD69A06D9D17
                                                              SHA-256:BB4556F6A892CD298278B5D16EB81F2B815018687B11F789213CE95806E5A11C
                                                              SHA-512:F6F90123E0314680B23966126634511E879E761A8094AB17BD3B0F3D58F09DEB8780519C56F319B4C3FB723FE3148453E6B4A14338D052F3518D809761FD2344
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343559442531603","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343559443198826","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343559451800699","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8307038620100359
                                                              Encrypted:false
                                                              SSDEEP:24:TLSOUOq0afDdWec9sJlAz7Nm2z8ZI7J5fc:T+OUzDbg3eAzA2ztc
                                                              MD5:B18967139991D9CA13DF7E493540A358
                                                              SHA1:97411C14A8503C11248BE7404C9A79BA5146D40C
                                                              SHA-256:CCC36F21951B4CB357C57DA0CCA1FFF3B4C7027230C10FD8BCB72C0AFF66141F
                                                              SHA-512:473AE1B215B181785EA65F87E34155D5976C7AD1FA487B025E1C8711BFD127E99066990105CDA8D6F4804459118361217455AB1644803D22E6ECB164EEEFD630
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12288
                                                              Entropy (8bit):5.202302598162962
                                                              Encrypted:false
                                                              SSDEEP:192:stDJ99QTryDigabatSuyEsfm+ZIa34Hkf3J86bV+FD4QA4Vq7NITPXYJ:stDPGKSuvsfZZXBbGUQxY7NIY
                                                              MD5:63DEB92D12A280ADA1950E471D900E03
                                                              SHA1:EDBA0E84C18B40EC64C5057D2CCDD2D99EB36FFC
                                                              SHA-256:8B667176F7BF54ECC5F8AB6A00FA7C1B119F77DE519237CA7E839857F50E81C0
                                                              SHA-512:EF8293CA3F9C7C9C20990FFB03FABE79BC0194D650096A76AC20F7B5AEA3CD7785A8AB12FE659021D4207C8FE57F5071FDEF7DAB7FD9589B7B9BEC84DFEBA821
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370083104500963","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12288
                                                              Entropy (8bit):5.202302598162962
                                                              Encrypted:false
                                                              SSDEEP:192:stDJ99QTryDigabatSuyEsfm+ZIa34Hkf3J86bV+FD4QA4Vq7NITPXYJ:stDPGKSuvsfZZXBbGUQxY7NIY
                                                              MD5:63DEB92D12A280ADA1950E471D900E03
                                                              SHA1:EDBA0E84C18B40EC64C5057D2CCDD2D99EB36FFC
                                                              SHA-256:8B667176F7BF54ECC5F8AB6A00FA7C1B119F77DE519237CA7E839857F50E81C0
                                                              SHA-512:EF8293CA3F9C7C9C20990FFB03FABE79BC0194D650096A76AC20F7B5AEA3CD7785A8AB12FE659021D4207C8FE57F5071FDEF7DAB7FD9589B7B9BEC84DFEBA821
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370083104500963","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12288
                                                              Entropy (8bit):5.202302598162962
                                                              Encrypted:false
                                                              SSDEEP:192:stDJ99QTryDigabatSuyEsfm+ZIa34Hkf3J86bV+FD4QA4Vq7NITPXYJ:stDPGKSuvsfZZXBbGUQxY7NIY
                                                              MD5:63DEB92D12A280ADA1950E471D900E03
                                                              SHA1:EDBA0E84C18B40EC64C5057D2CCDD2D99EB36FFC
                                                              SHA-256:8B667176F7BF54ECC5F8AB6A00FA7C1B119F77DE519237CA7E839857F50E81C0
                                                              SHA-512:EF8293CA3F9C7C9C20990FFB03FABE79BC0194D650096A76AC20F7B5AEA3CD7785A8AB12FE659021D4207C8FE57F5071FDEF7DAB7FD9589B7B9BEC84DFEBA821
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370083104500963","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12288
                                                              Entropy (8bit):5.202302598162962
                                                              Encrypted:false
                                                              SSDEEP:192:stDJ99QTryDigabatSuyEsfm+ZIa34Hkf3J86bV+FD4QA4Vq7NITPXYJ:stDPGKSuvsfZZXBbGUQxY7NIY
                                                              MD5:63DEB92D12A280ADA1950E471D900E03
                                                              SHA1:EDBA0E84C18B40EC64C5057D2CCDD2D99EB36FFC
                                                              SHA-256:8B667176F7BF54ECC5F8AB6A00FA7C1B119F77DE519237CA7E839857F50E81C0
                                                              SHA-512:EF8293CA3F9C7C9C20990FFB03FABE79BC0194D650096A76AC20F7B5AEA3CD7785A8AB12FE659021D4207C8FE57F5071FDEF7DAB7FD9589B7B9BEC84DFEBA821
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370083104500963","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12288
                                                              Entropy (8bit):5.202302598162962
                                                              Encrypted:false
                                                              SSDEEP:192:stDJ99QTryDigabatSuyEsfm+ZIa34Hkf3J86bV+FD4QA4Vq7NITPXYJ:stDPGKSuvsfZZXBbGUQxY7NIY
                                                              MD5:63DEB92D12A280ADA1950E471D900E03
                                                              SHA1:EDBA0E84C18B40EC64C5057D2CCDD2D99EB36FFC
                                                              SHA-256:8B667176F7BF54ECC5F8AB6A00FA7C1B119F77DE519237CA7E839857F50E81C0
                                                              SHA-512:EF8293CA3F9C7C9C20990FFB03FABE79BC0194D650096A76AC20F7B5AEA3CD7785A8AB12FE659021D4207C8FE57F5071FDEF7DAB7FD9589B7B9BEC84DFEBA821
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370083104500963","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):83572
                                                              Entropy (8bit):5.663979673089071
                                                              Encrypted:false
                                                              SSDEEP:1536:GL0/Ry7vm2lhq4ljc+PjfOzBu+RMDVogUlcPCcBjjmny8dLA8j7baD7:GL6yLm2fq4pc+rCAogU2CcBjj3YAg7mn
                                                              MD5:DF1854C15C9C1C14B6343FE5D6CD82C0
                                                              SHA1:729DABC972E42156EBCFC4EF4EBA1518B4B08566
                                                              SHA-256:434F16BFB2B335BA57C22446B650A25E71E92D9F36A81445F5490DCA225FDCA5
                                                              SHA-512:02C108AFD5BFEC5A4C0E9384C1E3633FD17172ED554DD9E1BD73F33A0FB88EEDFEC29C011FB11C7CD00B63E8E9048C52701923C51BE1941ACE0BE2CB443EA15A
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1... j...............(QUERY_TIMESTAMP:product_category_en1.*.*.13370083117323135..QUERY:product_category_en1.*.*..[{"name":"product_category_en","url":"https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories","version":{"major":1,"minor":0,"patch":0},"hash":"r2jWYy3aqoi3+S+aPyOSfXOCPeLSy5AmAjNHvYRv9Hg=","size":82989}]...yg~..............!ASSET_VERSION:product_category_en.1.0.0..ASSET:product_category_en...."..3....Car & Garage..Belts & Hoses.#..+....Sports & Outdoors..Air Pumps.!.."....Car & Garage..Body Styling.4..5./..Gourmet Food & Chocolate..Spices & Seasonings.'..,."..Sports & Outdoors..Sleeping Gear.!..6....Lawn & Garden..Hydroponics.9.a.5..Books & Magazines. Gay & Lesbian Interest Magazines....+....Office Products..Pins.,..3.'..Kitchen & Housewares..Coffee Grinders.$..#....Computing..Enterprise Servers.#..&....Home Furnishings..Footboards.6...2..Books & Magazines..Computer & Internet Magazines.)..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):309
                                                              Entropy (8bit):5.2450628220096425
                                                              Encrypted:false
                                                              SSDEEP:6:PhzgHM1CHhJ23oH+TcwtgctZQInvB2KLllhTFhq2PCHhJ23oH+TcwtgctZQInvIg:PhzuAYebgGZznvFLnhJhvBYebgGZznQg
                                                              MD5:8BF7404B5BD57CDC7E598AEDFAA4DF3E
                                                              SHA1:3A05BD32ED4927C102FC00568A3936614D599B01
                                                              SHA-256:2892E05A784686C7544B4643D5D301BF20657E31F5067F820E35B813029891F4
                                                              SHA-512:627A75D23E0FC1BA0389FAD666F504EF8736A5822FD58361B8C6F83CCEB7F96D0974BA6B672C662A700D41C2E11427645209D649BA5D9B3FCD9761CE25B0A355
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:35.377 1444 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db since it was missing..2024/09/06-03:58:36.308 1444 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db/MANIFEST-000001.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):35272
                                                              Entropy (8bit):5.556657014827204
                                                              Encrypted:false
                                                              SSDEEP:768:55UAeVWPSsf4p8F1+UoAYDCx9Tuqh0VfUC9xbog/OVNf8OirwLjW4ElqKp7tugr/:55UAeVWPSsf4pu1jakEOHLjbEUOthL
                                                              MD5:3D7F5768A1C5891E2C7072FBD14EE3A2
                                                              SHA1:2A5E169C945ACE0DE1A3E4237D0721EEC41877DE
                                                              SHA-256:8DCF7B9B55F0458882CAFA92CD613FE2315D19B713EB11FF9F5D700E48899CD6
                                                              SHA-512:4DB361B3D96E257405DCD847B9042DCC55305710DB0E6E4F6241365177F30A42A2DB99D5CA1EECCAB821B3C5373AC0CC825ED4B32CBA2FACD9A27DF7502BF272
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370083103747481","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370083103747481","location":5,"ma
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):35272
                                                              Entropy (8bit):5.556657014827204
                                                              Encrypted:false
                                                              SSDEEP:768:55UAeVWPSsf4p8F1+UoAYDCx9Tuqh0VfUC9xbog/OVNf8OirwLjW4ElqKp7tugr/:55UAeVWPSsf4pu1jakEOHLjbEUOthL
                                                              MD5:3D7F5768A1C5891E2C7072FBD14EE3A2
                                                              SHA1:2A5E169C945ACE0DE1A3E4237D0721EEC41877DE
                                                              SHA-256:8DCF7B9B55F0458882CAFA92CD613FE2315D19B713EB11FF9F5D700E48899CD6
                                                              SHA-512:4DB361B3D96E257405DCD847B9042DCC55305710DB0E6E4F6241365177F30A42A2DB99D5CA1EECCAB821B3C5373AC0CC825ED4B32CBA2FACD9A27DF7502BF272
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370083103747481","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370083103747481","location":5,"ma
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):35272
                                                              Entropy (8bit):5.556657014827204
                                                              Encrypted:false
                                                              SSDEEP:768:55UAeVWPSsf4p8F1+UoAYDCx9Tuqh0VfUC9xbog/OVNf8OirwLjW4ElqKp7tugr/:55UAeVWPSsf4pu1jakEOHLjbEUOthL
                                                              MD5:3D7F5768A1C5891E2C7072FBD14EE3A2
                                                              SHA1:2A5E169C945ACE0DE1A3E4237D0721EEC41877DE
                                                              SHA-256:8DCF7B9B55F0458882CAFA92CD613FE2315D19B713EB11FF9F5D700E48899CD6
                                                              SHA-512:4DB361B3D96E257405DCD847B9042DCC55305710DB0E6E4F6241365177F30A42A2DB99D5CA1EECCAB821B3C5373AC0CC825ED4B32CBA2FACD9A27DF7502BF272
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370083103747481","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370083103747481","location":5,"ma
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):440
                                                              Entropy (8bit):4.662034832862543
                                                              Encrypted:false
                                                              SSDEEP:12:S+a8ljljljljlm/UJRnd3+CPQ3JRndSnGz3A/XkAvkAvkAv:Ra0ZZZZm/Uznd3IzndSG0Xk8k8k8
                                                              MD5:2CD5B0EF2C4D20AE2280003A86CCDCE3
                                                              SHA1:432B548EDCBAE224C11D6D7055347F6569E650E4
                                                              SHA-256:1A4CB16B8CDB0600FC125533D4189E2B826F1EEA278F25869044D8A94E1141A0
                                                              SHA-512:BC09B7C989AFAA2B6997A14947A2E6F40C1946696DF4D0E3C45C39125FB93E8D991894964E8B670447587CD57D60DE16A96A96F67BD1C58A34932B628D2D89C6
                                                              Malicious:false
                                                              Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............rh..j................next-map-id.1.Knamespace-641b32d2_fda7_432a_b9a6_e08d4580d0d5-https://accounts.google.com/.0..=.k................next-map-id.2.Lnamespace-641b32d2_fda7_432a_b9a6_e08d4580d0d5-https://accounts.youtube.com/.1. .................. .................. .................. .................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):324
                                                              Entropy (8bit):5.237604734427196
                                                              Encrypted:false
                                                              SSDEEP:6:PhPgoWOq2PCHhJ23oH+TcwtrQMxIFUt82hPguZZmw+2hPNFNzkwOCHhJ23oH+TcM:PhPkOvBYebCFUt82hPV/+2hPNrz56YeL
                                                              MD5:0E0913765101B4FA94B81937925320B3
                                                              SHA1:BCBA121D8CE614D8E4C3AA0BC8FECE1C63EEBF30
                                                              SHA-256:A0D689468EDA23C3609C72323E0F3C5B58F2A768356E898CA518C10C6FED21A7
                                                              SHA-512:83095BA321906F161771913C75D93ECC0BF7AE5744A6AA88AD0F2C0FA6B40AB1C47F833DEA44A3C59F0DD10EA9777BB44EDC324715E0FBE3ECD943EA11154530
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:24.764 1cd4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/06-03:58:24.767 1cd4 Recovering log #3.2024/09/06-03:58:24.912 1cd4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):324
                                                              Entropy (8bit):5.237604734427196
                                                              Encrypted:false
                                                              SSDEEP:6:PhPgoWOq2PCHhJ23oH+TcwtrQMxIFUt82hPguZZmw+2hPNFNzkwOCHhJ23oH+TcM:PhPkOvBYebCFUt82hPV/+2hPNrz56YeL
                                                              MD5:0E0913765101B4FA94B81937925320B3
                                                              SHA1:BCBA121D8CE614D8E4C3AA0BC8FECE1C63EEBF30
                                                              SHA-256:A0D689468EDA23C3609C72323E0F3C5B58F2A768356E898CA518C10C6FED21A7
                                                              SHA-512:83095BA321906F161771913C75D93ECC0BF7AE5744A6AA88AD0F2C0FA6B40AB1C47F833DEA44A3C59F0DD10EA9777BB44EDC324715E0FBE3ECD943EA11154530
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:24.764 1cd4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/06-03:58:24.767 1cd4 Recovering log #3.2024/09/06-03:58:24.912 1cd4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):7953
                                                              Entropy (8bit):4.167302362768768
                                                              Encrypted:false
                                                              SSDEEP:192:3YWHpYi1OdNx6JoMoW/aPJi3PPYUb/MPeX3PPYJWeA4e3jvoy:WdLdCPYUzPYc
                                                              MD5:1BE9AB670A64600FDB30FB392DB13BBC
                                                              SHA1:D4D451576FFC15287BABDBA63B58A0458B1EFA49
                                                              SHA-256:460ABE9FF47251E3BFA700E7151ECB740A7E353137FA819A567D113AF919B6D4
                                                              SHA-512:ABFB2F78B877590EC2F5F6564F54C64D0F7C6E6CD15ABEAC3C69183850D66B6CA6827C8770AECCB5B49ABB567CA7D8CB7E719B20E7F554F37A41D05F58516893
                                                              Malicious:false
                                                              Preview:SNSS........2.;............2.;......".2.;............2.;........2.;........2.;........2.;....!...2.;................................2.;.2.;1..,....2.;$...641b32d2_fda7_432a_b9a6_e08d4580d0d5....2.;........2.;...............2.;....2.;........................2.;....................5..0....2.;&...{890D5FC3-0C4C-4214-A93A-B8E730A022A1}......2.;........2.;...............................2.;................2.;o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium....117.....Google Chrome.......117.........Not;A=Brand.....8.0.0.0.....Chromium....117.0.5938.132......Google Chrome.......117.0.5938.132......117.0.5938.132......Windows.....10.0.0......x86.............64..................2.;................2.;o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium...
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.44194574462308833
                                                              Encrypted:false
                                                              SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                              MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                              SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                              SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                              SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):352
                                                              Entropy (8bit):5.189032980415741
                                                              Encrypted:false
                                                              SSDEEP:6:Ph8DYyq2PCHhJ23oH+Tcwt7Uh2ghZIFUt82h8DO1Zmw+2h8DYRkwOCHhJ23oH+T8:Ph0dvBYebIhHh2FUt82h0O1/+2h0g560
                                                              MD5:414A62D1542EC40A2D8880A1571D3F6F
                                                              SHA1:7FF19869D02786080592DD075B314318E50B816A
                                                              SHA-256:A131C8CB12E9560BD4E96C55ACC3922B8F80C094B14053C4AC72E2917EAA6480
                                                              SHA-512:CBCC627B64737BB2152931F1F6240842FAB41E7820720D84900AAB0972C80B73184D2653E09337E8728F750FDA3B52F7499D5D32024574FEA57C57AE24CB6F21
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:23.792 1150 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/06-03:58:23.792 1150 Recovering log #3.2024/09/06-03:58:23.792 1150 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):352
                                                              Entropy (8bit):5.189032980415741
                                                              Encrypted:false
                                                              SSDEEP:6:Ph8DYyq2PCHhJ23oH+Tcwt7Uh2ghZIFUt82h8DO1Zmw+2h8DYRkwOCHhJ23oH+T8:Ph0dvBYebIhHh2FUt82h0O1/+2h0g560
                                                              MD5:414A62D1542EC40A2D8880A1571D3F6F
                                                              SHA1:7FF19869D02786080592DD075B314318E50B816A
                                                              SHA-256:A131C8CB12E9560BD4E96C55ACC3922B8F80C094B14053C4AC72E2917EAA6480
                                                              SHA-512:CBCC627B64737BB2152931F1F6240842FAB41E7820720D84900AAB0972C80B73184D2653E09337E8728F750FDA3B52F7499D5D32024574FEA57C57AE24CB6F21
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:23.792 1150 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/06-03:58:23.792 1150 Recovering log #3.2024/09/06-03:58:23.792 1150 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):0.0012471779557650352
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):0.0012471779557650352
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):434
                                                              Entropy (8bit):5.251082805556
                                                              Encrypted:false
                                                              SSDEEP:12:PhPmXZvBYebvqBQFUt82h6B/+2h6aNF56YebvqBvJ:8VBYebvZg8x2K6Yebvk
                                                              MD5:AA76FDCF1CC7071388BB995770B2C3A0
                                                              SHA1:8A9B707DB8F839ABFDCE8815809756368FDFEE98
                                                              SHA-256:82F1E5AECC58103327B0FFD5D524789C2B734068D72DA70532EC9EA2DFD5DDCE
                                                              SHA-512:3E0CDE7F272FBC12B5B49CA0528BE69DBDDC68E027D573601F6A4D7088A421EE3F0324E5890248828236B30942765D42D087777F67DABA45594575AE8594BC8F
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:24.923 1cf4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/06-03:58:25.093 1cf4 Recovering log #3.2024/09/06-03:58:25.102 1cf4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):434
                                                              Entropy (8bit):5.251082805556
                                                              Encrypted:false
                                                              SSDEEP:12:PhPmXZvBYebvqBQFUt82h6B/+2h6aNF56YebvqBvJ:8VBYebvZg8x2K6Yebvk
                                                              MD5:AA76FDCF1CC7071388BB995770B2C3A0
                                                              SHA1:8A9B707DB8F839ABFDCE8815809756368FDFEE98
                                                              SHA-256:82F1E5AECC58103327B0FFD5D524789C2B734068D72DA70532EC9EA2DFD5DDCE
                                                              SHA-512:3E0CDE7F272FBC12B5B49CA0528BE69DBDDC68E027D573601F6A4D7088A421EE3F0324E5890248828236B30942765D42D087777F67DABA45594575AE8594BC8F
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:24.923 1cf4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/06-03:58:25.093 1cf4 Recovering log #3.2024/09/06-03:58:25.102 1cf4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):111
                                                              Entropy (8bit):4.718418993774295
                                                              Encrypted:false
                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                              MD5:807419CA9A4734FEAF8D8563A003B048
                                                              SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                              SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                              SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):0.3886039372934488
                                                              Encrypted:false
                                                              SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                              MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                              SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                              SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                              SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):111
                                                              Entropy (8bit):4.718418993774295
                                                              Encrypted:false
                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                              MD5:807419CA9A4734FEAF8D8563A003B048
                                                              SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                              SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                              SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):80
                                                              Entropy (8bit):3.4921535629071894
                                                              Encrypted:false
                                                              SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                              MD5:69449520FD9C139C534E2970342C6BD8
                                                              SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                              SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                              SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                              Malicious:false
                                                              Preview:*...#................version.1..namespace-..&f.................&f...............
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):422
                                                              Entropy (8bit):5.268449420003336
                                                              Encrypted:false
                                                              SSDEEP:12:PhojIvBYebvqBZFUt82hkW9/+2hc56YebvqBaJ:i2BYebvyg8/F6YebvL
                                                              MD5:3946852A2F48A0EBE564A87F0B8A26ED
                                                              SHA1:5271D4D5F34649AFE93AE1EBE659C0437D6B218F
                                                              SHA-256:4E95DC965D59FF61CE5224F9490FE6BC8C60D1AC62DD5286A1DEFFD32E30FE42
                                                              SHA-512:33F0764CF49838CC78B3D461E173942A04520F44CF923D40C96F768008DEF3CA389D84D3F6518ED3856C4EFCA670EE8AA005103040D55164B2D1E321625BB244
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:41.482 1cd4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/06-03:58:41.483 1cd4 Recovering log #3.2024/09/06-03:58:41.486 1cd4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):422
                                                              Entropy (8bit):5.268449420003336
                                                              Encrypted:false
                                                              SSDEEP:12:PhojIvBYebvqBZFUt82hkW9/+2hc56YebvqBaJ:i2BYebvyg8/F6YebvL
                                                              MD5:3946852A2F48A0EBE564A87F0B8A26ED
                                                              SHA1:5271D4D5F34649AFE93AE1EBE659C0437D6B218F
                                                              SHA-256:4E95DC965D59FF61CE5224F9490FE6BC8C60D1AC62DD5286A1DEFFD32E30FE42
                                                              SHA-512:33F0764CF49838CC78B3D461E173942A04520F44CF923D40C96F768008DEF3CA389D84D3F6518ED3856C4EFCA670EE8AA005103040D55164B2D1E321625BB244
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:41.482 1cd4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/06-03:58:41.483 1cd4 Recovering log #3.2024/09/06-03:58:41.486 1cd4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):325
                                                              Entropy (8bit):5.272113826439483
                                                              Encrypted:false
                                                              SSDEEP:6:Ph8Jm3+q2PCHhJ23oH+TcwtpIFUt82h8JmXZmw+2h8R3VkwOCHhJ23oH+Tcwta/o:Ph3OvBYebmFUt82h3X/+2hOF56YebaUJ
                                                              MD5:A54A22F717062514B326B2738DDEC8B4
                                                              SHA1:F3FCFCE3BCFC72ABC14BD8417C9A165464CE7201
                                                              SHA-256:17D64C318DC39BF3515454AEDB9E560D3B0A7E61355665383C173D0366E7461E
                                                              SHA-512:81458E027B70DAC8FB543B2C812401B5AD9995648E5B34B0510539EE6D5CB54B209D3B2B1B7F25955721FC33C782C4B2B5F0006642D0B9916A93CDE5537FF133
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:23.798 ed8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/06-03:58:23.798 ed8 Recovering log #3.2024/09/06-03:58:23.799 ed8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):325
                                                              Entropy (8bit):5.272113826439483
                                                              Encrypted:false
                                                              SSDEEP:6:Ph8Jm3+q2PCHhJ23oH+TcwtpIFUt82h8JmXZmw+2h8R3VkwOCHhJ23oH+Tcwta/o:Ph3OvBYebmFUt82h3X/+2hOF56YebaUJ
                                                              MD5:A54A22F717062514B326B2738DDEC8B4
                                                              SHA1:F3FCFCE3BCFC72ABC14BD8417C9A165464CE7201
                                                              SHA-256:17D64C318DC39BF3515454AEDB9E560D3B0A7E61355665383C173D0366E7461E
                                                              SHA-512:81458E027B70DAC8FB543B2C812401B5AD9995648E5B34B0510539EE6D5CB54B209D3B2B1B7F25955721FC33C782C4B2B5F0006642D0B9916A93CDE5537FF133
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:23.798 ed8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/06-03:58:23.798 ed8 Recovering log #3.2024/09/06-03:58:23.799 ed8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):131072
                                                              Entropy (8bit):0.005567161523650777
                                                              Encrypted:false
                                                              SSDEEP:3:ImtVFe/l///mSl/R2E/tllu:IiVFGj1/tf
                                                              MD5:28D2A96821324762E3EEAC70AA28A2CD
                                                              SHA1:0A6CB304CA53D3E3B9CFAC0A756A1021DA426071
                                                              SHA-256:C0067F5FA28A62D363964B7A395FF04A8EA56D0B9D18150BCA65D05BF88CAEB6
                                                              SHA-512:E79D0644044BA497C3216899FF021B29CCA8799B607EFC8CDD13790D7BF3F4ED5D1203A2AB7C4D6055BEC16841400E0F3376DFE29936AA5EB501F89AF0D62E08
                                                              Malicious:false
                                                              Preview:VLnk.....?.........S{...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.2650340624719025
                                                              Encrypted:false
                                                              SSDEEP:384:KrJ/2qOB1nxCkMdtSAELyKOMq+8QTQKC+CVumLB:K0q+n0JH9ELyKOMq+8Q7mB
                                                              MD5:2587700C9FAE256DA369C409DFADDF21
                                                              SHA1:5F9BC7CE483DAD115C15A57656848F979528E1A7
                                                              SHA-256:5D35720D864346927CC71A526D5F55A58D28D16D7937C2C125C7619844EA8872
                                                              SHA-512:D35BC2B8357FB6C30D0FD0EA46510005CA1A68093E5DA93EC5219B6DB4EBD51AC65F7CDD18475725C837D09A72F54DAE9CE8863A843AE769CAAEAB524B626EA9
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 11
                                                              Category:dropped
                                                              Size (bytes):14336
                                                              Entropy (8bit):1.416600127875731
                                                              Encrypted:false
                                                              SSDEEP:48:fK3tjkSdj5IUltGhp22iSBgZ2RyBzDufcrhK2RyBzDuVxj/:ftSjGhp22iSZ4DfP4D2
                                                              MD5:EFD49ABBA0D080B1134592E89413BF7B
                                                              SHA1:6F76F7DCB569FAFDB5C295F3C98BB400E3E6C9AB
                                                              SHA-256:A61D472BCC5DDE9294F531A7EA8A91AAA3E8F4265B63D1F0E8E1E771DDE3DF67
                                                              SHA-512:631D9797D83813B43207C76F80FBFBDDACA241F14E9466A100852759BBF9800694C0C0BFCD2C3890D032268CB80030B6B15B177F5DC6A9C9206294E3BF598D6A
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.41235120905181716
                                                              Encrypted:false
                                                              SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                              MD5:981F351994975A68A0DD3ECE5E889FD0
                                                              SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                              SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                              SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):13123
                                                              Entropy (8bit):5.277900774220444
                                                              Encrypted:false
                                                              SSDEEP:192:stDJ99QTryDiuabatSuyEsfm+ZIa34OTOgNoIkv3J86bV+FD4QA4Hf7NITPXYJ:stDPGQSuvsfZZXb6jbGUQxHf7NIY
                                                              MD5:FA1ECAB59278D93C028D7C22B637391F
                                                              SHA1:E7A47B7C7E6183B0F625C721748FE792BE704CD1
                                                              SHA-256:97EFDD4D4F2946B04AD463B9AD56DE27EB6DEF95BFDCC57E267387E8576EC3F9
                                                              SHA-512:528FEB7A3CF329931898FD6E2EEE6609A8D74FA06F0453989FB0B069EED5E8AA4744FA0998F7B8E5EAAF21F61F980307225380C0092E5CBA0F8A962761684C9A
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370083104500963","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):11755
                                                              Entropy (8bit):5.190465908239046
                                                              Encrypted:false
                                                              SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                              MD5:07301A857C41B5854E6F84CA00B81EA0
                                                              SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                              SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                              SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                              Malicious:false
                                                              Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12958
                                                              Entropy (8bit):5.28004224350092
                                                              Encrypted:false
                                                              SSDEEP:192:stDJ99QTryDiuabatSuyEsfm+ZIa34OTOgNoIkv3J86bV+FD4QA4wq7NITPXYJ:stDPGQSuvsfZZXb6jbGUQxr7NIY
                                                              MD5:E98CF692D85E8E13AD73A49288077B98
                                                              SHA1:250D4EC1BB8D7E525509781C16D7F6E996F88659
                                                              SHA-256:587C06D8989D483BF84FC8648F62EFA6E987BFE72A1E73D4A908B0F16305C195
                                                              SHA-512:E06373DE933E9659F6305BD304EEE06144340B1973BCAB4DE3AB5ECF1ABF3DAC89F120184E046FE019CB4BFF31AF74B87344B65EF2EAB41241D5CD080AFAC48D
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370083104500963","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):28672
                                                              Entropy (8bit):0.3410017321959524
                                                              Encrypted:false
                                                              SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                              MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                              SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                              SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                              SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):38627
                                                              Entropy (8bit):5.554665729579766
                                                              Encrypted:false
                                                              SSDEEP:768:55UAeK7pLGLv3VWPSsfjp8F1+UoAYDCx9Tuqh0VfUC9xbog/OVNf8OirwLjG4Elx:55UAeicv3VWPSsfjpu1jakEOHLjLEUOz
                                                              MD5:6BC2874714410F9F7B55503458049E06
                                                              SHA1:37A9EBE3FC219161D1273F416576884A3D817008
                                                              SHA-256:0252E7861CFBFE34F1EEBB2A96CF4F4B29320916A606590E0244367851158AFD
                                                              SHA-512:B3F33FC665F22D77101D66685447B11EEF7F0429CA62188535FBB3B6F27FB3AB3E0724A4B08EFE865B423AF290F1529B93415B5DBB78F2EE680891E74ABB2405
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370083103747481","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370083103747481","location":5,"ma
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12365
                                                              Entropy (8bit):5.206710296828101
                                                              Encrypted:false
                                                              SSDEEP:192:stDJ99QTryDiuabatSuyEsfm+ZIa34Hkv3J86bV+FD4QA4Vq7NITPXYJ:stDPGQSuvsfZZXJbGUQxY7NIY
                                                              MD5:85E0F0A752E2A0CF1396B55ED31DDA99
                                                              SHA1:1C9E538216C72F16C35B9732F8757AB0F2335493
                                                              SHA-256:588DE2A9689AFAEED405EED8F8BA2C6740E6F6CFAE9C9A1ACC15F61F78170ACB
                                                              SHA-512:35AC8F59A4DDE6CCB5EBA6B15B9F0A0859A3AD70D56DDA31ACE79580AFD42E532898ED34F0442C2D58C3831FD87CC2991010CA158846810BFE3B2A0797E7FA97
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370083104500963","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.11502684876358478
                                                              Encrypted:false
                                                              SSDEEP:12:WtCvctC3SpEjVl/PnnnnnnnnnnnnnnnvoQsUQo8AGS:WtQctICoPnnnnnnnnnnnnnnnvN3zd
                                                              MD5:9A6C53DE509786A24A6C90B6F3E30A7B
                                                              SHA1:CC5A222D920BAB57AEF1A3D14A27C23C3116CCDC
                                                              SHA-256:FDAA23DADA7B9DCB5FA0122F4422F526F08295B14A4D6B534939EC7B082B2907
                                                              SHA-512:96451AD7DBA01EDAB0CEB852D0BD8CC5D28B9854839DA7362708E4B81BC891B82026C75D3A3A5BE75A5B2DE1A8456877DC09DC6078672667943A4E0485B21F8A
                                                              Malicious:false
                                                              Preview:..-.............].......r+..4.K.XE6.:....#K,....-.............].......r+..4.K.XE6.:....#K,..........Y...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                              Category:dropped
                                                              Size (bytes):383192
                                                              Entropy (8bit):1.08053630605413
                                                              Encrypted:false
                                                              SSDEEP:768:3odKw3UQ8WiTjKcR2SR2WTRMK1T2UR7e1f1URrF1kDUR+1VtS1dAURaEaS1nUR+Z:TkH56OcsSUWTqqLReO1/V0Vs3RvUBy
                                                              MD5:DA75F8EF0338584FC84A675414A6185F
                                                              SHA1:A829296A8B0191506FC2804F13B139F6D476280A
                                                              SHA-256:593834D204558C9A90F57C8EC1138AB163B72CFCFE15829FAB8EE6232BBFDF6C
                                                              SHA-512:9EE60ECB9CEB3D0E9EFCF75C381852E1A141385A45F61379A20D4A3AEE0EBE85D857791CD08FC2C4DF33F4816B40A0B53F88A3F7F820DBA5DB24A850DBCA95FF
                                                              Malicious:false
                                                              Preview:7....-...........XE6.:...,\...n..........XE6.:...^.J.~.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):514
                                                              Entropy (8bit):3.554139303285388
                                                              Encrypted:false
                                                              SSDEEP:6:/XntM+dll3sedhO38WrOuuuuuuuuuuuuZsedhOiUEEEE:lllc8zWrOuuuuuuuuuuuuS8pU
                                                              MD5:90A49F0071E65B7BB2CD9242DB181097
                                                              SHA1:00492C66431ED5951EBBC90A28437E4B5370F60A
                                                              SHA-256:7B57248777DABB08D58D74231971590108D4662EB5D1C49390CAC45584E5872E
                                                              SHA-512:7C3C7740FAA4E021A08D8081A0308DB636202DBD6FED6AEA5C292F4766A3EFA79230495FDE872752523C8EF7B7CA1FA714526F1CD2F743CB61774A8EC06A63AE
                                                              Malicious:false
                                                              Preview:A..r.................20_1_1...1.,U.................20_1_1...1....0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............kh..0................39_config..........6.....n ...1V.e................V.e................V.e................V.e................V.e................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):321
                                                              Entropy (8bit):5.223487754860116
                                                              Encrypted:false
                                                              SSDEEP:6:PhPfv34q2PCHhJ23oH+TcwtfrK+IFUt82hPmZmw+2hPakwOCHhJ23oH+TcwtfrUQ:PhPfAvBYeb23FUt82hPm/+2hPa56Yeb5
                                                              MD5:B069D382B978F0E05E9F8C3972071FA0
                                                              SHA1:C34B53E5B86745C6626D015344619A900C2CEDA1
                                                              SHA-256:F27E6AB7F08E9FA3FC95BAAAD21DBC994F34183BA8A8AB1EE4D8C80C4D707059
                                                              SHA-512:ACF2D9942754F950484A27184B6176F83E93A9F0B995D190514799F4B7337D65B7807FD0D6E6C645EB79B9473EEF52780B26F125F73E3908ECFE67369FD011FA
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:24.531 ba0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/06-03:58:24.532 ba0 Recovering log #3.2024/09/06-03:58:24.532 ba0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):321
                                                              Entropy (8bit):5.223487754860116
                                                              Encrypted:false
                                                              SSDEEP:6:PhPfv34q2PCHhJ23oH+TcwtfrK+IFUt82hPmZmw+2hPakwOCHhJ23oH+TcwtfrUQ:PhPfAvBYeb23FUt82hPm/+2hPa56Yeb5
                                                              MD5:B069D382B978F0E05E9F8C3972071FA0
                                                              SHA1:C34B53E5B86745C6626D015344619A900C2CEDA1
                                                              SHA-256:F27E6AB7F08E9FA3FC95BAAAD21DBC994F34183BA8A8AB1EE4D8C80C4D707059
                                                              SHA-512:ACF2D9942754F950484A27184B6176F83E93A9F0B995D190514799F4B7337D65B7807FD0D6E6C645EB79B9473EEF52780B26F125F73E3908ECFE67369FD011FA
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:24.531 ba0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/06-03:58:24.532 ba0 Recovering log #3.2024/09/06-03:58:24.532 ba0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):753
                                                              Entropy (8bit):4.037333775091125
                                                              Encrypted:false
                                                              SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvBs:G0nYUtypD3RUovhC+lvBOL+t3IvBs
                                                              MD5:C5675C35B320A0898802E1ECFD3476E8
                                                              SHA1:B6CA1C2EE1340662A7B495778416988006748327
                                                              SHA-256:8E60BB9B60A9A242D016CF5425FF3D76A94911F197B3E4AB08A417E39C2832A5
                                                              SHA-512:DAA3E9FADF4F69A88600460F48116E50BCE1C979E4AFA7114D1B8CCEC6626520CC3725D0BB845E0FCC8587A8690D4AC495C138AB1AAC2981CAEB9C485FA0CC67
                                                              Malicious:false
                                                              Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):339
                                                              Entropy (8bit):5.217186417803589
                                                              Encrypted:false
                                                              SSDEEP:6:PhPCSmAq2PCHhJ23oH+TcwtfrzAdIFUt82hPCSmhZmw+2hPCuDkwOCHhJ23oH+TC:PhPCSPvBYeb9FUt82hPCSC/+2hPCuD5L
                                                              MD5:5CE9012F45CD820138D0EC3FD4D5D6DE
                                                              SHA1:4CAB1584DD75FB588BD387F17CA63D807FE37FDA
                                                              SHA-256:76488390FB82FAB6C8AADC4DEC1116D455B908CAF7447623BD6AA8C7ECE18361
                                                              SHA-512:EF952A606EBC2C2980CCBB426F3324D24B342CA512A30C93222C0327A8E27059D543B0781D09B7ACDCD3535550C496A4697B40255B72458D33876503E64A13B1
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:24.527 ba0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/06-03:58:24.527 ba0 Recovering log #3.2024/09/06-03:58:24.528 ba0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):339
                                                              Entropy (8bit):5.217186417803589
                                                              Encrypted:false
                                                              SSDEEP:6:PhPCSmAq2PCHhJ23oH+TcwtfrzAdIFUt82hPCSmhZmw+2hPCuDkwOCHhJ23oH+TC:PhPCSPvBYeb9FUt82hPCSC/+2hPCuD5L
                                                              MD5:5CE9012F45CD820138D0EC3FD4D5D6DE
                                                              SHA1:4CAB1584DD75FB588BD387F17CA63D807FE37FDA
                                                              SHA-256:76488390FB82FAB6C8AADC4DEC1116D455B908CAF7447623BD6AA8C7ECE18361
                                                              SHA-512:EF952A606EBC2C2980CCBB426F3324D24B342CA512A30C93222C0327A8E27059D543B0781D09B7ACDCD3535550C496A4697B40255B72458D33876503E64A13B1
                                                              Malicious:false
                                                              Preview:2024/09/06-03:58:24.527 ba0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/06-03:58:24.527 ba0 Recovering log #3.2024/09/06-03:58:24.528 ba0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):120
                                                              Entropy (8bit):3.32524464792714
                                                              Encrypted:false
                                                              SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                              MD5:A397E5983D4A1619E36143B4D804B870
                                                              SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                              SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                              SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                              Malicious:false
                                                              Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):13
                                                              Entropy (8bit):2.7192945256669794
                                                              Encrypted:false
                                                              SSDEEP:3:NYLFRQI:ap2I
                                                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                              Malicious:false
                                                              Preview:117.0.2045.47
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44170
                                                              Entropy (8bit):6.090490931448009
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kuCLmZt1tR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynAtGhOxqQoRTuiVIos
                                                              MD5:A6EA78E1A821C62DE52473D7F7B064C9
                                                              SHA1:ED36228DC667AF9A6D2303B7973D0AA080CFF16C
                                                              SHA-256:4E54175F6D9040E8CF0A37F0A9839CCF39372D474F70BD87B04DBE495A898119
                                                              SHA-512:BB903CD34E650E6A87C5BD6786818F48B394C90E7ADDF4C10D70B7C17DC2ACFB2D2F1399DB271EF1FCE438D476E3186132DEBF9365F28BA1895F5239092B1E18
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44170
                                                              Entropy (8bit):6.090490931448009
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kuCLmZt1tR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynAtGhOxqQoRTuiVIos
                                                              MD5:A6EA78E1A821C62DE52473D7F7B064C9
                                                              SHA1:ED36228DC667AF9A6D2303B7973D0AA080CFF16C
                                                              SHA-256:4E54175F6D9040E8CF0A37F0A9839CCF39372D474F70BD87B04DBE495A898119
                                                              SHA-512:BB903CD34E650E6A87C5BD6786818F48B394C90E7ADDF4C10D70B7C17DC2ACFB2D2F1399DB271EF1FCE438D476E3186132DEBF9365F28BA1895F5239092B1E18
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44170
                                                              Entropy (8bit):6.090490931448009
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kuCLmZt1tR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynAtGhOxqQoRTuiVIos
                                                              MD5:A6EA78E1A821C62DE52473D7F7B064C9
                                                              SHA1:ED36228DC667AF9A6D2303B7973D0AA080CFF16C
                                                              SHA-256:4E54175F6D9040E8CF0A37F0A9839CCF39372D474F70BD87B04DBE495A898119
                                                              SHA-512:BB903CD34E650E6A87C5BD6786818F48B394C90E7ADDF4C10D70B7C17DC2ACFB2D2F1399DB271EF1FCE438D476E3186132DEBF9365F28BA1895F5239092B1E18
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44170
                                                              Entropy (8bit):6.090490931448009
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kuCLmZt1tR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynAtGhOxqQoRTuiVIos
                                                              MD5:A6EA78E1A821C62DE52473D7F7B064C9
                                                              SHA1:ED36228DC667AF9A6D2303B7973D0AA080CFF16C
                                                              SHA-256:4E54175F6D9040E8CF0A37F0A9839CCF39372D474F70BD87B04DBE495A898119
                                                              SHA-512:BB903CD34E650E6A87C5BD6786818F48B394C90E7ADDF4C10D70B7C17DC2ACFB2D2F1399DB271EF1FCE438D476E3186132DEBF9365F28BA1895F5239092B1E18
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44170
                                                              Entropy (8bit):6.090490931448009
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kuCLmZt1tR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynAtGhOxqQoRTuiVIos
                                                              MD5:A6EA78E1A821C62DE52473D7F7B064C9
                                                              SHA1:ED36228DC667AF9A6D2303B7973D0AA080CFF16C
                                                              SHA-256:4E54175F6D9040E8CF0A37F0A9839CCF39372D474F70BD87B04DBE495A898119
                                                              SHA-512:BB903CD34E650E6A87C5BD6786818F48B394C90E7ADDF4C10D70B7C17DC2ACFB2D2F1399DB271EF1FCE438D476E3186132DEBF9365F28BA1895F5239092B1E18
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44170
                                                              Entropy (8bit):6.090490931448009
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kuCLmZt1tR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynAtGhOxqQoRTuiVIos
                                                              MD5:A6EA78E1A821C62DE52473D7F7B064C9
                                                              SHA1:ED36228DC667AF9A6D2303B7973D0AA080CFF16C
                                                              SHA-256:4E54175F6D9040E8CF0A37F0A9839CCF39372D474F70BD87B04DBE495A898119
                                                              SHA-512:BB903CD34E650E6A87C5BD6786818F48B394C90E7ADDF4C10D70B7C17DC2ACFB2D2F1399DB271EF1FCE438D476E3186132DEBF9365F28BA1895F5239092B1E18
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5963118027796015
                                                              Encrypted:false
                                                              SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                                              MD5:48A6A0713B06707BC2FE9A0F381748D3
                                                              SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                                              SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                                              SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):2031121
                                                              Entropy (8bit):4.001535139479347
                                                              Encrypted:false
                                                              SSDEEP:49152:LgPY2N/MR+DgVFIlq6hhN7X4VrgKk+lzlVSa4YVxeUOolPKRayAH09bnwBXQ0a/Z:i
                                                              MD5:7F4CBC7E09250B5D99FB95AE1BE8E67D
                                                              SHA1:689B2E06B3B98270B156048A8620DE7213C07A4F
                                                              SHA-256:DE95A59EAF1374E5D39D2E4D4BD06B6C81B19BB9AAF175580F595106639C3F74
                                                              SHA-512:0F8B8F190F656E208F6D5050909ED1A4BEB6D7C27EDD1AE77CFEB19F753A135CB8DAF93ED4139FEF27B53F83EA87B8B243465B15303DDBF1CE280EDAA700AFE6
                                                              Malicious:false
                                                              Preview:.........{ .*..{.....{. ...{aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):2031121
                                                              Entropy (8bit):4.001535139479347
                                                              Encrypted:false
                                                              SSDEEP:49152:LgPY2N/MR+DgVFIlq6hhN7X4VrgKk+lzlVSa4YVxeUOolPKRayAH09bnwBXQ0a/Z:i
                                                              MD5:7F4CBC7E09250B5D99FB95AE1BE8E67D
                                                              SHA1:689B2E06B3B98270B156048A8620DE7213C07A4F
                                                              SHA-256:DE95A59EAF1374E5D39D2E4D4BD06B6C81B19BB9AAF175580F595106639C3F74
                                                              SHA-512:0F8B8F190F656E208F6D5050909ED1A4BEB6D7C27EDD1AE77CFEB19F753A135CB8DAF93ED4139FEF27B53F83EA87B8B243465B15303DDBF1CE280EDAA700AFE6
                                                              Malicious:false
                                                              Preview:.........{ .*..{.....{. ...{aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):47
                                                              Entropy (8bit):4.3818353308528755
                                                              Encrypted:false
                                                              SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                              MD5:48324111147DECC23AC222A361873FC5
                                                              SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                              SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                              SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                              Malicious:false
                                                              Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):35
                                                              Entropy (8bit):4.014438730983427
                                                              Encrypted:false
                                                              SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                              MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                              SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                              SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                              SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                              Malicious:false
                                                              Preview:{"forceServiceDetermination":false}
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):50
                                                              Entropy (8bit):3.9904355005135823
                                                              Encrypted:false
                                                              SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                              MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                              SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                              SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                              SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                              Malicious:false
                                                              Preview:topTraffic_170540185939602997400506234197983529371
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):575056
                                                              Entropy (8bit):7.999649474060713
                                                              Encrypted:true
                                                              SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                              MD5:BE5D1A12C1644421F877787F8E76642D
                                                              SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                              SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                              SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                              Malicious:false
                                                              Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):86
                                                              Entropy (8bit):4.3751917412896075
                                                              Encrypted:false
                                                              SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                              MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                              SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                              SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                              SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                              Malicious:false
                                                              Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:modified
                                                              Size (bytes):44625
                                                              Entropy (8bit):6.0956869622596335
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kpkLmZCnyJRSK7TFbKwWE7RTupzKscDX//NPC1os:z/Ps+wsI7yntKoRTuiVIos
                                                              MD5:FFFBCEC4ED621CFEBC03C39CEEA0397B
                                                              SHA1:CEACA1849401B171FD41452679AA3C4FE5A98488
                                                              SHA-256:B8EA5C61C30000A8204A14F756091D95A694DD19CD88F52BF2F97D1FED01B4A2
                                                              SHA-512:636070CB1567D0B444FB54B728DEEB76DE5171576F7C1B0696CB2DFCC122D93E085C9148C83578D08EED529D67353A0338E5F4EB9118BF67823779412EB6E3EA
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):45981
                                                              Entropy (8bit):6.087571290581459
                                                              Encrypted:false
                                                              SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4jXn9LmZCnyCXSsPtedFabwzlrC1oowWE7RTupzKscDX/q:mMGQ5XMB0XDG1IoooRTuiC
                                                              MD5:D685D927E0E39FC7F29B78B548B5554A
                                                              SHA1:D8BFEB255D0303DB8CAF06586138418B48C1B3FD
                                                              SHA-256:C453282BAC4532D283A4C3AAA6FA5660129EC15F41D24BFF07A6985CAA9BEFB9
                                                              SHA-512:A5A20FF03EC7AD4D7C4C0B9A01E0D2059856584241E0E07EBE43E2B7A0C8250BB6E1EA17AA1BDEF59EDDAB4F5FF4E272B3ED5DB23FC7AD36A9B3EB4DF32B7B54
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):2278
                                                              Entropy (8bit):3.8504297049768943
                                                              Encrypted:false
                                                              SSDEEP:48:uiTrlKxrgx6xl9Il8ufwgbGb+V2h6euI+hnUlyIb89d1rc:mjYxb4KDvIeUdbh
                                                              MD5:A0116F2B86AF6ED682EB5876D74DB75E
                                                              SHA1:9C51EBFAB15A1DB9A98CB009733FA0F973F4996A
                                                              SHA-256:383D6B0F6D10D55EA99CC2C46EF79BA65776DFAF5F07E65A4988CD3383F4EAB0
                                                              SHA-512:E3A47557857F307297CBFBEA3C817CFEA22228AF6EA0C351DA85B5C586B222B1C6E6C3F2BC38E3E36BFBB0EE90BC6D3CAAFF32AACCDA5E66F99953E95D14FA5C
                                                              Malicious:false
                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.B.J.3.8.D.o.A.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.Y.J.f.R.L.7.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4622
                                                              Entropy (8bit):3.9967806982424583
                                                              Encrypted:false
                                                              SSDEEP:96:hYWG/fhFyjQvnAYg3Y+UrlPGaTkRD2CW0toI:h6ejQ/A2BRnkRD2CWmF
                                                              MD5:1E2583367C7A814E210AEA73CD164D59
                                                              SHA1:0DF3EF35B7ACC20B9C9FB58900D61749711CF1B1
                                                              SHA-256:1880C7B3AE0687C5846924567D692FB5214A4A8A2776C1062D984C5C5EF613EB
                                                              SHA-512:050493BF1EE23F012677487F9D15D156EA41EDFC7F827971EA294B6362483D89E506FCC05A6AB27BF047166EF7B4EA2CAF9A8CBC8E14D7439F3B3C4847D54B80
                                                              Malicious:false
                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".U.s.4.Z.1.j.I.A.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.Y.J.f.R.L.7.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
                                                              Category:dropped
                                                              Size (bytes):76326
                                                              Entropy (8bit):7.9961120748813075
                                                              Encrypted:true
                                                              SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz8vBBrYunau6wp:GdS8scZNzFrMa4M+lKqeu/nr
                                                              MD5:01E352D35675990A139199DD86B38AAC
                                                              SHA1:E16163C81E5F36B3B819AA0A63BFA63D88548A91
                                                              SHA-256:148CDE42D38C62C1A1E8B8D3D4BD8830F0F8C2DC684E3C59B0A510E31011CA4A
                                                              SHA-512:75A58FFAD6E3E0546268CC863AE382B5429795D8BCED64BAE2D06BCEEB6C2E37BD656A3E335EB61B521888B76913F2D0281F8C9C081FF8637307AE5934D98C8B
                                                              Malicious:false
                                                              Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):135751
                                                              Entropy (8bit):7.804610863392373
                                                              Encrypted:false
                                                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                              Category:dropped
                                                              Size (bytes):206855
                                                              Entropy (8bit):7.983996634657522
                                                              Encrypted:false
                                                              SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                              MD5:788DF0376CE061534448AA17288FEA95
                                                              SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                              SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                              SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                              Malicious:false
                                                              Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):11185
                                                              Entropy (8bit):7.951995436832936
                                                              Encrypted:false
                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 693860
                                                              Category:dropped
                                                              Size (bytes):524317
                                                              Entropy (8bit):7.998204787782041
                                                              Encrypted:true
                                                              SSDEEP:12288:Ufsjz/41X+NNnmEmnef0+9mf+x4AsLXZ+E70G8OlmP6:UUjzcnEmn4O+x4AsLXZbx8OJ
                                                              MD5:4BC509C6C4D3FFA068719B0EC5043CED
                                                              SHA1:DCE0BA68EB9003BF1BA13069E7D8F78D3734474A
                                                              SHA-256:1DFD6FDA4111FF8A2A9A5C4634781862380CCE830E2375B2BCDE55A6AEB3F596
                                                              SHA-512:5601973262EFA21926E5B7560707ED0E7CE9DBC16BCAEEE2CC13DB9BE106A35BB37134D27302D65B5082FBBFEA10094E581BF24379E0531F91192CC7C0E3A50D
                                                              Malicious:false
                                                              Preview:............o.6.........I....d[.z.6l.=...dIV...q..0...Iyk.C..8.R...v\7.....u..'..r...=.w..W.}..V_....W7......~..........<..f.-.O...l....a.../....l.m.e..kv.Y.n...~......}...ww..uSt.U..o.O...G..4w..|...........]]..y../..W.n...........".y..WB.2*C.7..W.4.....M...I..\&.($...."'....Y.e..o.7y.K.......oZ2.?..qW.O.$.............<.kV`2)G..%,...2.."Q..M.....}g.M`qa.x.Z_....N"......~.~.....;..4.....XEX...B0.Q=.'...z.,.|.>.5..W.6..$\RaT.&.m.%.b.2.....5#[..\...z.j.j|......~RN....@p.C.1.j.}..}..Z..Co'.i.%.TZ...O=%.`.J+............Y|.....mp.6...;v...l?...!..?"Q....a....'.8...)..)7..N...B.8...Yj.?..........V../...g....C..i.....IN...P..P.@.....N..u/...FJ.A<N<..gD. #..6....N.F.....C......4..........?R@.K../-%..P...|.././.o..?#K......%..=.8;........J..............6"..2.........jI....A..W.3......[.....$...>.%iJ..g..A...._....B.>.r...G.5.....$.P[.....J..r.y.4.KE.Lj/)i".w..Ig./.k?.....l../Z.f......"|%.-..T.....).l."Q..j*>%..E.J6...l...^.f.=`%./.l......7$D
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1420
                                                              Entropy (8bit):5.389356592467895
                                                              Encrypted:false
                                                              SSDEEP:24:YJxF5sQ5szAW01Rp5yK10YO5qv70VhQu5Fa0E1o5PH0spJ5M:YJxF5sQ5sEW01X5y60YO5qD0VH5Fa0+D
                                                              MD5:16BED942DED6847DAB4C6479E2B8127D
                                                              SHA1:53B48E8563536BDE8797D3B07CCB10DD40832365
                                                              SHA-256:D5346FA210688458A053262656018DBAFD067A03A30B0DA76D8E1A8C31B0AA54
                                                              SHA-512:1E3335BCC93BCF8F0CC51E0BBA7CFF7F3680DB3B050236E24DE1E5A86382A276F9814B00247A01138A827306EFA2D25B553205716D4EEB29D9D02CCE70771A89
                                                              Malicious:false
                                                              Preview:{"logTime": "1005/081724", "correlationVector":"2/PmMr7SOFFRIqTwW+HesJ","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/081729", "correlationVector":"mBsci4p0IuAlecFQAh3IDU","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/081729", "correlationVector":"EFCCE5F7ECC74238A0D17C500D8EB81C","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/083130", "correlationVector":"jkXXrPbML/1ucIa5c7okZ6","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/083130", "correlationVector":"CECEB17551BE48CCBF3DD12E07118D84","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/083241", "correlationVector":"WUtA7xoJfeUJPFSRRtPAng","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/083242", "correlationVector":"B7F67C44DD3147F7BE748158D3F8E7B5","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/083444", "correlationVector":"6kKZpL8SvSsrBcj/Fl+tva","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/083445", "correlationVector":"94D95442
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.4593089050301797
                                                              Encrypted:false
                                                              SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                              MD5:D910AD167F0217587501FDCDB33CC544
                                                              SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                              SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                              SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                              Malicious:false
                                                              Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):11185
                                                              Entropy (8bit):7.951995436832936
                                                              Encrypted:false
                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1753
                                                              Entropy (8bit):5.8889033066924155
                                                              Encrypted:false
                                                              SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                              MD5:738E757B92939B24CDBBD0EFC2601315
                                                              SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                              SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                              SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                              Malicious:false
                                                              Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):9815
                                                              Entropy (8bit):6.1716321262973315
                                                              Encrypted:false
                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                              MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                              SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                              SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                              SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                              Malicious:false
                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):10388
                                                              Entropy (8bit):6.174387413738973
                                                              Encrypted:false
                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                              MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                              SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                              SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                              SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                              Malicious:false
                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):962
                                                              Entropy (8bit):5.698567446030411
                                                              Encrypted:false
                                                              SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                              MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                              SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                              SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                              SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                              Malicious:false
                                                              Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):135751
                                                              Entropy (8bit):7.804610863392373
                                                              Encrypted:false
                                                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                              Category:dropped
                                                              Size (bytes):4982
                                                              Entropy (8bit):7.929761711048726
                                                              Encrypted:false
                                                              SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                              MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                              SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                              SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                              SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                              Malicious:false
                                                              Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):908
                                                              Entropy (8bit):4.512512697156616
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                              MD5:12403EBCCE3AE8287A9E823C0256D205
                                                              SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                              SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                              SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1285
                                                              Entropy (8bit):4.702209356847184
                                                              Encrypted:false
                                                              SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                              MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                              SHA1:58979859B28513608626B563138097DC19236F1F
                                                              SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                              SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1244
                                                              Entropy (8bit):4.5533961615623735
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                              MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                              SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                              SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                              SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):977
                                                              Entropy (8bit):4.867640976960053
                                                              Encrypted:false
                                                              SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                              MD5:9A798FD298008074E59ECC253E2F2933
                                                              SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                              SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                              SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3107
                                                              Entropy (8bit):3.535189746470889
                                                              Encrypted:false
                                                              SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                              MD5:68884DFDA320B85F9FC5244C2DD00568
                                                              SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                              SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                              SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1389
                                                              Entropy (8bit):4.561317517930672
                                                              Encrypted:false
                                                              SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                              MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                              SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                              SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                              SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1763
                                                              Entropy (8bit):4.25392954144533
                                                              Encrypted:false
                                                              SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                              MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                              SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                              SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                              SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):930
                                                              Entropy (8bit):4.569672473374877
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                              MD5:D177261FFE5F8AB4B3796D26835F8331
                                                              SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                              SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                              SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):913
                                                              Entropy (8bit):4.947221919047
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                              MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                              SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                              SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                              SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):806
                                                              Entropy (8bit):4.815663786215102
                                                              Encrypted:false
                                                              SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                              MD5:A86407C6F20818972B80B9384ACFBBED
                                                              SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                              SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                              SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):883
                                                              Entropy (8bit):4.5096240460083905
                                                              Encrypted:false
                                                              SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                              MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                              SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                              SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                              SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1031
                                                              Entropy (8bit):4.621865814402898
                                                              Encrypted:false
                                                              SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                              MD5:D116453277CC860D196887CEC6432FFE
                                                              SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                              SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                              SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1613
                                                              Entropy (8bit):4.618182455684241
                                                              Encrypted:false
                                                              SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                              MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                              SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                              SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                              SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):851
                                                              Entropy (8bit):4.4858053753176526
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):851
                                                              Entropy (8bit):4.4858053753176526
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):848
                                                              Entropy (8bit):4.494568170878587
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                              MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                              SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                              SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                              SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1425
                                                              Entropy (8bit):4.461560329690825
                                                              Encrypted:false
                                                              SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                              MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                              SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                              SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                              SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                              Malicious:false
                                                              Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):961
                                                              Entropy (8bit):4.537633413451255
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                              MD5:F61916A206AC0E971CDCB63B29E580E3
                                                              SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                              SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                              SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):959
                                                              Entropy (8bit):4.570019855018913
                                                              Encrypted:false
                                                              SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                              MD5:535331F8FB98894877811B14994FEA9D
                                                              SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                              SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                              SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):968
                                                              Entropy (8bit):4.633956349931516
                                                              Encrypted:false
                                                              SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                              MD5:64204786E7A7C1ED9C241F1C59B81007
                                                              SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                              SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                              SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):838
                                                              Entropy (8bit):4.4975520913636595
                                                              Encrypted:false
                                                              SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                              MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                              SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                              SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                              SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1305
                                                              Entropy (8bit):4.673517697192589
                                                              Encrypted:false
                                                              SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                              MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                              SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                              SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                              SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):911
                                                              Entropy (8bit):4.6294343834070935
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                              MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                              SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                              SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                              SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):939
                                                              Entropy (8bit):4.451724169062555
                                                              Encrypted:false
                                                              SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                              MD5:FCEA43D62605860FFF41BE26BAD80169
                                                              SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                              SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                              SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):977
                                                              Entropy (8bit):4.622066056638277
                                                              Encrypted:false
                                                              SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                              MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                              SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                              SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                              SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):972
                                                              Entropy (8bit):4.621319511196614
                                                              Encrypted:false
                                                              SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                              MD5:6CAC04BDCC09034981B4AB567B00C296
                                                              SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                              SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                              SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):990
                                                              Entropy (8bit):4.497202347098541
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                              MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                              SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                              SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                              SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1658
                                                              Entropy (8bit):4.294833932445159
                                                              Encrypted:false
                                                              SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                              MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                              SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                              SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                              SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1672
                                                              Entropy (8bit):4.314484457325167
                                                              Encrypted:false
                                                              SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                              MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                              SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                              SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                              SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):935
                                                              Entropy (8bit):4.6369398601609735
                                                              Encrypted:false
                                                              SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                              MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                              SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                              SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                              SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1065
                                                              Entropy (8bit):4.816501737523951
                                                              Encrypted:false
                                                              SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                              MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                              SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                              SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                              SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2771
                                                              Entropy (8bit):3.7629875118570055
                                                              Encrypted:false
                                                              SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                              MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                              SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                              SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                              SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):858
                                                              Entropy (8bit):4.474411340525479
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                              MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                              SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                              SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                              SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):954
                                                              Entropy (8bit):4.631887382471946
                                                              Encrypted:false
                                                              SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                              MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                              SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                              SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                              SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):899
                                                              Entropy (8bit):4.474743599345443
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                              MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                              SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                              SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                              SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2230
                                                              Entropy (8bit):3.8239097369647634
                                                              Encrypted:false
                                                              SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                              MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                              SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                              SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                              SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1160
                                                              Entropy (8bit):5.292894989863142
                                                              Encrypted:false
                                                              SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                              MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                              SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                              SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                              SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3264
                                                              Entropy (8bit):3.586016059431306
                                                              Encrypted:false
                                                              SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                              MD5:83F81D30913DC4344573D7A58BD20D85
                                                              SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                              SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                              SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3235
                                                              Entropy (8bit):3.6081439490236464
                                                              Encrypted:false
                                                              SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                              MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                              SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                              SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                              SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3122
                                                              Entropy (8bit):3.891443295908904
                                                              Encrypted:false
                                                              SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                              MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                              SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                              SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                              SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1880
                                                              Entropy (8bit):4.295185867329351
                                                              Encrypted:false
                                                              SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                              MD5:8E16966E815C3C274EEB8492B1EA6648
                                                              SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                              SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                              SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1042
                                                              Entropy (8bit):5.3945675025513955
                                                              Encrypted:false
                                                              SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                              MD5:F3E59EEEB007144EA26306C20E04C292
                                                              SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                              SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                              SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2535
                                                              Entropy (8bit):3.8479764584971368
                                                              Encrypted:false
                                                              SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                              MD5:E20D6C27840B406555E2F5091B118FC5
                                                              SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                              SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                              SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1028
                                                              Entropy (8bit):4.797571191712988
                                                              Encrypted:false
                                                              SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                              MD5:970544AB4622701FFDF66DC556847652
                                                              SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                              SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                              SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):994
                                                              Entropy (8bit):4.700308832360794
                                                              Encrypted:false
                                                              SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                              MD5:A568A58817375590007D1B8ABCAEBF82
                                                              SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                              SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                              SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2091
                                                              Entropy (8bit):4.358252286391144
                                                              Encrypted:false
                                                              SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                              MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                              SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                              SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                              SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2778
                                                              Entropy (8bit):3.595196082412897
                                                              Encrypted:false
                                                              SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                              MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                              SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                              SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                              SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1719
                                                              Entropy (8bit):4.287702203591075
                                                              Encrypted:false
                                                              SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                              MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                              SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                              SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                              SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):936
                                                              Entropy (8bit):4.457879437756106
                                                              Encrypted:false
                                                              SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                              MD5:7D273824B1E22426C033FF5D8D7162B7
                                                              SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                              SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                              SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3830
                                                              Entropy (8bit):3.5483353063347587
                                                              Encrypted:false
                                                              SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                              MD5:342335A22F1886B8BC92008597326B24
                                                              SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                              SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                              SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1898
                                                              Entropy (8bit):4.187050294267571
                                                              Encrypted:false
                                                              SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                              MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                              SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                              SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                              SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):914
                                                              Entropy (8bit):4.513485418448461
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                              MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                              SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                              SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                              SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):878
                                                              Entropy (8bit):4.4541485835627475
                                                              Encrypted:false
                                                              SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                              MD5:A1744B0F53CCF889955B95108367F9C8
                                                              SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                              SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                              SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2766
                                                              Entropy (8bit):3.839730779948262
                                                              Encrypted:false
                                                              SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                              MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                              SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                              SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                              SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):978
                                                              Entropy (8bit):4.879137540019932
                                                              Encrypted:false
                                                              SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                              MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                              SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                              SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                              SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):907
                                                              Entropy (8bit):4.599411354657937
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                              MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                              SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                              SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                              SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):914
                                                              Entropy (8bit):4.604761241355716
                                                              Encrypted:false
                                                              SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                              MD5:0963F2F3641A62A78B02825F6FA3941C
                                                              SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                              SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                              SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):937
                                                              Entropy (8bit):4.686555713975264
                                                              Encrypted:false
                                                              SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                              MD5:BED8332AB788098D276B448EC2B33351
                                                              SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                              SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                              SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1337
                                                              Entropy (8bit):4.69531415794894
                                                              Encrypted:false
                                                              SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                              MD5:51D34FE303D0C90EE409A2397FCA437D
                                                              SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                              SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                              SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2846
                                                              Entropy (8bit):3.7416822879702547
                                                              Encrypted:false
                                                              SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                              MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                              SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                              SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                              SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):934
                                                              Entropy (8bit):4.882122893545996
                                                              Encrypted:false
                                                              SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                              MD5:8E55817BF7A87052F11FE554A61C52D5
                                                              SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                              SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                              SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):963
                                                              Entropy (8bit):4.6041913416245
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                              MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                              SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                              SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                              SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1320
                                                              Entropy (8bit):4.569671329405572
                                                              Encrypted:false
                                                              SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                              MD5:7F5F8933D2D078618496C67526A2B066
                                                              SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                              SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                              SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):884
                                                              Entropy (8bit):4.627108704340797
                                                              Encrypted:false
                                                              SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                              MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                              SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                              SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                              SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):980
                                                              Entropy (8bit):4.50673686618174
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                              MD5:D0579209686889E079D87C23817EDDD5
                                                              SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                              SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                              SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1941
                                                              Entropy (8bit):4.132139619026436
                                                              Encrypted:false
                                                              SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                              MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                              SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                              SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                              SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1969
                                                              Entropy (8bit):4.327258153043599
                                                              Encrypted:false
                                                              SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                              MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                              SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                              SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                              SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1674
                                                              Entropy (8bit):4.343724179386811
                                                              Encrypted:false
                                                              SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                              MD5:64077E3D186E585A8BEA86FF415AA19D
                                                              SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                              SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                              SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1063
                                                              Entropy (8bit):4.853399816115876
                                                              Encrypted:false
                                                              SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                              MD5:76B59AAACC7B469792694CF3855D3F4C
                                                              SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                              SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                              SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1333
                                                              Entropy (8bit):4.686760246306605
                                                              Encrypted:false
                                                              SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                              MD5:970963C25C2CEF16BB6F60952E103105
                                                              SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                              SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                              SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1263
                                                              Entropy (8bit):4.861856182762435
                                                              Encrypted:false
                                                              SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                              MD5:8B4DF6A9281333341C939C244DDB7648
                                                              SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                              SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                              SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1074
                                                              Entropy (8bit):5.062722522759407
                                                              Encrypted:false
                                                              SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                              MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                              SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                              SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                              SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):879
                                                              Entropy (8bit):5.7905809868505544
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                              MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                              SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                              SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                              SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1205
                                                              Entropy (8bit):4.50367724745418
                                                              Encrypted:false
                                                              SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                              MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                              SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                              SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                              SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):843
                                                              Entropy (8bit):5.76581227215314
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                              MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                              SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                              SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                              SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):912
                                                              Entropy (8bit):4.65963951143349
                                                              Encrypted:false
                                                              SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                              MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                              SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                              SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                              SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):11280
                                                              Entropy (8bit):5.754230909218899
                                                              Encrypted:false
                                                              SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                              MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                              SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                              SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                              SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                              Malicious:false
                                                              Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):854
                                                              Entropy (8bit):4.284628987131403
                                                              Encrypted:false
                                                              SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                              MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                              SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                              SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                              SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                              Malicious:false
                                                              Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2525
                                                              Entropy (8bit):5.417689528134667
                                                              Encrypted:false
                                                              SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                              MD5:10FF8E5B674311683D27CE1879384954
                                                              SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                              SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                              SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                              Malicious:false
                                                              Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:HTML document, ASCII text
                                                              Category:dropped
                                                              Size (bytes):97
                                                              Entropy (8bit):4.862433271815736
                                                              Encrypted:false
                                                              SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                              MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                              SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                              SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                              SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                              Malicious:false
                                                              Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (4369)
                                                              Category:dropped
                                                              Size (bytes):95567
                                                              Entropy (8bit):5.4016395763198135
                                                              Encrypted:false
                                                              SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                              MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                              SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                              SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                              SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                              Malicious:false
                                                              Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):291
                                                              Entropy (8bit):4.65176400421739
                                                              Encrypted:false
                                                              SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                              MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                              SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                              SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                              SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                              Malicious:false
                                                              Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (4369)
                                                              Category:dropped
                                                              Size (bytes):103988
                                                              Entropy (8bit):5.389407461078688
                                                              Encrypted:false
                                                              SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                              MD5:EA946F110850F17E637B15CF22B82837
                                                              SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                              SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                              SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                              Malicious:false
                                                              Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                              Category:dropped
                                                              Size (bytes):453023
                                                              Entropy (8bit):7.997718157581587
                                                              Encrypted:true
                                                              SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                              MD5:85430BAED3398695717B0263807CF97C
                                                              SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                              SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                              SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                              Malicious:false
                                                              Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):24
                                                              Entropy (8bit):3.91829583405449
                                                              Encrypted:false
                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                              Malicious:false
                                                              Preview:{"schema":6,"addons":[]}
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):24
                                                              Entropy (8bit):3.91829583405449
                                                              Encrypted:false
                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                              Malicious:false
                                                              Preview:{"schema":6,"addons":[]}
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                              Category:dropped
                                                              Size (bytes):66
                                                              Entropy (8bit):4.837595020998689
                                                              Encrypted:false
                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                              Malicious:false
                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                              Category:dropped
                                                              Size (bytes):66
                                                              Entropy (8bit):4.837595020998689
                                                              Encrypted:false
                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                              Malicious:false
                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):36830
                                                              Entropy (8bit):5.185849187264327
                                                              Encrypted:false
                                                              SSDEEP:768:0I4nvfwkXU4y6f4k4oB4a4IPN84I4/4uw4J424qF4g:0NPa45
                                                              MD5:6C3BE83A836C11F0781A28C5C276611E
                                                              SHA1:826B42D0E82A04A59A96150A478A9C63172B7506
                                                              SHA-256:FB38EDAD3460F248967331080F6C398248DBC215D16E4BAB3E31CE260E1176B7
                                                              SHA-512:EA67C9DF14F00A17C3044EE63DAFA9E7FA9A4B0F04A4D98CC19F2C9794D6D9A215323E13AD354AF60DE1F31288C565EE4455CFE3B9B8F2877DEF20A4151D4921
                                                              Malicious:false
                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{fc425cd7-ddd8-48c7-9e11-c0b9f650e5fa}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):36830
                                                              Entropy (8bit):5.185849187264327
                                                              Encrypted:false
                                                              SSDEEP:768:0I4nvfwkXU4y6f4k4oB4a4IPN84I4/4uw4J424qF4g:0NPa45
                                                              MD5:6C3BE83A836C11F0781A28C5C276611E
                                                              SHA1:826B42D0E82A04A59A96150A478A9C63172B7506
                                                              SHA-256:FB38EDAD3460F248967331080F6C398248DBC215D16E4BAB3E31CE260E1176B7
                                                              SHA-512:EA67C9DF14F00A17C3044EE63DAFA9E7FA9A4B0F04A4D98CC19F2C9794D6D9A215323E13AD354AF60DE1F31288C565EE4455CFE3B9B8F2877DEF20A4151D4921
                                                              Malicious:false
                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{fc425cd7-ddd8-48c7-9e11-c0b9f650e5fa}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1021904
                                                              Entropy (8bit):6.648417932394748
                                                              Encrypted:false
                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1021904
                                                              Entropy (8bit):6.648417932394748
                                                              Encrypted:false
                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):116
                                                              Entropy (8bit):4.968220104601006
                                                              Encrypted:false
                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                              Malicious:false
                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):116
                                                              Entropy (8bit):4.968220104601006
                                                              Encrypted:false
                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                              Malicious:false
                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text, with very long lines (1765), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):11697
                                                              Entropy (8bit):5.504700460970697
                                                              Encrypted:false
                                                              SSDEEP:192:NzaneRdkYbBp6znmUzaX/6aRiHKWPzDNBw8rT9mSl:NzEeUmUPnqmrwqw0
                                                              MD5:801EA9A24F7B5ECFE4F7FC981988F7B8
                                                              SHA1:A3E5EE054D25606419F6FB4070B36CD4E5AA0216
                                                              SHA-256:43FA9DBF96DE509AC47875E1AF755D29C0F0D1BCA3265276A42CCE97BD5E60D6
                                                              SHA-512:956700238292D46010EB776671EFBF565D61124087243F35EF632B3A3280D6DF29F5F270B70C0C39B562C76F8F24231A43583A72155ADAAA5ABD446BEC09E9CB
                                                              Malicious:false
                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "38829aa4-f57e-4fd8-bfd3-d094d57ae30f");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725616589);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725616589);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696493966);..u
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text, with very long lines (1765), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):11697
                                                              Entropy (8bit):5.504700460970697
                                                              Encrypted:false
                                                              SSDEEP:192:NzaneRdkYbBp6znmUzaX/6aRiHKWPzDNBw8rT9mSl:NzEeUmUPnqmrwqw0
                                                              MD5:801EA9A24F7B5ECFE4F7FC981988F7B8
                                                              SHA1:A3E5EE054D25606419F6FB4070B36CD4E5AA0216
                                                              SHA-256:43FA9DBF96DE509AC47875E1AF755D29C0F0D1BCA3265276A42CCE97BD5E60D6
                                                              SHA-512:956700238292D46010EB776671EFBF565D61124087243F35EF632B3A3280D6DF29F5F270B70C0C39B562C76F8F24231A43583A72155ADAAA5ABD446BEC09E9CB
                                                              Malicious:false
                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "38829aa4-f57e-4fd8-bfd3-d094d57ae30f");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725616589);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725616589);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696493966);..u
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):493
                                                              Entropy (8bit):4.952484451444564
                                                              Encrypted:false
                                                              SSDEEP:12:YZFgd25xiRKfQIVHlW8cOlZGV1AQIYzvZcyBuLZYXNs7:YM2T4SlCOlZGV1AQIWZcy6ZYXNs7
                                                              MD5:C0F39F8A2BA89EB38307FCB4EA7E402D
                                                              SHA1:41174731839E7E976CFF8BCB7ADFE307596CA426
                                                              SHA-256:98C844B3D057E0D3CA8B0C7CE7958466C31923F27C9309FE9D304AB8B3C034AC
                                                              SHA-512:AB1855ECF21DDB3202F6B507956DDCFD5032387FB357649A50ED05781553E3FDA34D7A4A7A35A6ED97FEB1325BBFBE7199412DA08E0537EBDDBA0E0205D3088A
                                                              Malicious:false
                                                              Preview:{"type":"health","id":"2619574e-89e9-4415-9e51-850ac7544417","creationDate":"2024-09-06T09:57:01.735Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"965729a8-84e4-4cad-a75d-ac8181902c4b"}
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:modified
                                                              Size (bytes):493
                                                              Entropy (8bit):4.952484451444564
                                                              Encrypted:false
                                                              SSDEEP:12:YZFgd25xiRKfQIVHlW8cOlZGV1AQIYzvZcyBuLZYXNs7:YM2T4SlCOlZGV1AQIWZcy6ZYXNs7
                                                              MD5:C0F39F8A2BA89EB38307FCB4EA7E402D
                                                              SHA1:41174731839E7E976CFF8BCB7ADFE307596CA426
                                                              SHA-256:98C844B3D057E0D3CA8B0C7CE7958466C31923F27C9309FE9D304AB8B3C034AC
                                                              SHA-512:AB1855ECF21DDB3202F6B507956DDCFD5032387FB357649A50ED05781553E3FDA34D7A4A7A35A6ED97FEB1325BBFBE7199412DA08E0537EBDDBA0E0205D3088A
                                                              Malicious:false
                                                              Preview:{"type":"health","id":"2619574e-89e9-4415-9e51-850ac7544417","creationDate":"2024-09-06T09:57:01.735Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"965729a8-84e4-4cad-a75d-ac8181902c4b"}
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):53
                                                              Entropy (8bit):4.136624295551173
                                                              Encrypted:false
                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                              MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                              SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                              SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                              SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                              Malicious:false
                                                              Preview:{"profile-after-change":true,"final-ui-startup":true}
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):53
                                                              Entropy (8bit):4.136624295551173
                                                              Encrypted:false
                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                              MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                              SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                              SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                              SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                              Malicious:false
                                                              Preview:{"profile-after-change":true,"final-ui-startup":true}
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                              Category:dropped
                                                              Size (bytes):271
                                                              Entropy (8bit):5.478666647951746
                                                              Encrypted:false
                                                              SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3SIgCLui6tVVqNzdDdCQ:vLz2S+EWDDoWqC+bfPK3446Vwd9
                                                              MD5:08C0630BEC4FAD7552047CED45EF3AD1
                                                              SHA1:740B6DE20AC9CA53749C48E4AB4EEFB8FAE02719
                                                              SHA-256:80EF3611AC88B481F1C50BCA7D4D8849F200880AADF372B50C9AFA79EA4F3E39
                                                              SHA-512:C80AA2EB822D9586D4D5F4EFDBD671F6DD295DBACBF48A53604BD0014AFDE419CD21BF9B6F0C6F2FE706AF30F025FFC8E48C654D50A2195707986AE4656580C2
                                                              Malicious:false
                                                              Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1725616578303,"startTim...#56867,"recentCrashes":0},"global":{},"cookies":[]}
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                              Category:dropped
                                                              Size (bytes):271
                                                              Entropy (8bit):5.478666647951746
                                                              Encrypted:false
                                                              SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3SIgCLui6tVVqNzdDdCQ:vLz2S+EWDDoWqC+bfPK3446Vwd9
                                                              MD5:08C0630BEC4FAD7552047CED45EF3AD1
                                                              SHA1:740B6DE20AC9CA53749C48E4AB4EEFB8FAE02719
                                                              SHA-256:80EF3611AC88B481F1C50BCA7D4D8849F200880AADF372B50C9AFA79EA4F3E39
                                                              SHA-512:C80AA2EB822D9586D4D5F4EFDBD671F6DD295DBACBF48A53604BD0014AFDE419CD21BF9B6F0C6F2FE706AF30F025FFC8E48C654D50A2195707986AE4656580C2
                                                              Malicious:false
                                                              Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1725616578303,"startTim...#56867,"recentCrashes":0},"global":{},"cookies":[]}
                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Entropy (8bit):6.579599895478989
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                              • DOS Executable Generic (2002/1) 0.02%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:file.exe
                                                              File size:917'504 bytes
                                                              MD5:9720060a0108d1a36b6f051e31353414
                                                              SHA1:b76f37758bddb8c2c42a640c4ebf395fb48b4375
                                                              SHA256:e00ec3523cb3f1729f64dc91a3f37b9db418b0a48f8c3a50eaf4f5a064ce28cc
                                                              SHA512:7b649c39156361dedb9bb060052aaa04163ad18c2751bbb489a3226eca77c4048409ca94a4c8942d5d840b5085376fcd41b7252e1a9eec9c983b90939f70bd51
                                                              SSDEEP:12288:9qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTa:9qDEvCTbMWu7rQYlBQcBiT6rprG8ava
                                                              TLSH:D5159E0273D1C062FF9B92334B5AF6515BBC69260123E61F13A81DB9BE701B1563E7A3
                                                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....
                                                              Icon Hash:aaf3e3e3938382a0
                                                              Entrypoint:0x420577
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x66DAAAD0 [Fri Sep 6 07:10:08 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:5
                                                              OS Version Minor:1
                                                              File Version Major:5
                                                              File Version Minor:1
                                                              Subsystem Version Major:5
                                                              Subsystem Version Minor:1
                                                              Import Hash:948cc502fe9226992dce9417f952fce3
                                                              Instruction
                                                              call 00007FD8787F2913h
                                                              jmp 00007FD8787F221Fh
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              push dword ptr [ebp+08h]
                                                              mov esi, ecx
                                                              call 00007FD8787F23FDh
                                                              mov dword ptr [esi], 0049FDF0h
                                                              mov eax, esi
                                                              pop esi
                                                              pop ebp
                                                              retn 0004h
                                                              and dword ptr [ecx+04h], 00000000h
                                                              mov eax, ecx
                                                              and dword ptr [ecx+08h], 00000000h
                                                              mov dword ptr [ecx+04h], 0049FDF8h
                                                              mov dword ptr [ecx], 0049FDF0h
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              push dword ptr [ebp+08h]
                                                              mov esi, ecx
                                                              call 00007FD8787F23CAh
                                                              mov dword ptr [esi], 0049FE0Ch
                                                              mov eax, esi
                                                              pop esi
                                                              pop ebp
                                                              retn 0004h
                                                              and dword ptr [ecx+04h], 00000000h
                                                              mov eax, ecx
                                                              and dword ptr [ecx+08h], 00000000h
                                                              mov dword ptr [ecx+04h], 0049FE14h
                                                              mov dword ptr [ecx], 0049FE0Ch
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              mov esi, ecx
                                                              lea eax, dword ptr [esi+04h]
                                                              mov dword ptr [esi], 0049FDD0h
                                                              and dword ptr [eax], 00000000h
                                                              and dword ptr [eax+04h], 00000000h
                                                              push eax
                                                              mov eax, dword ptr [ebp+08h]
                                                              add eax, 04h
                                                              push eax
                                                              call 00007FD8787F4FBDh
                                                              pop ecx
                                                              pop ecx
                                                              mov eax, esi
                                                              pop esi
                                                              pop ebp
                                                              retn 0004h
                                                              lea eax, dword ptr [ecx+04h]
                                                              mov dword ptr [ecx], 0049FDD0h
                                                              push eax
                                                              call 00007FD8787F5008h
                                                              pop ecx
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              mov esi, ecx
                                                              lea eax, dword ptr [esi+04h]
                                                              mov dword ptr [esi], 0049FDD0h
                                                              push eax
                                                              call 00007FD8787F4FF1h
                                                              test byte ptr [ebp+08h], 00000001h
                                                              pop ecx
                                                              Programming Language:
                                                              • [ C ] VS2008 SP1 build 30729
                                                              • [IMP] VS2008 SP1 build 30729
                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rsrc0xd40000x95000x960001e4fe12bb23e20c88eaab2f497177dbFalse0.28125data5.162146776202969IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                              RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                              RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                              RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                              RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                              RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                              RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                              RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                              RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                              RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                              RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                              RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                              RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                              RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                              RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                              RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                              RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                              RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                              RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                              RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                                              RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                                              RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                                              RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                                              RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                                              RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                                              RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                              DLLImport
                                                              WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                              VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                              COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                              MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                              WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                              PSAPI.DLLGetProcessMemoryInfo
                                                              IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                              USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                              UxTheme.dllIsThemeActive
                                                              KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                              USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                              GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                              ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                              SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                              ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                              OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture
                                                              Language of compilation systemCountry where language is spokenMap
                                                              EnglishGreat Britain
                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 6, 2024 09:58:16.784269094 CEST49676443192.168.2.852.182.143.211
                                                              Sep 6, 2024 09:58:17.299762011 CEST49673443192.168.2.823.206.229.226
                                                              Sep 6, 2024 09:58:17.659190893 CEST49672443192.168.2.823.206.229.226
                                                              Sep 6, 2024 09:58:18.049743891 CEST49671443192.168.2.8204.79.197.203
                                                              Sep 6, 2024 09:58:18.377921104 CEST4967780192.168.2.8192.229.211.108
                                                              Sep 6, 2024 09:58:26.385337114 CEST49676443192.168.2.852.182.143.211
                                                              Sep 6, 2024 09:58:26.457849026 CEST49707443192.168.2.894.245.104.56
                                                              Sep 6, 2024 09:58:26.457889080 CEST4434970794.245.104.56192.168.2.8
                                                              Sep 6, 2024 09:58:26.457962036 CEST49707443192.168.2.894.245.104.56
                                                              Sep 6, 2024 09:58:26.534025908 CEST49707443192.168.2.894.245.104.56
                                                              Sep 6, 2024 09:58:26.534049988 CEST4434970794.245.104.56192.168.2.8
                                                              Sep 6, 2024 09:58:26.901561975 CEST49673443192.168.2.823.206.229.226
                                                              Sep 6, 2024 09:58:27.298621893 CEST49672443192.168.2.823.206.229.226
                                                              Sep 6, 2024 09:58:28.364108086 CEST4434970794.245.104.56192.168.2.8
                                                              Sep 6, 2024 09:58:28.364620924 CEST49707443192.168.2.894.245.104.56
                                                              Sep 6, 2024 09:58:28.364638090 CEST4434970794.245.104.56192.168.2.8
                                                              Sep 6, 2024 09:58:28.365883112 CEST4434970794.245.104.56192.168.2.8
                                                              Sep 6, 2024 09:58:28.365947008 CEST49707443192.168.2.894.245.104.56
                                                              Sep 6, 2024 09:58:28.367558956 CEST49707443192.168.2.894.245.104.56
                                                              Sep 6, 2024 09:58:28.367639065 CEST4434970794.245.104.56192.168.2.8
                                                              Sep 6, 2024 09:58:28.367721081 CEST49707443192.168.2.894.245.104.56
                                                              Sep 6, 2024 09:58:28.367727995 CEST4434970794.245.104.56192.168.2.8
                                                              Sep 6, 2024 09:58:28.438551903 CEST49707443192.168.2.894.245.104.56
                                                              Sep 6, 2024 09:58:28.598171949 CEST4434970794.245.104.56192.168.2.8
                                                              Sep 6, 2024 09:58:28.598254919 CEST4434970794.245.104.56192.168.2.8
                                                              Sep 6, 2024 09:58:28.600431919 CEST49707443192.168.2.894.245.104.56
                                                              Sep 6, 2024 09:58:28.757131100 CEST49707443192.168.2.894.245.104.56
                                                              Sep 6, 2024 09:58:28.757148027 CEST4434970794.245.104.56192.168.2.8
                                                              Sep 6, 2024 09:58:28.957104921 CEST4434970423.206.229.226192.168.2.8
                                                              Sep 6, 2024 09:58:28.957185984 CEST49704443192.168.2.823.206.229.226
                                                              Sep 6, 2024 09:58:29.136282921 CEST4967780192.168.2.8192.229.211.108
                                                              Sep 6, 2024 09:58:29.896660089 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:29.896667957 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:29.896723986 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:29.897602081 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:29.897609949 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.617536068 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.617877007 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.617886066 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.618278980 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.618299007 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.618371010 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.618376970 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.618402004 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.618417025 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.619033098 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.620873928 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.620938063 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.621051073 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.621058941 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.702960014 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.881027937 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.881064892 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.881162882 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.881181955 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.883693933 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.884494066 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.884500980 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.890039921 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.890134096 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.890144110 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.896275997 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.896322966 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.896330118 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.902695894 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.903688908 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.903697014 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.909626961 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.909687042 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.909694910 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.915050030 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.915122986 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.915129900 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.921488047 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.921569109 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.921576977 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.930222034 CEST49730443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:30.930259943 CEST44349730162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:30.930464983 CEST49731443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:30.930464983 CEST49730443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:30.930475950 CEST44349731172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:30.930681944 CEST49731443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:30.930840969 CEST49731443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:30.930850029 CEST44349731172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:30.930978060 CEST49730443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:30.930984020 CEST44349730162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:30.967634916 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.967725992 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.967734098 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.969710112 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.969800949 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.969805956 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.976126909 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.976201057 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.976208925 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.982186079 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.982259989 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.982266903 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.988555908 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.988609076 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.988620043 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.994843006 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:30.994904995 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:30.994910955 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.000932932 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.001033068 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.001039982 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.009850025 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.009898901 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.009927034 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.013603926 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.016479015 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.016494989 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.019417048 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.019537926 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.019547939 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.025255919 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.025343895 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.025352001 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.030514956 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.030570030 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.030575991 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.036000967 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.036134005 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.036139965 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.041469097 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.041629076 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.041635036 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.046840906 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.046916962 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.046922922 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.052292109 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.052457094 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.052464008 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.057732105 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.057836056 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.057841063 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.062330961 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.062382936 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.062390089 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.065529108 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.065583944 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.065591097 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.069190979 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.069242954 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.069253922 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.072742939 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.072802067 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.072809935 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.076323986 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.076385975 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.076390982 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.079618931 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.079670906 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.079677105 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.083062887 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.083359957 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.083365917 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.086582899 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.090042114 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.090071917 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.093260050 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.093267918 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.093496084 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.094338894 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.094345093 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.097043037 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.098221064 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.098229885 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.100496054 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.103918076 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.103955030 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.107367039 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.107394934 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.110827923 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.114303112 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.114893913 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.114902973 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.117822886 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.121161938 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.124608040 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.125915051 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.125924110 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.127916098 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.131304026 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.141360998 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.141380072 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.141388893 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.153412104 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.153440952 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.153454065 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.153475046 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.153506994 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.153717995 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.153763056 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.153815985 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.156431913 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.159271002 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.159341097 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.159419060 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.170247078 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.176529884 CEST49724443192.168.2.8216.58.206.33
                                                              Sep 6, 2024 09:58:31.176548958 CEST44349724216.58.206.33192.168.2.8
                                                              Sep 6, 2024 09:58:31.221425056 CEST49732443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.221465111 CEST44349732172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.222798109 CEST49732443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.223426104 CEST49732443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.223440886 CEST44349732172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.388272047 CEST44349731172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.389508963 CEST49731443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.389518976 CEST44349731172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.390547991 CEST44349731172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.391868114 CEST49731443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.393006086 CEST49731443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.393057108 CEST44349731172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.393132925 CEST49731443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.413913012 CEST44349730162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.418401957 CEST49730443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:31.418411970 CEST44349730162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.419526100 CEST44349730162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.424494028 CEST44349730162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.434619904 CEST49730443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:31.436244965 CEST49730443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:31.436358929 CEST44349730162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.436407089 CEST49730443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:31.436501980 CEST44349731172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.476495981 CEST44349730162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.495201111 CEST49731443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.495210886 CEST44349731172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.510628939 CEST44349731172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.512502909 CEST49731443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.514756918 CEST49731443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.514765978 CEST44349731172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.542151928 CEST44349730162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.544399023 CEST49730443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:31.547745943 CEST49730443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:31.547756910 CEST44349730162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.696542025 CEST44349732172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.698872089 CEST49732443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.698887110 CEST44349732172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.699932098 CEST44349732172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.700025082 CEST49732443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.712769985 CEST49732443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.712831974 CEST44349732172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.712922096 CEST49732443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.756504059 CEST44349732172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.842034101 CEST49735443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.842068911 CEST44349735172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.842237949 CEST49736443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.842247009 CEST44349736172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.842757940 CEST49735443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.842880964 CEST49736443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.843097925 CEST49736443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.843110085 CEST44349736172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.843214035 CEST49735443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.843220949 CEST44349735172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.873264074 CEST49737443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.873296976 CEST44349737172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.876368046 CEST49737443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.876693964 CEST49737443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.876703978 CEST44349737172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:31.902293921 CEST49732443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.902312040 CEST44349732172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.008044004 CEST44349732172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.025502920 CEST49732443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.043179035 CEST49732443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.043205023 CEST44349732172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.191916943 CEST49737443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.192313910 CEST49738443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.192357063 CEST44349738172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.192811012 CEST49738443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.193331003 CEST49738443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.193341970 CEST44349738172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.193783998 CEST49735443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.193783998 CEST49736443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.236502886 CEST44349737172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.240498066 CEST44349736172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.240514040 CEST44349735172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.952703953 CEST49739443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.952752113 CEST44349739172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.952919960 CEST49740443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.952955008 CEST44349740172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.952997923 CEST49741443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.953011990 CEST44349741172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.953151941 CEST49742443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.953160048 CEST44349742172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.953332901 CEST49743443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.953355074 CEST44349743172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.953418016 CEST49744443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.953450918 CEST44349744172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.959719896 CEST49740443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.959719896 CEST49739443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.959719896 CEST49741443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.959719896 CEST49743443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.959719896 CEST49742443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.959827900 CEST49744443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.960156918 CEST49744443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.960179090 CEST44349744172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.960319042 CEST49743443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.960335970 CEST44349743172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.960403919 CEST49742443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.960419893 CEST44349742172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.960500002 CEST49741443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.960514069 CEST44349741172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.960603952 CEST49740443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.960613012 CEST44349740172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.960767031 CEST49739443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.960777998 CEST44349739172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.061942101 CEST49745443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:33.061971903 CEST44349745184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:33.063055038 CEST49745443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:33.067171097 CEST49745443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:33.067194939 CEST44349745184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:33.229684114 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.229702950 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.229820967 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.230201006 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.230207920 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.230434895 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.230444908 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.230839968 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.231132984 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.231139898 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.464615107 CEST49753443192.168.2.835.190.72.216
                                                              Sep 6, 2024 09:58:33.464667082 CEST4434975335.190.72.216192.168.2.8
                                                              Sep 6, 2024 09:58:33.464782953 CEST49753443192.168.2.835.190.72.216
                                                              Sep 6, 2024 09:58:33.470284939 CEST49753443192.168.2.835.190.72.216
                                                              Sep 6, 2024 09:58:33.470320940 CEST4434975335.190.72.216192.168.2.8
                                                              Sep 6, 2024 09:58:33.510293961 CEST44349738172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.510916948 CEST44349740172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.511445999 CEST49740443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.511461973 CEST44349740172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.511624098 CEST49738443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.511631966 CEST44349738172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.512022018 CEST44349738172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.512613058 CEST44349740172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.513169050 CEST49740443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.513315916 CEST49738443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.513407946 CEST44349738172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.513523102 CEST44349743172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.514185905 CEST49743443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.514199972 CEST44349743172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.514341116 CEST49740443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.514662981 CEST44349742172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.514921904 CEST44349740172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.515307903 CEST44349743172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.516200066 CEST44349736172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.516326904 CEST44349736172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.520158052 CEST49736443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.520158052 CEST49736443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.520190954 CEST49743443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.520499945 CEST49742443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.520514011 CEST44349742172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.520750999 CEST49743443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.520865917 CEST44349743172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.520968914 CEST44349741172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.521330118 CEST49741443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.521342039 CEST44349741172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.521667957 CEST44349742172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.521682024 CEST44349742172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.522387028 CEST44349741172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.523730040 CEST49742443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.523835897 CEST49741443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.524005890 CEST49742443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.524077892 CEST44349742172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.524271965 CEST49741443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.524334908 CEST44349741172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.529702902 CEST44349735172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.529814959 CEST44349735172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.530174971 CEST44349737172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.530288935 CEST44349737172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.531335115 CEST49735443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.531354904 CEST49735443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.531375885 CEST49737443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.531375885 CEST49737443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.533431053 CEST44349744172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.533670902 CEST49744443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.533684015 CEST44349744172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.534806967 CEST44349744172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.535135984 CEST49744443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.535136938 CEST44349739172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.535520077 CEST49744443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.535582066 CEST44349744172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.535887003 CEST49739443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.535897017 CEST44349739172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.537178040 CEST44349739172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.537303925 CEST49739443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.537600994 CEST49739443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.537684917 CEST44349739172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.636118889 CEST49740443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.636138916 CEST49744443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.636141062 CEST44349740172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.636157036 CEST49743443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.636158943 CEST44349744172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.636164904 CEST44349743172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.636173964 CEST49739443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.636188030 CEST44349739172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.699028969 CEST49738443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.699037075 CEST49742443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.699037075 CEST49741443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.699063063 CEST44349742172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.699078083 CEST44349741172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.720748901 CEST44349745184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:33.721355915 CEST49745443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:33.725368023 CEST49745443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:33.725379944 CEST44349745184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:33.725682020 CEST44349745184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:33.767905951 CEST49745443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:33.774949074 CEST49740443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.774949074 CEST49743443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.774951935 CEST49744443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.774976969 CEST49739443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.812509060 CEST44349745184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:33.868897915 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.869441032 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.869457006 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.870557070 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.871764898 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.873742104 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.873869896 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.874056101 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.888607025 CEST49742443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.888607025 CEST49741443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.893378973 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.893630981 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.893646955 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.894723892 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.894783020 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.895123959 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.895184994 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.895278931 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.915501118 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.915513992 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.936476946 CEST4434975335.190.72.216192.168.2.8
                                                              Sep 6, 2024 09:58:33.936580896 CEST49753443192.168.2.835.190.72.216
                                                              Sep 6, 2024 09:58:33.940500975 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.948884010 CEST49753443192.168.2.835.190.72.216
                                                              Sep 6, 2024 09:58:33.948906898 CEST4434975335.190.72.216192.168.2.8
                                                              Sep 6, 2024 09:58:33.949139118 CEST4434975335.190.72.216192.168.2.8
                                                              Sep 6, 2024 09:58:33.949151039 CEST49753443192.168.2.835.190.72.216
                                                              Sep 6, 2024 09:58:33.949160099 CEST4434975335.190.72.216192.168.2.8
                                                              Sep 6, 2024 09:58:33.962037086 CEST4975480192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:33.966856003 CEST804975434.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:58:33.966939926 CEST4975480192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:33.967140913 CEST4975480192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:33.971981049 CEST804975434.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:58:33.975713968 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.975728035 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.975739002 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.975794077 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.975821018 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.975836039 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:33.976032972 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:33.992546082 CEST44349745184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:33.992608070 CEST44349745184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:33.994843960 CEST49745443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:33.998485088 CEST49745443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:33.998507023 CEST44349745184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:33.998548985 CEST49745443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:33.998555899 CEST44349745184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:34.000451088 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.000462055 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.004996061 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.005011082 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.005023956 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.005031109 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.005037069 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.009130001 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.009157896 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.009187937 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.009577990 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.009823084 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.058676958 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.058692932 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.058710098 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.058717966 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.058842897 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.058865070 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.059248924 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.060286045 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.060306072 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.060580015 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.060595036 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.060642004 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.091564894 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.091579914 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.091599941 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.091624975 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.091737032 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.091758013 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.091800928 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.093600035 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.093620062 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.093653917 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.093672991 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.093693972 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.093719006 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.119673967 CEST49755443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:34.119725943 CEST44349755184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:34.120799065 CEST49755443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:34.121798038 CEST49755443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:34.121820927 CEST44349755184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:34.144716024 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.144743919 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.144784927 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.144814968 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.144833088 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.144861937 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.144866943 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.144897938 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.144933939 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.145549059 CEST49752443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.145564079 CEST4434975213.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.160499096 CEST4434975335.190.72.216192.168.2.8
                                                              Sep 6, 2024 09:58:34.161520958 CEST49753443192.168.2.835.190.72.216
                                                              Sep 6, 2024 09:58:34.182293892 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.182317972 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.182599068 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.182634115 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.182961941 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.182969093 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.182986021 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.182992935 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.183553934 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.183561087 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.183572054 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.183595896 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.184423923 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.184442043 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.184478998 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.184504986 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.184530973 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.186491966 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.187582970 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.188998938 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.189013958 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.189073086 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.189821959 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.273400068 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.273425102 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.273624897 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.273667097 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.273777962 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.273797035 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.273857117 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.274369955 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.274585009 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.274600029 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.274749041 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.274754047 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.275223017 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.275229931 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.275245905 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.275464058 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.275494099 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.276144028 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.276149035 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.276268959 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.276341915 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.276357889 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.276549101 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.276556015 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.276604891 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.276638985 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.278352022 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.278366089 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.278490067 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.278501034 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.278846979 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.364413977 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.364439011 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.364491940 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.364501953 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.364515066 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.364533901 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.364686966 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.364698887 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.364702940 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.364878893 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.364895105 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.364909887 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.364927053 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.364995003 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.364995003 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.365004063 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.365134954 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.365175962 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.365212917 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.366121054 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.366241932 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.366673946 CEST49751443192.168.2.813.107.246.57
                                                              Sep 6, 2024 09:58:34.366698980 CEST4434975113.107.246.57192.168.2.8
                                                              Sep 6, 2024 09:58:34.411807060 CEST804975434.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:58:34.559346914 CEST4975680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:34.567858934 CEST804975634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:58:34.568936110 CEST4975680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:34.569170952 CEST4975680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:34.574035883 CEST804975634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:58:34.597335100 CEST4975480192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:34.730545044 CEST49757443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.730581999 CEST4434975713.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:34.730740070 CEST49757443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.730982065 CEST49757443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.730998039 CEST4434975713.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:34.763844013 CEST44349755184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:34.766166925 CEST49755443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:34.767632008 CEST49755443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:34.767652035 CEST44349755184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:34.767925024 CEST44349755184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:34.769040108 CEST49755443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:34.816502094 CEST44349755184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:34.926613092 CEST49758443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.926662922 CEST4434975813.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:34.926774025 CEST49758443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.927141905 CEST49759443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.927186012 CEST4434975913.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:34.927423000 CEST49760443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.927457094 CEST4434976013.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:34.927535057 CEST49761443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.927565098 CEST4434976113.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:34.927684069 CEST49762443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.927690983 CEST4434976213.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:34.927969933 CEST49758443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.927994013 CEST4434975813.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:34.928162098 CEST49759443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.928172112 CEST49760443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.928459883 CEST49761443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.928459883 CEST49762443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.929591894 CEST49759443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.929603100 CEST4434975913.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:34.929801941 CEST49760443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.929817915 CEST4434976013.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:34.929893017 CEST49761443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.929902077 CEST4434976113.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:34.930010080 CEST49762443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:34.930016041 CEST4434976213.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.013479948 CEST804975634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:58:35.040915012 CEST44349755184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:35.040993929 CEST44349755184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:35.041058064 CEST49755443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:35.042043924 CEST49755443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:35.042066097 CEST44349755184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:35.042079926 CEST49755443192.168.2.8184.28.90.27
                                                              Sep 6, 2024 09:58:35.042087078 CEST44349755184.28.90.27192.168.2.8
                                                              Sep 6, 2024 09:58:35.110153913 CEST4975680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:35.274918079 CEST49763443192.168.2.8142.250.80.78
                                                              Sep 6, 2024 09:58:35.274969101 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.275105000 CEST49763443192.168.2.8142.250.80.78
                                                              Sep 6, 2024 09:58:35.276525021 CEST49763443192.168.2.8142.250.80.78
                                                              Sep 6, 2024 09:58:35.276537895 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.378422976 CEST4434975713.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.378851891 CEST49757443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.378871918 CEST4434975713.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.379220963 CEST4434975713.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.379581928 CEST49757443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.379637957 CEST4434975713.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.379750967 CEST49757443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.424496889 CEST4434975713.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.485779047 CEST4434975713.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.485850096 CEST49757443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.485881090 CEST4434975713.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.485913038 CEST4434975713.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.485972881 CEST49757443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.486972094 CEST49757443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.486993074 CEST4434975713.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.487375021 CEST49764443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.487411022 CEST4434976413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.497095108 CEST49764443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.497520924 CEST49764443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.497531891 CEST4434976413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.572921038 CEST4434975813.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.574594021 CEST49758443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.574624062 CEST4434975813.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.574985027 CEST4434975813.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.578092098 CEST49758443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.578161955 CEST4434975813.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.578268051 CEST49758443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.580868006 CEST4434976113.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.581002951 CEST4434976013.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.581100941 CEST49761443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.581120968 CEST4434976113.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.581253052 CEST49760443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.581265926 CEST4434976013.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.582164049 CEST4434976113.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.582228899 CEST49761443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.582402945 CEST4434976013.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.582655907 CEST49761443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.582655907 CEST49761443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.582704067 CEST4434976113.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.582705975 CEST49760443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.583029032 CEST49760443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.583112001 CEST4434976013.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.583206892 CEST49760443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.583214045 CEST4434976013.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.594552994 CEST4434975913.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.594847918 CEST49759443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.594882011 CEST4434975913.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.595879078 CEST4434976213.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.595932007 CEST4434975913.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.596095085 CEST49759443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.596402884 CEST49759443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.596415043 CEST49762443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.596422911 CEST4434976213.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.596452951 CEST4434975913.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.596556902 CEST49759443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.597538948 CEST4434976213.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.597858906 CEST49762443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.597858906 CEST49762443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.597927094 CEST4434976213.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.597971916 CEST49762443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.624504089 CEST4434975813.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.636801004 CEST49761443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.636815071 CEST4434976113.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.636854887 CEST49759443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.636879921 CEST4434975913.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.644490004 CEST4434976213.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.676018953 CEST4434975813.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.676209927 CEST4434975813.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.682030916 CEST49758443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.684839010 CEST4434976013.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.684937954 CEST4434976013.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.686707020 CEST4434976113.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.687108040 CEST4434976113.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.691775084 CEST49760443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.692043066 CEST49761443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.709666967 CEST4434975913.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.709728956 CEST4434975913.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.722892046 CEST4434976213.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.722954035 CEST4434976213.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.726439953 CEST49762443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.726448059 CEST49759443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.769452095 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.780424118 CEST49763443192.168.2.8142.250.80.78
                                                              Sep 6, 2024 09:58:35.780452967 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.780888081 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.781928062 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.783854961 CEST49763443192.168.2.8142.250.80.78
                                                              Sep 6, 2024 09:58:35.783871889 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.785326004 CEST49761443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.785351992 CEST4434976113.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.785686016 CEST49765443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.785717010 CEST4434976513.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.785989046 CEST49765443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.787281990 CEST49760443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.787291050 CEST4434976013.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.787504911 CEST49758443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.787539005 CEST4434975813.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.788069010 CEST49763443192.168.2.8142.250.80.78
                                                              Sep 6, 2024 09:58:35.788134098 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.788180113 CEST49759443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.788201094 CEST4434975913.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.788460016 CEST49762443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.788465977 CEST4434976213.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.788527966 CEST49765443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:35.788543940 CEST4434976513.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:35.789613008 CEST49763443192.168.2.8142.250.80.78
                                                              Sep 6, 2024 09:58:35.832501888 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.923602104 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.923645020 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.923671961 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.923727036 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.923749924 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.923757076 CEST49763443192.168.2.8142.250.80.78
                                                              Sep 6, 2024 09:58:35.923785925 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.924554110 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.924576998 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.925347090 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.928450108 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.932698965 CEST49763443192.168.2.8142.250.80.78
                                                              Sep 6, 2024 09:58:35.932717085 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:35.940215111 CEST49763443192.168.2.8142.250.80.78
                                                              Sep 6, 2024 09:58:35.942755938 CEST49766443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:35.942801952 CEST44349766142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:35.942905903 CEST49767443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:35.942960024 CEST44349767142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:35.951066017 CEST49766443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:35.951252937 CEST49767443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:35.951477051 CEST49767443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:35.951491117 CEST44349767142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:35.951596975 CEST49766443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:35.951608896 CEST44349766142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.014029026 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:36.014084101 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:36.014113903 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:36.014148951 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:36.014175892 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:36.014204979 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:36.014233112 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:36.014888048 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:36.014925003 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:36.014956951 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:36.015352011 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:36.041033983 CEST49763443192.168.2.8142.250.80.78
                                                              Sep 6, 2024 09:58:36.053134918 CEST49763443192.168.2.8142.250.80.78
                                                              Sep 6, 2024 09:58:36.072668076 CEST49763443192.168.2.8142.250.80.78
                                                              Sep 6, 2024 09:58:36.072705030 CEST44349763142.250.80.78192.168.2.8
                                                              Sep 6, 2024 09:58:36.173887014 CEST4434976413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:36.177057981 CEST49764443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:36.177069902 CEST4434976413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:36.177486897 CEST4434976413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:36.178353071 CEST49764443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:36.178354025 CEST49764443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:36.178422928 CEST4434976413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:36.228466988 CEST49764443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:36.285347939 CEST4434976413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:36.285448074 CEST4434976413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:36.285623074 CEST49764443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:36.286556005 CEST49764443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:36.286578894 CEST4434976413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:36.415143013 CEST44349766142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.415433884 CEST49766443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.415452957 CEST44349766142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.415818930 CEST44349766142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.415831089 CEST44349766142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.415909052 CEST49766443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.416564941 CEST44349766142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.416635990 CEST49766443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.417910099 CEST49766443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.417984962 CEST44349766142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.418225050 CEST49766443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.419101000 CEST4434976513.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:36.419276953 CEST49765443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:36.419295073 CEST4434976513.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:36.419636011 CEST4434976513.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:36.420015097 CEST49765443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:36.420078039 CEST4434976513.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:36.420213938 CEST49765443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:36.438581944 CEST44349767142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.439097881 CEST49767443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.439115047 CEST44349767142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.439460039 CEST44349767142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.439471960 CEST44349767142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.440171003 CEST44349767142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.443161964 CEST49767443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.443171978 CEST44349767142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.443595886 CEST49767443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.443675041 CEST44349767142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.443903923 CEST49767443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.460505962 CEST4434976513.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:36.464493036 CEST44349766142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.484576941 CEST49768443192.168.2.8142.250.80.68
                                                              Sep 6, 2024 09:58:36.484622002 CEST44349768142.250.80.68192.168.2.8
                                                              Sep 6, 2024 09:58:36.484724998 CEST49768443192.168.2.8142.250.80.68
                                                              Sep 6, 2024 09:58:36.484915018 CEST49768443192.168.2.8142.250.80.68
                                                              Sep 6, 2024 09:58:36.484926939 CEST44349768142.250.80.68192.168.2.8
                                                              Sep 6, 2024 09:58:36.487977982 CEST49767443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.487989902 CEST44349767142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.517384052 CEST4434976513.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:36.517461061 CEST49765443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:36.517492056 CEST4434976513.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:36.517503977 CEST4434976513.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:36.518516064 CEST49765443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:36.518838882 CEST49765443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:36.518857002 CEST4434976513.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:36.529522896 CEST44349766142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.535826921 CEST49766443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.536417961 CEST49766443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.536436081 CEST44349766142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.543035984 CEST49767443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.556838036 CEST44349767142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.556896925 CEST44349767142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.558044910 CEST49767443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.559529066 CEST49767443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.559541941 CEST44349767142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.839732885 CEST49769443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.839780092 CEST44349769142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.839855909 CEST49769443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.840066910 CEST49769443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.840085983 CEST44349769142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.872278929 CEST49770443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.872323990 CEST44349770142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.875955105 CEST49770443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.876177073 CEST49770443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.876199007 CEST44349770142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.976351023 CEST44349768142.250.80.68192.168.2.8
                                                              Sep 6, 2024 09:58:36.978084087 CEST49768443192.168.2.8142.250.80.68
                                                              Sep 6, 2024 09:58:36.978104115 CEST44349768142.250.80.68192.168.2.8
                                                              Sep 6, 2024 09:58:36.979233027 CEST44349768142.250.80.68192.168.2.8
                                                              Sep 6, 2024 09:58:36.979648113 CEST49768443192.168.2.8142.250.80.68
                                                              Sep 6, 2024 09:58:36.980951071 CEST49768443192.168.2.8142.250.80.68
                                                              Sep 6, 2024 09:58:36.981050968 CEST44349768142.250.80.68192.168.2.8
                                                              Sep 6, 2024 09:58:36.981142044 CEST49768443192.168.2.8142.250.80.68
                                                              Sep 6, 2024 09:58:36.981153011 CEST44349768142.250.80.68192.168.2.8
                                                              Sep 6, 2024 09:58:37.030824900 CEST49768443192.168.2.8142.250.80.68
                                                              Sep 6, 2024 09:58:37.079858065 CEST44349768142.250.80.68192.168.2.8
                                                              Sep 6, 2024 09:58:37.079896927 CEST44349768142.250.80.68192.168.2.8
                                                              Sep 6, 2024 09:58:37.079951048 CEST44349768142.250.80.68192.168.2.8
                                                              Sep 6, 2024 09:58:37.080065012 CEST44349768142.250.80.68192.168.2.8
                                                              Sep 6, 2024 09:58:37.080271006 CEST49768443192.168.2.8142.250.80.68
                                                              Sep 6, 2024 09:58:37.081721067 CEST49768443192.168.2.8142.250.80.68
                                                              Sep 6, 2024 09:58:37.081743956 CEST44349768142.250.80.68192.168.2.8
                                                              Sep 6, 2024 09:58:37.587394953 CEST44349769142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.587667942 CEST49769443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.587693930 CEST44349769142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.587807894 CEST44349770142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.587977886 CEST49770443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.587995052 CEST44349770142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.588067055 CEST44349769142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.588129044 CEST49769443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.588366985 CEST44349770142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.588458061 CEST49770443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.588938951 CEST44349769142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.589001894 CEST49769443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.589051008 CEST44349770142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.589107990 CEST49770443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.589190960 CEST49769443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.589257002 CEST44349769142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.589283943 CEST49770443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.589344025 CEST44349770142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.643660069 CEST49769443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.643687010 CEST44349769142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.643701077 CEST49770443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.643708944 CEST44349770142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.697056055 CEST49769443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.697056055 CEST49770443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:38.419469118 CEST49773443192.168.2.820.12.23.50
                                                              Sep 6, 2024 09:58:38.419512033 CEST4434977320.12.23.50192.168.2.8
                                                              Sep 6, 2024 09:58:38.419646025 CEST49773443192.168.2.820.12.23.50
                                                              Sep 6, 2024 09:58:38.421019077 CEST49773443192.168.2.820.12.23.50
                                                              Sep 6, 2024 09:58:38.421030045 CEST4434977320.12.23.50192.168.2.8
                                                              Sep 6, 2024 09:58:38.454793930 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:38.454833984 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:38.457876921 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:38.458409071 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:38.458424091 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:38.740057945 CEST49704443192.168.2.823.206.229.226
                                                              Sep 6, 2024 09:58:38.740228891 CEST49704443192.168.2.823.206.229.226
                                                              Sep 6, 2024 09:58:38.740590096 CEST49775443192.168.2.823.206.229.226
                                                              Sep 6, 2024 09:58:38.740637064 CEST4434977523.206.229.226192.168.2.8
                                                              Sep 6, 2024 09:58:38.740705967 CEST49775443192.168.2.823.206.229.226
                                                              Sep 6, 2024 09:58:38.741137981 CEST49775443192.168.2.823.206.229.226
                                                              Sep 6, 2024 09:58:38.741158962 CEST4434977523.206.229.226192.168.2.8
                                                              Sep 6, 2024 09:58:38.744949102 CEST4434970423.206.229.226192.168.2.8
                                                              Sep 6, 2024 09:58:38.744991064 CEST4434970423.206.229.226192.168.2.8
                                                              Sep 6, 2024 09:58:39.040117025 CEST4434977320.12.23.50192.168.2.8
                                                              Sep 6, 2024 09:58:39.040275097 CEST49773443192.168.2.820.12.23.50
                                                              Sep 6, 2024 09:58:39.042808056 CEST49773443192.168.2.820.12.23.50
                                                              Sep 6, 2024 09:58:39.042820930 CEST4434977320.12.23.50192.168.2.8
                                                              Sep 6, 2024 09:58:39.043083906 CEST4434977320.12.23.50192.168.2.8
                                                              Sep 6, 2024 09:58:39.095216990 CEST49773443192.168.2.820.12.23.50
                                                              Sep 6, 2024 09:58:39.113719940 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.114155054 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.114176035 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.114504099 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.114984989 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.114984989 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.115000963 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.115046024 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.159008980 CEST49773443192.168.2.820.12.23.50
                                                              Sep 6, 2024 09:58:39.164288044 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.200498104 CEST4434977320.12.23.50192.168.2.8
                                                              Sep 6, 2024 09:58:39.221343040 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.221364021 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.221371889 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.221385002 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.221391916 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.221398115 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.224061966 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.224061966 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.224082947 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.224301100 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.308651924 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.308682919 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.309473038 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.309495926 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.309520960 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.309577942 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.310738087 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.310755014 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.311420918 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.311450005 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.311856985 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.324911118 CEST4434977523.206.229.226192.168.2.8
                                                              Sep 6, 2024 09:58:39.325292110 CEST49775443192.168.2.823.206.229.226
                                                              Sep 6, 2024 09:58:39.362526894 CEST4434977320.12.23.50192.168.2.8
                                                              Sep 6, 2024 09:58:39.362556934 CEST4434977320.12.23.50192.168.2.8
                                                              Sep 6, 2024 09:58:39.362565041 CEST4434977320.12.23.50192.168.2.8
                                                              Sep 6, 2024 09:58:39.362629890 CEST4434977320.12.23.50192.168.2.8
                                                              Sep 6, 2024 09:58:39.362644911 CEST4434977320.12.23.50192.168.2.8
                                                              Sep 6, 2024 09:58:39.362653017 CEST4434977320.12.23.50192.168.2.8
                                                              Sep 6, 2024 09:58:39.366710901 CEST49773443192.168.2.820.12.23.50
                                                              Sep 6, 2024 09:58:39.366730928 CEST4434977320.12.23.50192.168.2.8
                                                              Sep 6, 2024 09:58:39.366743088 CEST4434977320.12.23.50192.168.2.8
                                                              Sep 6, 2024 09:58:39.366754055 CEST49773443192.168.2.820.12.23.50
                                                              Sep 6, 2024 09:58:39.367832899 CEST49773443192.168.2.820.12.23.50
                                                              Sep 6, 2024 09:58:39.395833969 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.395859957 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.395967007 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.395993948 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.396085978 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.397310972 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.397325993 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.397358894 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.397433043 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.397644043 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.397845984 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.398349047 CEST49774443192.168.2.813.107.246.40
                                                              Sep 6, 2024 09:58:39.398380995 CEST4434977413.107.246.40192.168.2.8
                                                              Sep 6, 2024 09:58:39.404217005 CEST49773443192.168.2.820.12.23.50
                                                              Sep 6, 2024 09:58:39.404242039 CEST4434977320.12.23.50192.168.2.8
                                                              Sep 6, 2024 09:58:39.404252052 CEST49773443192.168.2.820.12.23.50
                                                              Sep 6, 2024 09:58:39.404258966 CEST4434977320.12.23.50192.168.2.8
                                                              Sep 6, 2024 09:58:44.426214933 CEST4975480192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:44.433221102 CEST804975434.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:58:45.027631998 CEST4975680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:45.032612085 CEST804975634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:58:48.420533895 CEST44349738172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:48.420610905 CEST44349738172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:48.420727968 CEST49738443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:48.421117067 CEST44349740172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:48.421185970 CEST44349740172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:48.421281099 CEST49740443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:48.423711061 CEST44349743172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:48.423774004 CEST44349743172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:48.424783945 CEST49743443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:48.424935102 CEST44349742172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:48.424968958 CEST44349742172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:48.425117970 CEST49742443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:48.430438995 CEST44349741172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:48.430502892 CEST44349741172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:48.430578947 CEST49741443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:48.440953016 CEST44349744172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:48.441011906 CEST44349744172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:48.441103935 CEST49744443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:48.441910028 CEST44349739172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:48.441979885 CEST44349739172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:48.442024946 CEST49739443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:50.136425018 CEST49740443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:50.136425018 CEST49743443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:50.136447906 CEST44349740172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:50.136451960 CEST44349743172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:50.136462927 CEST49742443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:50.136501074 CEST44349742172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:50.136513948 CEST49741443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:50.136518955 CEST44349741172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:50.136595964 CEST49744443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:50.136610985 CEST49739443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:50.136616945 CEST44349739172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:50.136616945 CEST44349744172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:50.235848904 CEST49776443192.168.2.8152.195.19.97
                                                              Sep 6, 2024 09:58:50.235889912 CEST44349776152.195.19.97192.168.2.8
                                                              Sep 6, 2024 09:58:50.236079931 CEST49776443192.168.2.8152.195.19.97
                                                              Sep 6, 2024 09:58:50.236290932 CEST49776443192.168.2.8152.195.19.97
                                                              Sep 6, 2024 09:58:50.236310959 CEST44349776152.195.19.97192.168.2.8
                                                              Sep 6, 2024 09:58:50.823297024 CEST44349776152.195.19.97192.168.2.8
                                                              Sep 6, 2024 09:58:50.823658943 CEST49776443192.168.2.8152.195.19.97
                                                              Sep 6, 2024 09:58:50.823688030 CEST44349776152.195.19.97192.168.2.8
                                                              Sep 6, 2024 09:58:50.824937105 CEST44349776152.195.19.97192.168.2.8
                                                              Sep 6, 2024 09:58:50.825016022 CEST49776443192.168.2.8152.195.19.97
                                                              Sep 6, 2024 09:58:50.826114893 CEST49776443192.168.2.8152.195.19.97
                                                              Sep 6, 2024 09:58:50.826184988 CEST44349776152.195.19.97192.168.2.8
                                                              Sep 6, 2024 09:58:50.826292038 CEST49776443192.168.2.8152.195.19.97
                                                              Sep 6, 2024 09:58:50.872498989 CEST44349776152.195.19.97192.168.2.8
                                                              Sep 6, 2024 09:58:50.879889965 CEST49776443192.168.2.8152.195.19.97
                                                              Sep 6, 2024 09:58:50.879911900 CEST44349776152.195.19.97192.168.2.8
                                                              Sep 6, 2024 09:58:50.925559998 CEST49776443192.168.2.8152.195.19.97
                                                              Sep 6, 2024 09:58:50.931416988 CEST44349776152.195.19.97192.168.2.8
                                                              Sep 6, 2024 09:58:50.932317972 CEST44349776152.195.19.97192.168.2.8
                                                              Sep 6, 2024 09:58:50.932326078 CEST44349776152.195.19.97192.168.2.8
                                                              Sep 6, 2024 09:58:50.932359934 CEST44349776152.195.19.97192.168.2.8
                                                              Sep 6, 2024 09:58:50.932372093 CEST44349776152.195.19.97192.168.2.8
                                                              Sep 6, 2024 09:58:50.932389021 CEST44349776152.195.19.97192.168.2.8
                                                              Sep 6, 2024 09:58:50.933175087 CEST49776443192.168.2.8152.195.19.97
                                                              Sep 6, 2024 09:58:50.933861971 CEST49776443192.168.2.8152.195.19.97
                                                              Sep 6, 2024 09:58:50.933875084 CEST44349776152.195.19.97192.168.2.8
                                                              Sep 6, 2024 09:58:51.183469057 CEST49778443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.183478117 CEST44349778162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.184009075 CEST49778443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.184009075 CEST49779443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.184041977 CEST44349779162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.185627937 CEST49778443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.185643911 CEST44349778162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.185698032 CEST49779443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.185970068 CEST49779443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.185986042 CEST44349779162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.642201900 CEST44349778162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.642534018 CEST49778443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.642565966 CEST44349778162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.642919064 CEST44349778162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.643946886 CEST49778443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.644023895 CEST44349778162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.644140959 CEST49778443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.662353992 CEST44349779162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.662749052 CEST49779443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.662766933 CEST44349779162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.663160086 CEST44349779162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.663456917 CEST49779443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.663526058 CEST44349779162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.687737942 CEST49778443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.687750101 CEST44349778162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.728729963 CEST49779443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.761473894 CEST44349778162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.761557102 CEST44349778162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.764051914 CEST49778443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.764282942 CEST49778443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.764301062 CEST44349778162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:54.449855089 CEST4975480192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:54.454752922 CEST804975434.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:58:55.051590919 CEST4975680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:55.056431055 CEST804975634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:58:58.480415106 CEST4434977523.206.229.226192.168.2.8
                                                              Sep 6, 2024 09:58:58.485517025 CEST49775443192.168.2.823.206.229.226
                                                              Sep 6, 2024 09:58:59.448489904 CEST49781443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:58:59.448517084 CEST4434978135.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:58:59.448746920 CEST49781443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:58:59.448923111 CEST49781443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:58:59.448931932 CEST4434978135.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:58:59.463526011 CEST49782443192.168.2.835.190.72.216
                                                              Sep 6, 2024 09:58:59.463550091 CEST4434978235.190.72.216192.168.2.8
                                                              Sep 6, 2024 09:58:59.463668108 CEST49782443192.168.2.835.190.72.216
                                                              Sep 6, 2024 09:58:59.465096951 CEST49782443192.168.2.835.190.72.216
                                                              Sep 6, 2024 09:58:59.465109110 CEST4434978235.190.72.216192.168.2.8
                                                              Sep 6, 2024 09:58:59.471029043 CEST49783443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:58:59.471060038 CEST4434978334.149.100.209192.168.2.8
                                                              Sep 6, 2024 09:58:59.471389055 CEST49783443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:58:59.471539021 CEST49783443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:58:59.471551895 CEST4434978334.149.100.209192.168.2.8
                                                              Sep 6, 2024 09:58:59.575356960 CEST49784443192.168.2.818.65.39.31
                                                              Sep 6, 2024 09:58:59.575398922 CEST4434978418.65.39.31192.168.2.8
                                                              Sep 6, 2024 09:58:59.575501919 CEST49784443192.168.2.818.65.39.31
                                                              Sep 6, 2024 09:58:59.575602055 CEST49784443192.168.2.818.65.39.31
                                                              Sep 6, 2024 09:58:59.575613976 CEST4434978418.65.39.31192.168.2.8
                                                              Sep 6, 2024 09:58:59.917594910 CEST4434978135.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:58:59.917759895 CEST49781443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:58:59.919310093 CEST4434978235.190.72.216192.168.2.8
                                                              Sep 6, 2024 09:58:59.919411898 CEST49782443192.168.2.835.190.72.216
                                                              Sep 6, 2024 09:58:59.921855927 CEST49781443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:58:59.921868086 CEST4434978135.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:58:59.922118902 CEST4434978135.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:58:59.926558971 CEST49781443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:58:59.926724911 CEST4434978135.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:58:59.926861048 CEST49781443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:58:59.926870108 CEST4434978135.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:58:59.927412033 CEST49781443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:58:59.928462982 CEST4975680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:59.929621935 CEST4975480192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:59.929651976 CEST49782443192.168.2.835.190.72.216
                                                              Sep 6, 2024 09:58:59.929677010 CEST4434978235.190.72.216192.168.2.8
                                                              Sep 6, 2024 09:58:59.929718018 CEST49782443192.168.2.835.190.72.216
                                                              Sep 6, 2024 09:58:59.929824114 CEST4434978235.190.72.216192.168.2.8
                                                              Sep 6, 2024 09:58:59.930121899 CEST49782443192.168.2.835.190.72.216
                                                              Sep 6, 2024 09:58:59.930609941 CEST4434978334.149.100.209192.168.2.8
                                                              Sep 6, 2024 09:58:59.930773973 CEST49783443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:58:59.933432102 CEST804975634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:58:59.933517933 CEST49783443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:58:59.933532953 CEST4434978334.149.100.209192.168.2.8
                                                              Sep 6, 2024 09:58:59.933677912 CEST4975680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:59.933795929 CEST4434978334.149.100.209192.168.2.8
                                                              Sep 6, 2024 09:58:59.934521914 CEST804975434.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:58:59.936326981 CEST49783443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:58:59.936362028 CEST4975480192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:59.936474085 CEST49783443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:58:59.936557055 CEST4434978334.149.100.209192.168.2.8
                                                              Sep 6, 2024 09:58:59.936964989 CEST49785443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:58:59.936969042 CEST49783443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:58:59.937004089 CEST4434978534.149.100.209192.168.2.8
                                                              Sep 6, 2024 09:58:59.937114954 CEST49785443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:58:59.937293053 CEST49785443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:58:59.937303066 CEST4434978534.149.100.209192.168.2.8
                                                              Sep 6, 2024 09:58:59.941679001 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:59.946386099 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:58:59.946485996 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:59.946633101 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:58:59.951941013 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:00.279679060 CEST4434978418.65.39.31192.168.2.8
                                                              Sep 6, 2024 09:59:00.279838085 CEST49784443192.168.2.818.65.39.31
                                                              Sep 6, 2024 09:59:00.283225060 CEST49784443192.168.2.818.65.39.31
                                                              Sep 6, 2024 09:59:00.283235073 CEST4434978418.65.39.31192.168.2.8
                                                              Sep 6, 2024 09:59:00.283507109 CEST4434978418.65.39.31192.168.2.8
                                                              Sep 6, 2024 09:59:00.285746098 CEST49784443192.168.2.818.65.39.31
                                                              Sep 6, 2024 09:59:00.285852909 CEST49784443192.168.2.818.65.39.31
                                                              Sep 6, 2024 09:59:00.285942078 CEST4434978418.65.39.31192.168.2.8
                                                              Sep 6, 2024 09:59:00.292887926 CEST49784443192.168.2.818.65.39.31
                                                              Sep 6, 2024 09:59:00.294714928 CEST49787443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.294753075 CEST4434978735.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.295015097 CEST49787443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.295136929 CEST49787443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.295150995 CEST4434978735.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.303942919 CEST49788443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.303972006 CEST4434978835.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.304054976 CEST49788443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.304075956 CEST49789443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.304085016 CEST4434978935.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.304161072 CEST49788443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.304188013 CEST4434978835.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.304428101 CEST49789443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.304518938 CEST49789443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.304528952 CEST4434978935.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.397656918 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:00.400037050 CEST4434978534.149.100.209192.168.2.8
                                                              Sep 6, 2024 09:59:00.401051998 CEST49785443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:59:00.404194117 CEST49785443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:59:00.404201984 CEST4434978534.149.100.209192.168.2.8
                                                              Sep 6, 2024 09:59:00.404448032 CEST4434978534.149.100.209192.168.2.8
                                                              Sep 6, 2024 09:59:00.409084082 CEST49785443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:59:00.409188986 CEST49785443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:59:00.409286976 CEST4434978534.149.100.209192.168.2.8
                                                              Sep 6, 2024 09:59:00.410631895 CEST49785443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:59:00.410814047 CEST49785443192.168.2.834.149.100.209
                                                              Sep 6, 2024 09:59:00.415039062 CEST4979080192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.419972897 CEST804979034.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:00.420048952 CEST4979080192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.420217037 CEST4979080192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.421047926 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.425173044 CEST804979034.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:00.425849915 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:00.516268969 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:00.517201900 CEST4979080192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.520103931 CEST4979180192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.524997950 CEST804979134.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:00.525067091 CEST4979180192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.525234938 CEST4979180192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.530137062 CEST804979134.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:00.563214064 CEST804979034.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:00.567507029 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.761456013 CEST4434978735.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.761538029 CEST49787443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.764605045 CEST49787443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.764611959 CEST4434978735.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.764868975 CEST4434978735.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.767267942 CEST49787443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.767431021 CEST4434978735.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.767471075 CEST49787443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.767478943 CEST4434978735.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.771954060 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.776746035 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:00.779129028 CEST4434978935.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.779192924 CEST49789443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.781965971 CEST49789443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.781972885 CEST4434978935.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.782207012 CEST4434978935.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.785372019 CEST49789443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.785459995 CEST49789443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.785516977 CEST4434978935.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.785588026 CEST49789443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.789652109 CEST804979034.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:00.789791107 CEST4979080192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.802350044 CEST4434978835.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.802412987 CEST49788443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.804997921 CEST49788443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.805006981 CEST4434978835.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.805242062 CEST4434978835.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.807596922 CEST49788443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.807667971 CEST49788443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.807753086 CEST4434978835.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.807929993 CEST49788443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:00.867539883 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:00.868262053 CEST4979180192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.871969938 CEST4979380192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.876791954 CEST804979334.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:00.876858950 CEST4979380192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.876976967 CEST4979380192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.881903887 CEST804979334.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:00.902168989 CEST804979134.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:00.902225018 CEST4979180192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.907269001 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:00.972496986 CEST4434978735.244.181.201192.168.2.8
                                                              Sep 6, 2024 09:59:00.972557068 CEST49787443192.168.2.835.244.181.201
                                                              Sep 6, 2024 09:59:01.336219072 CEST804979334.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:01.382046938 CEST4979380192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:06.572331905 CEST44349779162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:59:06.572432041 CEST44349779162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:59:06.572594881 CEST49779443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:59:08.141148090 CEST4970380192.168.2.8199.232.214.172
                                                              Sep 6, 2024 09:59:08.146523952 CEST8049703199.232.214.172192.168.2.8
                                                              Sep 6, 2024 09:59:08.147249937 CEST4970380192.168.2.8199.232.214.172
                                                              Sep 6, 2024 09:59:10.871162891 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:10.876152039 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:11.345453978 CEST4979380192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:11.350409985 CEST804979334.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:16.341581106 CEST49794443192.168.2.840.68.123.157
                                                              Sep 6, 2024 09:59:16.341612101 CEST4434979440.68.123.157192.168.2.8
                                                              Sep 6, 2024 09:59:16.341722012 CEST49794443192.168.2.840.68.123.157
                                                              Sep 6, 2024 09:59:16.342084885 CEST49794443192.168.2.840.68.123.157
                                                              Sep 6, 2024 09:59:16.342099905 CEST4434979440.68.123.157192.168.2.8
                                                              Sep 6, 2024 09:59:17.129198074 CEST4434979440.68.123.157192.168.2.8
                                                              Sep 6, 2024 09:59:17.138734102 CEST49794443192.168.2.840.68.123.157
                                                              Sep 6, 2024 09:59:17.140073061 CEST49794443192.168.2.840.68.123.157
                                                              Sep 6, 2024 09:59:17.140084028 CEST4434979440.68.123.157192.168.2.8
                                                              Sep 6, 2024 09:59:17.140443087 CEST4434979440.68.123.157192.168.2.8
                                                              Sep 6, 2024 09:59:17.141422033 CEST49794443192.168.2.840.68.123.157
                                                              Sep 6, 2024 09:59:17.188498020 CEST4434979440.68.123.157192.168.2.8
                                                              Sep 6, 2024 09:59:17.513717890 CEST4434979440.68.123.157192.168.2.8
                                                              Sep 6, 2024 09:59:17.513756990 CEST4434979440.68.123.157192.168.2.8
                                                              Sep 6, 2024 09:59:17.513775110 CEST4434979440.68.123.157192.168.2.8
                                                              Sep 6, 2024 09:59:17.513906002 CEST49794443192.168.2.840.68.123.157
                                                              Sep 6, 2024 09:59:17.513931990 CEST4434979440.68.123.157192.168.2.8
                                                              Sep 6, 2024 09:59:17.514120102 CEST49794443192.168.2.840.68.123.157
                                                              Sep 6, 2024 09:59:17.514914989 CEST4434979440.68.123.157192.168.2.8
                                                              Sep 6, 2024 09:59:17.514962912 CEST4434979440.68.123.157192.168.2.8
                                                              Sep 6, 2024 09:59:17.515013933 CEST4434979440.68.123.157192.168.2.8
                                                              Sep 6, 2024 09:59:17.515022039 CEST49794443192.168.2.840.68.123.157
                                                              Sep 6, 2024 09:59:17.515049934 CEST49794443192.168.2.840.68.123.157
                                                              Sep 6, 2024 09:59:17.516371012 CEST49794443192.168.2.840.68.123.157
                                                              Sep 6, 2024 09:59:17.516391993 CEST4434979440.68.123.157192.168.2.8
                                                              Sep 6, 2024 09:59:17.516406059 CEST49794443192.168.2.840.68.123.157
                                                              Sep 6, 2024 09:59:17.516412020 CEST4434979440.68.123.157192.168.2.8
                                                              Sep 6, 2024 09:59:20.888786077 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:20.893618107 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:21.358987093 CEST4979380192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:21.363878965 CEST804979334.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:22.653944016 CEST49769443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:59:22.653970957 CEST44349769142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:59:22.654036999 CEST49770443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:59:22.654045105 CEST44349770142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:59:25.645081997 CEST49779443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:59:25.645131111 CEST44349779162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:59:29.069163084 CEST49796443192.168.2.823.219.161.132
                                                              Sep 6, 2024 09:59:29.069207907 CEST4434979623.219.161.132192.168.2.8
                                                              Sep 6, 2024 09:59:29.069284916 CEST49796443192.168.2.823.219.161.132
                                                              Sep 6, 2024 09:59:29.069547892 CEST49796443192.168.2.823.219.161.132
                                                              Sep 6, 2024 09:59:29.069560051 CEST4434979623.219.161.132192.168.2.8
                                                              Sep 6, 2024 09:59:29.559524059 CEST4434979623.219.161.132192.168.2.8
                                                              Sep 6, 2024 09:59:29.560045004 CEST49796443192.168.2.823.219.161.132
                                                              Sep 6, 2024 09:59:29.560074091 CEST4434979623.219.161.132192.168.2.8
                                                              Sep 6, 2024 09:59:29.560419083 CEST4434979623.219.161.132192.168.2.8
                                                              Sep 6, 2024 09:59:29.561681032 CEST49796443192.168.2.823.219.161.132
                                                              Sep 6, 2024 09:59:29.561775923 CEST4434979623.219.161.132192.168.2.8
                                                              Sep 6, 2024 09:59:29.561867952 CEST49796443192.168.2.823.219.161.132
                                                              Sep 6, 2024 09:59:29.608494043 CEST4434979623.219.161.132192.168.2.8
                                                              Sep 6, 2024 09:59:29.612454891 CEST49796443192.168.2.823.219.161.132
                                                              Sep 6, 2024 09:59:29.726200104 CEST4434979623.219.161.132192.168.2.8
                                                              Sep 6, 2024 09:59:29.726284027 CEST4434979623.219.161.132192.168.2.8
                                                              Sep 6, 2024 09:59:29.726555109 CEST49796443192.168.2.823.219.161.132
                                                              Sep 6, 2024 09:59:29.726582050 CEST4434979623.219.161.132192.168.2.8
                                                              Sep 6, 2024 09:59:29.726632118 CEST49796443192.168.2.823.219.161.132
                                                              Sep 6, 2024 09:59:29.726650953 CEST49796443192.168.2.823.219.161.132
                                                              Sep 6, 2024 09:59:30.900424004 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:30.905253887 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:31.022572994 CEST49797443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.022619009 CEST4434979734.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.023061037 CEST49798443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.023068905 CEST4434979834.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.023211956 CEST49799443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.023252010 CEST4434979934.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.023374081 CEST49800443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.023386002 CEST4434980034.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.023521900 CEST49801443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.023528099 CEST4434980134.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.023669004 CEST49802443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.023674965 CEST4434980234.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.024229050 CEST49797443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.024259090 CEST49800443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.024259090 CEST49798443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.024259090 CEST49799443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.024259090 CEST49801443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.024499893 CEST49802443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.024678946 CEST49797443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.024694920 CEST4434979734.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.024844885 CEST49800443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.024857998 CEST4434980034.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.024895906 CEST49799443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.024905920 CEST4434979934.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.024974108 CEST49798443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.024988890 CEST4434979834.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.025264978 CEST49801443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.025283098 CEST4434980134.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.025333881 CEST49802443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.025346041 CEST4434980234.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.370120049 CEST4979380192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:31.375209093 CEST804979334.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:31.485759020 CEST4434980034.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.485937119 CEST49800443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.486331940 CEST4434979734.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.486509085 CEST4434979834.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.486546993 CEST49797443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.486696959 CEST49798443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.487696886 CEST4434979934.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.488954067 CEST49799443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.489450932 CEST49800443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.489460945 CEST4434980034.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.489720106 CEST4434980034.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.492248058 CEST49797443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.492261887 CEST4434979734.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.492374897 CEST4434980134.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.492507935 CEST4434979734.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.494111061 CEST49801443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.495419979 CEST49799443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.495425940 CEST4434979934.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.495713949 CEST4434979934.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.499156952 CEST4434980234.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.499294043 CEST49798443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.499311924 CEST4434979834.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.499583006 CEST4434979834.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.502067089 CEST49801443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.502080917 CEST4434980134.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.502347946 CEST4434980134.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.507424116 CEST49800443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.507536888 CEST49800443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.507633924 CEST4434980034.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.508343935 CEST49797443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.508409977 CEST49797443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.508491039 CEST4434980234.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.508503914 CEST4434979734.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.508534908 CEST49799443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.508572102 CEST49798443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.508711100 CEST4434979934.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.508783102 CEST4434979834.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.509098053 CEST49800443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.509218931 CEST49802443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.509231091 CEST49797443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.509247065 CEST49799443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.509325027 CEST49798443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.557409048 CEST49801443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.643848896 CEST49798443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.643942118 CEST49799443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.643975019 CEST4434979934.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.644294024 CEST49803443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.644319057 CEST4434980334.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.644376040 CEST49803443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.644395113 CEST49801443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.644488096 CEST49801443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.647824049 CEST49802443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.647835016 CEST4434980234.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.648200035 CEST4434980234.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.648392916 CEST49804443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.648415089 CEST4434980434.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.648472071 CEST49804443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.648657084 CEST49803443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.648674011 CEST4434980334.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.648931980 CEST49804443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.648941994 CEST4434980434.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.651752949 CEST49802443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.651825905 CEST49802443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.651945114 CEST4434980234.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:31.652602911 CEST49802443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:31.698174953 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:31.703366995 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:31.793795109 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:31.838404894 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:32.106769085 CEST4434980434.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:32.106905937 CEST49804443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:32.109875917 CEST49804443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:32.109885931 CEST4434980434.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:32.110172033 CEST4434980434.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:32.111793995 CEST49804443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:32.111906052 CEST49804443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:32.111999035 CEST4434980434.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:32.112293005 CEST4434980334.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:32.112365961 CEST49804443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:32.112395048 CEST49803443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:32.115052938 CEST49803443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:32.115072966 CEST4434980334.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:32.115314007 CEST4434980334.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:32.117141008 CEST49803443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:32.117243052 CEST49803443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:32.117304087 CEST4434980334.120.208.123192.168.2.8
                                                              Sep 6, 2024 09:59:32.117371082 CEST49803443192.168.2.834.120.208.123
                                                              Sep 6, 2024 09:59:32.456109047 CEST4979380192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:32.456422091 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:32.461093903 CEST804979334.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:32.461416960 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:32.550693989 CEST804979334.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:32.551930904 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:32.596173048 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:32.596177101 CEST4979380192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:32.947365046 CEST4979380192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:32.952373981 CEST804979334.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:33.044213057 CEST804979334.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:33.090732098 CEST4979380192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:33.422863007 CEST49738443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:33.422888041 CEST44349738172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:42.556631088 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:42.561482906 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:43.054485083 CEST4979380192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:43.059464931 CEST804979334.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:52.563859940 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:52.569266081 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 09:59:53.065325022 CEST4979380192.168.2.834.107.221.82
                                                              Sep 6, 2024 09:59:53.070152998 CEST804979334.107.221.82192.168.2.8
                                                              Sep 6, 2024 10:00:02.576515913 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 10:00:02.581445932 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 10:00:03.074661016 CEST4979380192.168.2.834.107.221.82
                                                              Sep 6, 2024 10:00:03.079493046 CEST804979334.107.221.82192.168.2.8
                                                              Sep 6, 2024 10:00:07.661640882 CEST49769443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 10:00:07.661640882 CEST49770443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 10:00:07.661669016 CEST44349769142.250.81.238192.168.2.8
                                                              Sep 6, 2024 10:00:07.661683083 CEST44349770142.250.81.238192.168.2.8
                                                              Sep 6, 2024 10:00:12.581672907 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 10:00:12.586484909 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 10:00:13.089909077 CEST4979380192.168.2.834.107.221.82
                                                              Sep 6, 2024 10:00:13.094924927 CEST804979334.107.221.82192.168.2.8
                                                              Sep 6, 2024 10:00:18.425172091 CEST49738443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 10:00:18.425198078 CEST44349738172.64.41.3192.168.2.8
                                                              Sep 6, 2024 10:00:22.588207006 CEST4978680192.168.2.834.107.221.82
                                                              Sep 6, 2024 10:00:22.593071938 CEST804978634.107.221.82192.168.2.8
                                                              Sep 6, 2024 10:00:23.104576111 CEST4979380192.168.2.834.107.221.82
                                                              Sep 6, 2024 10:00:23.109380960 CEST804979334.107.221.82192.168.2.8
                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 6, 2024 09:58:26.384176016 CEST53554201.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:28.306557894 CEST5945953192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:28.306986094 CEST6005453192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:29.831855059 CEST5568753192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:29.832117081 CEST6243553192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:29.838861942 CEST53556871.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:29.840066910 CEST53624351.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:29.852696896 CEST53640451.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:30.029495955 CEST53554111.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:30.922420025 CEST6299453192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:30.922575951 CEST6103853192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:30.922825098 CEST5695653192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:30.923024893 CEST5540953192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:30.929229021 CEST53629941.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:30.929239035 CEST53610381.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:30.929320097 CEST53569561.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:30.929575920 CEST53554091.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:31.177336931 CEST5759853192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:31.177488089 CEST6383453192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:31.184253931 CEST53575981.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:31.185060024 CEST53638341.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:31.538919926 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:31.841624022 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.008416891 CEST44362269172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.008433104 CEST44362269172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.008447886 CEST44362269172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.008500099 CEST44362269172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:32.040951967 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.042805910 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.043859005 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.043968916 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.045100927 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.045211077 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.045303106 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.045411110 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.193968058 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.194013119 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.194096088 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.194096088 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.194479942 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.194514036 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.194577932 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.194612026 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:32.196757078 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.051044941 CEST44362269172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.051552057 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.139909029 CEST44362269172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.142565966 CEST44362269172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.142596006 CEST44362269172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.142612934 CEST44362269172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.142616987 CEST44362269172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.143371105 CEST44362269172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.145163059 CEST44362269172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.146167994 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.146253109 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.183809042 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.250436068 CEST44362269172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.278691053 CEST62269443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.465940952 CEST5884453192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:33.473340988 CEST53588441.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:33.474478006 CEST6256853192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:33.481637955 CEST53625681.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:33.503525972 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.503576994 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.503596067 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.503604889 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.504331112 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.505912066 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.506232023 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.506366968 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.599948883 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.599972010 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.599982977 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.599992990 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.600502014 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.600589037 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.694739103 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:33.721579075 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:33.954065084 CEST5673453192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:33.962352991 CEST5186653192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:33.970067978 CEST53518661.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:33.970660925 CEST5030353192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:33.977505922 CEST53503031.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:34.501724005 CEST5966553192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:34.509197950 CEST53596651.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:34.516393900 CEST5999553192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:34.520853043 CEST5620653192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:34.523562908 CEST53599951.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:34.621536970 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:34.621644020 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:34.716360092 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:34.717860937 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:34.718187094 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:34.729785919 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:34.962137938 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:34.962367058 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:35.056900024 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:35.057876110 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:35.057924032 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:35.059076071 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:35.060913086 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:35.177134037 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:35.178024054 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:35.178455114 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:35.178716898 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:35.179702997 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:35.197751045 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:35.207333088 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:35.210053921 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:35.271750927 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:35.273132086 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:35.273813963 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:35.274158001 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:35.274269104 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:35.274281025 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:35.274292946 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:35.274467945 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:35.275054932 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:35.293509960 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:35.293528080 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:35.295975924 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:35.510804892 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.511360884 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.511435986 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.511451960 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.511465073 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.511842966 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:35.512567997 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:35.512769938 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:35.612118006 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.612138987 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.612152100 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.612613916 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:35.640006065 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:35.649952888 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.650319099 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:35.650378942 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.650404930 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.656625986 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:35.665501118 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.665847063 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.665863991 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.665945053 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.669486046 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:35.669843912 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:35.748042107 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:35.768910885 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.820097923 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.820421934 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:35.841820955 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:35.841984034 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:35.846072912 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:35.938123941 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:35.939054966 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:35.939826965 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:35.941890955 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:35.945775986 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:35.951864004 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:36.077366114 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:36.253520966 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:36.378583908 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:36.378617048 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:36.379765987 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:36.380995035 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:36.380995035 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:36.384342909 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:36.482656002 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:36.483136892 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:36.483194113 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:36.483927011 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:36.487339973 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:36.538113117 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.839235067 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.981646061 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.981722116 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.982194901 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.988301992 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.988404989 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.988411903 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.988424063 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:36.988691092 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.989034891 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.990129948 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.990294933 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.990719080 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.990741014 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:36.995696068 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.084461927 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.084511042 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.085120916 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.085673094 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.090116978 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.090327024 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.100594044 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.100872040 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.102587938 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.104792118 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.104973078 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.105081081 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.132586002 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:37.199707031 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:37.442428112 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:37.442534924 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:37.546474934 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:37.787343979 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:37.787357092 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:37.787457943 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:37.787587881 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:37.787741899 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:37.788278103 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:37.788290024 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:37.789215088 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:37.828808069 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:37.834726095 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:37.875667095 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:37.887804031 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:37.888067007 CEST54121443192.168.2.8172.253.122.84
                                                              Sep 6, 2024 09:58:37.918406010 CEST44354121172.253.122.84192.168.2.8
                                                              Sep 6, 2024 09:58:44.546000957 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:44.550662994 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:44.645062923 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:44.680449009 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:44.681134939 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:44.681194067 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:44.681541920 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:44.711735964 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:58:44.802153111 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:58:50.137310028 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:50.137748957 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:50.232142925 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:50.233546972 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:50.233616114 CEST44353791172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:58:50.235153913 CEST53791443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:58:51.182919025 CEST57515443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.501336098 CEST57515443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.644486904 CEST44357515162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.644505024 CEST44357515162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.644516945 CEST44357515162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.644653082 CEST44357515162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.644665003 CEST44357515162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.644926071 CEST57515443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.646459103 CEST57515443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.646568060 CEST57515443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.646833897 CEST57515443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.741724014 CEST44357515162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.741749048 CEST44357515162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.741758108 CEST44357515162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.741765022 CEST44357515162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.742232084 CEST57515443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.742363930 CEST57515443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.742655993 CEST44357515162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.769929886 CEST57515443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:51.836397886 CEST44357515162.159.61.3192.168.2.8
                                                              Sep 6, 2024 09:58:51.863944054 CEST57515443192.168.2.8162.159.61.3
                                                              Sep 6, 2024 09:58:59.448673010 CEST6312653192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:59.456113100 CEST53631261.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:59.456653118 CEST5231253192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:59.462985039 CEST5041853192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:59.463835001 CEST53523121.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:59.469657898 CEST53504181.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:59.471333027 CEST5014953192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:59.478043079 CEST53501491.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:59.478598118 CEST6083353192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:59.485332966 CEST53608331.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:59.567361116 CEST5968053192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:59.574599981 CEST53596801.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:59.575541019 CEST5141953192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:59.582771063 CEST53514191.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:59.583226919 CEST5365853192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:58:59.590666056 CEST53536581.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:58:59.934154034 CEST5268553192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:59:06.218386889 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:59:06.264303923 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:59:06.342365026 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:59:06.343053102 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:59:06.343122959 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:59:06.378191948 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:59:06.380696058 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:59:06.380753040 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:59:06.383557081 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:59:06.415803909 CEST53326443192.168.2.8142.250.81.238
                                                              Sep 6, 2024 09:59:06.463530064 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:59:06.510900021 CEST44353326142.250.81.238192.168.2.8
                                                              Sep 6, 2024 09:59:07.221610069 CEST138138192.168.2.8192.168.2.255
                                                              Sep 6, 2024 09:59:28.309042931 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:28.309137106 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:28.309303999 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:28.309360981 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:28.766091108 CEST44358689172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:28.766812086 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:28.794831991 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:28.866365910 CEST44358689172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:28.866395950 CEST44358689172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:28.866405964 CEST44358689172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:28.866415024 CEST44358689172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:28.866802931 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:28.866862059 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:28.966314077 CEST44358689172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:28.966670990 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:29.067059994 CEST44358689172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:29.068106890 CEST44358689172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:29.068322897 CEST44358689172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:29.068682909 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:29.930059910 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:29.930167913 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:30.030662060 CEST44358689172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:30.030949116 CEST44358689172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:30.031333923 CEST44358689172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:30.031621933 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:30.032790899 CEST57911443192.168.2.823.57.90.143
                                                              Sep 6, 2024 09:59:30.343513966 CEST57911443192.168.2.823.57.90.143
                                                              Sep 6, 2024 09:59:30.475033045 CEST4435791123.57.90.143192.168.2.8
                                                              Sep 6, 2024 09:59:30.479142904 CEST4435791123.57.90.143192.168.2.8
                                                              Sep 6, 2024 09:59:30.479243040 CEST4435791123.57.90.143192.168.2.8
                                                              Sep 6, 2024 09:59:30.479288101 CEST4435791123.57.90.143192.168.2.8
                                                              Sep 6, 2024 09:59:30.479350090 CEST4435791123.57.90.143192.168.2.8
                                                              Sep 6, 2024 09:59:30.479659081 CEST57911443192.168.2.823.57.90.143
                                                              Sep 6, 2024 09:59:30.481494904 CEST57911443192.168.2.823.57.90.143
                                                              Sep 6, 2024 09:59:30.481661081 CEST57911443192.168.2.823.57.90.143
                                                              Sep 6, 2024 09:59:30.579382896 CEST4435791123.57.90.143192.168.2.8
                                                              Sep 6, 2024 09:59:30.579405069 CEST4435791123.57.90.143192.168.2.8
                                                              Sep 6, 2024 09:59:30.579417944 CEST4435791123.57.90.143192.168.2.8
                                                              Sep 6, 2024 09:59:30.579428911 CEST4435791123.57.90.143192.168.2.8
                                                              Sep 6, 2024 09:59:30.579829931 CEST57911443192.168.2.823.57.90.143
                                                              Sep 6, 2024 09:59:30.579951048 CEST57911443192.168.2.823.57.90.143
                                                              Sep 6, 2024 09:59:30.675626993 CEST4435791123.57.90.143192.168.2.8
                                                              Sep 6, 2024 09:59:31.024126053 CEST5460253192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:59:31.031033039 CEST53546021.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:59:31.032686949 CEST5589453192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:59:31.040004969 CEST53558941.1.1.1192.168.2.8
                                                              Sep 6, 2024 09:59:31.698312044 CEST5879553192.168.2.81.1.1.1
                                                              Sep 6, 2024 09:59:36.246455908 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:36.246583939 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:37.169996023 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:37.211141109 CEST44358689172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:37.211589098 CEST44358689172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:37.211826086 CEST44358689172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:37.213573933 CEST58689443192.168.2.8172.64.41.3
                                                              Sep 6, 2024 09:59:37.214543104 CEST50704443192.168.2.8172.253.63.84
                                                              Sep 6, 2024 09:59:37.214653015 CEST50704443192.168.2.8172.253.63.84
                                                              Sep 6, 2024 09:59:37.269428968 CEST44358689172.64.41.3192.168.2.8
                                                              Sep 6, 2024 09:59:37.671649933 CEST44350704172.253.63.84192.168.2.8
                                                              Sep 6, 2024 09:59:37.671727896 CEST44350704172.253.63.84192.168.2.8
                                                              Sep 6, 2024 09:59:37.671742916 CEST44350704172.253.63.84192.168.2.8
                                                              Sep 6, 2024 09:59:37.672764063 CEST50704443192.168.2.8172.253.63.84
                                                              Sep 6, 2024 09:59:37.672842979 CEST50704443192.168.2.8172.253.63.84
                                                              Sep 6, 2024 09:59:37.673129082 CEST50704443192.168.2.8172.253.63.84
                                                              Sep 6, 2024 09:59:37.695552111 CEST44350704172.253.63.84192.168.2.8
                                                              Sep 6, 2024 09:59:37.777515888 CEST44350704172.253.63.84192.168.2.8
                                                              Sep 6, 2024 09:59:37.778045893 CEST44350704172.253.63.84192.168.2.8
                                                              Sep 6, 2024 09:59:37.778347015 CEST50704443192.168.2.8172.253.63.84
                                                              Sep 6, 2024 09:59:37.819540977 CEST44350704172.253.63.84192.168.2.8
                                                              Sep 6, 2024 09:59:37.819578886 CEST44350704172.253.63.84192.168.2.8
                                                              Sep 6, 2024 09:59:37.819590092 CEST44350704172.253.63.84192.168.2.8
                                                              Sep 6, 2024 09:59:37.820518970 CEST50704443192.168.2.8172.253.63.84
                                                              Sep 6, 2024 09:59:37.820765972 CEST50704443192.168.2.8172.253.63.84
                                                              Sep 6, 2024 09:59:37.865565062 CEST50704443192.168.2.8172.253.63.84
                                                              Sep 6, 2024 09:59:37.951359034 CEST44350704172.253.63.84192.168.2.8
                                                              Sep 6, 2024 09:59:50.579376936 CEST4435791123.57.90.143192.168.2.8
                                                              Sep 6, 2024 09:59:50.612096071 CEST57911443192.168.2.823.57.90.143
                                                              Sep 6, 2024 09:59:51.079063892 CEST4435791123.57.90.143192.168.2.8
                                                              Sep 6, 2024 09:59:51.113430023 CEST57911443192.168.2.823.57.90.143
                                                              Sep 6, 2024 10:00:00.587867975 CEST4435791123.57.90.143192.168.2.8
                                                              Sep 6, 2024 10:00:29.985008955 CEST57326443192.168.2.823.57.90.143
                                                              Sep 6, 2024 10:00:30.430342913 CEST4435732623.57.90.143192.168.2.8
                                                              Sep 6, 2024 10:00:30.430417061 CEST4435732623.57.90.143192.168.2.8
                                                              TimestampSource IPDest IPChecksumCodeType
                                                              Sep 6, 2024 09:58:31.513995886 CEST192.168.2.81.1.1.1c292(Port unreachable)Destination Unreachable
                                                              Sep 6, 2024 09:58:33.061017990 CEST192.168.2.81.1.1.1c245(Port unreachable)Destination Unreachable
                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Sep 6, 2024 09:58:28.306557894 CEST192.168.2.81.1.1.10x6b8cStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:28.306986094 CEST192.168.2.81.1.1.10x76c5Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                              Sep 6, 2024 09:58:29.831855059 CEST192.168.2.81.1.1.10xc9bStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:29.832117081 CEST192.168.2.81.1.1.10x1313Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                              Sep 6, 2024 09:58:30.922420025 CEST192.168.2.81.1.1.10x8b4eStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:30.922575951 CEST192.168.2.81.1.1.10x32fbStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 6, 2024 09:58:30.922825098 CEST192.168.2.81.1.1.10x655bStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:30.923024893 CEST192.168.2.81.1.1.10xbd3Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 6, 2024 09:58:31.177336931 CEST192.168.2.81.1.1.10xeddeStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:31.177488089 CEST192.168.2.81.1.1.10x8c9aStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.465940952 CEST192.168.2.81.1.1.10xeef4Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.474478006 CEST192.168.2.81.1.1.10x1018Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.954065084 CEST192.168.2.81.1.1.10x8f2Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.962352991 CEST192.168.2.81.1.1.10x41daStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.970660925 CEST192.168.2.81.1.1.10xff0bStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Sep 6, 2024 09:58:34.501724005 CEST192.168.2.81.1.1.10x293fStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:34.516393900 CEST192.168.2.81.1.1.10x7d21Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:34.520853043 CEST192.168.2.81.1.1.10xa42Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.448673010 CEST192.168.2.81.1.1.10x4ef7Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.456653118 CEST192.168.2.81.1.1.10x1ca0Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.462985039 CEST192.168.2.81.1.1.10xeb62Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.471333027 CEST192.168.2.81.1.1.10x7111Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.478598118 CEST192.168.2.81.1.1.10x9c88Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.567361116 CEST192.168.2.81.1.1.10xeb21Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.575541019 CEST192.168.2.81.1.1.10xf106Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.583226919 CEST192.168.2.81.1.1.10x13f9Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.934154034 CEST192.168.2.81.1.1.10xd775Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:59:31.024126053 CEST192.168.2.81.1.1.10xc093Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:59:31.032686949 CEST192.168.2.81.1.1.10x659dStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                              Sep 6, 2024 09:59:31.698312044 CEST192.168.2.81.1.1.10x608bStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Sep 6, 2024 09:58:26.390194893 CEST1.1.1.1192.168.2.80x6391No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:26.390194893 CEST1.1.1.1192.168.2.80x6391No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:26.390896082 CEST1.1.1.1192.168.2.80x72d6No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:28.314028025 CEST1.1.1.1192.168.2.80x76c5No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:28.314043045 CEST1.1.1.1192.168.2.80x6b8cNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:29.838861942 CEST1.1.1.1192.168.2.80xc9bNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:29.838861942 CEST1.1.1.1192.168.2.80xc9bNo error (0)googlehosted.l.googleusercontent.com216.58.206.33A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:29.840066910 CEST1.1.1.1192.168.2.80x1313No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:30.929229021 CEST1.1.1.1192.168.2.80x8b4eNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:30.929229021 CEST1.1.1.1192.168.2.80x8b4eNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:30.929239035 CEST1.1.1.1192.168.2.80x32fbNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 6, 2024 09:58:30.929320097 CEST1.1.1.1192.168.2.80x655bNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:30.929320097 CEST1.1.1.1192.168.2.80x655bNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:30.929575920 CEST1.1.1.1192.168.2.80xbd3No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 6, 2024 09:58:31.184253931 CEST1.1.1.1192.168.2.80xeddeNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:31.184253931 CEST1.1.1.1192.168.2.80xeddeNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:31.185060024 CEST1.1.1.1192.168.2.80x8c9aNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 6, 2024 09:58:31.317361116 CEST1.1.1.1192.168.2.80x7fe4No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:31.317361116 CEST1.1.1.1192.168.2.80x7fe4No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:31.317503929 CEST1.1.1.1192.168.2.80xbacdNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.054807901 CEST1.1.1.1192.168.2.80x3a0cNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.059760094 CEST1.1.1.1192.168.2.80x3a0cNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.223465919 CEST1.1.1.1192.168.2.80x9383No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.223465919 CEST1.1.1.1192.168.2.80x9383No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.223638058 CEST1.1.1.1192.168.2.80x6319No error (0)wildcard.sf.tlu.dl.delivery.mp.microsoft.com.cdn.dnsv1.commicrosoft-sf.ovslegodl.sched.ovscdns.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.225450039 CEST1.1.1.1192.168.2.80x3195No error (0)shed.dual-low.s-part-0029.t-0009.t-msedge.nets-part-0029.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.225450039 CEST1.1.1.1192.168.2.80x3195No error (0)s-part-0029.t-0009.t-msedge.net13.107.246.57A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.473340988 CEST1.1.1.1192.168.2.80xeef4No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.961158037 CEST1.1.1.1192.168.2.80x8f2No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.961158037 CEST1.1.1.1192.168.2.80x8f2No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.970067978 CEST1.1.1.1192.168.2.80x41daNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:33.977505922 CEST1.1.1.1192.168.2.80xff0bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Sep 6, 2024 09:58:34.233923912 CEST1.1.1.1192.168.2.80xd6ebNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:34.233923912 CEST1.1.1.1192.168.2.80xd6ebNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:34.262660980 CEST1.1.1.1192.168.2.80x75c1No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:34.509197950 CEST1.1.1.1192.168.2.80x293fNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:34.523562908 CEST1.1.1.1192.168.2.80x7d21No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:34.523562908 CEST1.1.1.1192.168.2.80x7d21No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:34.527872086 CEST1.1.1.1192.168.2.80xa42No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:34.527872086 CEST1.1.1.1192.168.2.80xa42No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:36.258331060 CEST1.1.1.1192.168.2.80x334fNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:36.258331060 CEST1.1.1.1192.168.2.80x334fNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:37.786763906 CEST1.1.1.1192.168.2.80x334fNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:37.786763906 CEST1.1.1.1192.168.2.80x334fNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:38.277345896 CEST1.1.1.1192.168.2.80x334fNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:38.277345896 CEST1.1.1.1192.168.2.80x334fNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:40.289853096 CEST1.1.1.1192.168.2.80x334fNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:40.289853096 CEST1.1.1.1192.168.2.80x334fNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:44.302092075 CEST1.1.1.1192.168.2.80x334fNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:44.302092075 CEST1.1.1.1192.168.2.80x334fNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.447030067 CEST1.1.1.1192.168.2.80x6617No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.447030067 CEST1.1.1.1192.168.2.80x6617No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.456113100 CEST1.1.1.1192.168.2.80x4ef7No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.469657898 CEST1.1.1.1192.168.2.80xeb62No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.469657898 CEST1.1.1.1192.168.2.80xeb62No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.478043079 CEST1.1.1.1192.168.2.80x7111No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.574599981 CEST1.1.1.1192.168.2.80xeb21No error (0)services.addons.mozilla.org18.65.39.31A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.574599981 CEST1.1.1.1192.168.2.80xeb21No error (0)services.addons.mozilla.org18.65.39.85A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.574599981 CEST1.1.1.1192.168.2.80xeb21No error (0)services.addons.mozilla.org18.65.39.112A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.574599981 CEST1.1.1.1192.168.2.80xeb21No error (0)services.addons.mozilla.org18.65.39.4A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.582771063 CEST1.1.1.1192.168.2.80xf106No error (0)services.addons.mozilla.org18.65.39.85A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.582771063 CEST1.1.1.1192.168.2.80xf106No error (0)services.addons.mozilla.org18.65.39.4A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.582771063 CEST1.1.1.1192.168.2.80xf106No error (0)services.addons.mozilla.org18.65.39.31A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.582771063 CEST1.1.1.1192.168.2.80xf106No error (0)services.addons.mozilla.org18.65.39.112A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.940926075 CEST1.1.1.1192.168.2.80xd775No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:58:59.940926075 CEST1.1.1.1192.168.2.80xd775No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:59:00.303210974 CEST1.1.1.1192.168.2.80x6f70No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:59:00.303210974 CEST1.1.1.1192.168.2.80x6f70No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:59:00.781466961 CEST1.1.1.1192.168.2.80x6f37No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:59:00.781466961 CEST1.1.1.1192.168.2.80x6f37No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:59:30.906263113 CEST1.1.1.1192.168.2.80x350aNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:59:31.031033039 CEST1.1.1.1192.168.2.80xc093No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                              Sep 6, 2024 09:59:31.705295086 CEST1.1.1.1192.168.2.80x608bNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 6, 2024 09:59:31.705295086 CEST1.1.1.1192.168.2.80x608bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              • api.edgeoffer.microsoft.com
                                                              • clients2.googleusercontent.com
                                                              • chrome.cloudflare-dns.com
                                                              • edgeassetservice.azureedge.net
                                                              • fs.microsoft.com
                                                              • https:
                                                                • accounts.youtube.com
                                                                • www.google.com
                                                              • slscr.update.microsoft.com
                                                              • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                              • detectportal.firefox.com
                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.84975434.107.221.82806832C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 6, 2024 09:58:33.967140913 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 6, 2024 09:58:34.411807060 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Thu, 05 Sep 2024 10:01:34 GMT
                                                              Age: 79020
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 6, 2024 09:58:44.426214933 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 6, 2024 09:58:54.449855089 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.84975634.107.221.82806832C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 6, 2024 09:58:34.569170952 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 6, 2024 09:58:35.013479948 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                              Content-Type: text/plain
                                                              Age: 29599
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 6, 2024 09:58:45.027631998 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 6, 2024 09:58:55.051590919 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.84978634.107.221.82806832C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 6, 2024 09:58:59.946633101 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 6, 2024 09:59:00.397656918 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Thu, 05 Sep 2024 10:01:34 GMT
                                                              Age: 79046
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 6, 2024 09:59:00.421047926 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 6, 2024 09:59:00.516268969 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Thu, 05 Sep 2024 10:01:34 GMT
                                                              Age: 79046
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 6, 2024 09:59:00.771954060 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 6, 2024 09:59:00.867539883 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Thu, 05 Sep 2024 10:01:34 GMT
                                                              Age: 79046
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 6, 2024 09:59:10.871162891 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 6, 2024 09:59:20.888786077 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 6, 2024 09:59:30.900424004 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 6, 2024 09:59:31.698174953 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 6, 2024 09:59:31.793795109 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Thu, 05 Sep 2024 10:01:34 GMT
                                                              Age: 79077
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 6, 2024 09:59:32.456422091 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 6, 2024 09:59:32.551930904 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Thu, 05 Sep 2024 10:01:34 GMT
                                                              Age: 79078
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 6, 2024 09:59:42.556631088 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 6, 2024 09:59:52.563859940 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 6, 2024 10:00:02.576515913 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 6, 2024 10:00:12.581672907 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 6, 2024 10:00:22.588207006 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.84979034.107.221.82806832C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 6, 2024 09:59:00.420217037 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.84979134.107.221.82806832C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 6, 2024 09:59:00.525234938 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              5192.168.2.84979334.107.221.82806832C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 6, 2024 09:59:00.876976967 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 6, 2024 09:59:01.336219072 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                              Content-Type: text/plain
                                                              Age: 29626
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 6, 2024 09:59:11.345453978 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 6, 2024 09:59:21.358987093 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 6, 2024 09:59:31.370120049 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 6, 2024 09:59:32.456109047 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 6, 2024 09:59:32.550693989 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                              Content-Type: text/plain
                                                              Age: 29657
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 6, 2024 09:59:32.947365046 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 6, 2024 09:59:33.044213057 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                              Content-Type: text/plain
                                                              Age: 29657
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 6, 2024 09:59:43.054485083 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 6, 2024 09:59:53.065325022 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 6, 2024 10:00:03.074661016 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 6, 2024 10:00:13.089909077 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 6, 2024 10:00:23.104576111 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.84970794.245.104.564434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:28 UTC428OUTGET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1
                                                              Host: api.edgeoffer.microsoft.com
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:28 UTC584INHTTP/1.1 200 OK
                                                              Content-Length: 0
                                                              Connection: close
                                                              Content-Type: application/x-protobuf; charset=utf-8
                                                              Date: Fri, 06 Sep 2024 07:58:28 GMT
                                                              Server: Microsoft-IIS/10.0
                                                              Set-Cookie: ARRAffinity=f2b01b5aff47b6a2e38f49356d115a0807f0755dfea9b74b73454039d08ab076;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com
                                                              Set-Cookie: ARRAffinitySameSite=f2b01b5aff47b6a2e38f49356d115a0807f0755dfea9b74b73454039d08ab076;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com
                                                              Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9
                                                              X-Powered-By: ASP.NET


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.849724216.58.206.334434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:30 UTC594OUTGET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                              Host: clients2.googleusercontent.com
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:30 UTC566INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Content-Length: 135751
                                                              X-GUploader-UploadID: AD-8ljt_O5XMJoPXlP6Q8KGWegLxpoAv8Lc1GNJdQ3ftIxlOhGAnKSjCUCnfhK-XxvEt00jIhvM
                                                              X-Goog-Hash: crc32c=IDdmTg==
                                                              Server: UploadServer
                                                              Date: Thu, 05 Sep 2024 19:26:09 GMT
                                                              Expires: Fri, 05 Sep 2025 19:26:09 GMT
                                                              Cache-Control: public, max-age=31536000
                                                              Age: 45141
                                                              Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                              ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                              Content-Type: application/x-chrome-extension
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close
                                                              2024-09-06 07:58:30 UTC824INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                              Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                              2024-09-06 07:58:30 UTC1390INData Raw: cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87
                                                              Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>J:9
                                                              2024-09-06 07:58:30 UTC1390INData Raw: fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35
                                                              Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewWe5
                                                              2024-09-06 07:58:30 UTC1390INData Raw: a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c
                                                              Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](|
                                                              2024-09-06 07:58:30 UTC1390INData Raw: f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe
                                                              Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
                                                              2024-09-06 07:58:30 UTC1390INData Raw: ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99
                                                              Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,p
                                                              2024-09-06 07:58:30 UTC1390INData Raw: 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50
                                                              Data Ascii: 4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$MmDhP
                                                              2024-09-06 07:58:30 UTC1390INData Raw: 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0
                                                              Data Ascii: nh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u,2
                                                              2024-09-06 07:58:30 UTC1390INData Raw: 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23
                                                              Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
                                                              2024-09-06 07:58:30 UTC1390INData Raw: 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f
                                                              Data Ascii: ^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.849731172.64.41.34434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:31 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-09-06 07:58:31 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-09-06 07:58:31 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Fri, 06 Sep 2024 07:58:31 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8becea16aa688c4b-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-09-06 07:58:31 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f5 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.849730162.159.61.34434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:31 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-09-06 07:58:31 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-09-06 07:58:31 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Fri, 06 Sep 2024 07:58:31 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8becea16ca9643ac-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-09-06 07:58:31 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 95 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom c)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.849732172.64.41.34434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:31 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-09-06 07:58:31 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-09-06 07:58:32 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Fri, 06 Sep 2024 07:58:31 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8becea18a9c54259-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-09-06 07:58:32 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 11 00 04 8e fb 28 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom()


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              5192.168.2.849745184.28.90.27443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:33 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              Accept-Encoding: identity
                                                              User-Agent: Microsoft BITS/7.8
                                                              Host: fs.microsoft.com
                                                              2024-09-06 07:58:33 UTC466INHTTP/1.1 200 OK
                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                              Content-Type: application/octet-stream
                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                              Server: ECAcc (lpl/EF67)
                                                              X-CID: 11
                                                              X-Ms-ApiVersion: Distribute 1.2
                                                              X-Ms-Region: prod-weu-z1
                                                              Cache-Control: public, max-age=31627
                                                              Date: Fri, 06 Sep 2024 07:58:33 GMT
                                                              Connection: close
                                                              X-CID: 2


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              6192.168.2.84975213.107.246.574434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:33 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Edge-Asset-Group: EntityExtractionDomainsConfig
                                                              Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                              Sec-Mesh-Client-Edge-Channel: stable
                                                              Sec-Mesh-Client-OS: Windows
                                                              Sec-Mesh-Client-OS-Version: 10.0.19045
                                                              Sec-Mesh-Client-Arch: x86_64
                                                              Sec-Mesh-Client-WebView: 0
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:33 UTC583INHTTP/1.1 200 OK
                                                              Date: Fri, 06 Sep 2024 07:58:33 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 70207
                                                              Connection: close
                                                              Content-Encoding: gzip
                                                              Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                                              ETag: 0x8DCB31E67C22927
                                                              x-ms-request-id: ed2d6e16-301e-006f-0748-ffc0d3000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240906T075833Z-16579567576ztstdfgdnkw0mpw0000000dtg000000005mwn
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-06 07:58:33 UTC15801INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                              Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                              2024-09-06 07:58:34 UTC16384INData Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31
                                                              Data Ascii: JEq*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
                                                              2024-09-06 07:58:34 UTC16384INData Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63
                                                              Data Ascii: /M5?Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|c
                                                              2024-09-06 07:58:34 UTC16384INData Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81
                                                              Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
                                                              2024-09-06 07:58:34 UTC5254INData Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83
                                                              Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              7192.168.2.84975113.107.246.574434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:33 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Edge-Asset-Group: Shoreline
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:34 UTC577INHTTP/1.1 200 OK
                                                              Date: Fri, 06 Sep 2024 07:58:33 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 306698
                                                              Connection: close
                                                              Content-Encoding: gzip
                                                              Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                              ETag: 0x8DBC9B5C40EBFF4
                                                              x-ms-request-id: a05cbbc2-a01e-0025-3785-fef0b4000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240906T075833Z-16579567576h266g9d6dee9ff80000000dr000000000asd7
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache-Info: L1_T2
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-06 07:58:34 UTC15807INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                              Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                              2024-09-06 07:58:34 UTC16384INData Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c
                                                              Data Ascii: u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp
                                                              2024-09-06 07:58:34 UTC16384INData Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d
                                                              Data Ascii: ,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-
                                                              2024-09-06 07:58:34 UTC16384INData Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80
                                                              Data Ascii: *B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqP
                                                              2024-09-06 07:58:34 UTC16384INData Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e
                                                              Data Ascii: kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.V
                                                              2024-09-06 07:58:34 UTC16384INData Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7
                                                              Data Ascii: {M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
                                                              2024-09-06 07:58:34 UTC16384INData Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1
                                                              Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
                                                              2024-09-06 07:58:34 UTC16384INData Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03
                                                              Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                                                              2024-09-06 07:58:34 UTC16384INData Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40
                                                              Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@
                                                              2024-09-06 07:58:34 UTC16384INData Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6
                                                              Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              8192.168.2.849755184.28.90.27443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:34 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              Accept-Encoding: identity
                                                              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                              Range: bytes=0-2147483646
                                                              User-Agent: Microsoft BITS/7.8
                                                              Host: fs.microsoft.com
                                                              2024-09-06 07:58:35 UTC514INHTTP/1.1 200 OK
                                                              ApiVersion: Distribute 1.1
                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                              Content-Type: application/octet-stream
                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                              Server: ECAcc (lpl/EF06)
                                                              X-CID: 11
                                                              X-Ms-ApiVersion: Distribute 1.2
                                                              X-Ms-Region: prod-weu-z1
                                                              Cache-Control: public, max-age=31680
                                                              Date: Fri, 06 Sep 2024 07:58:34 GMT
                                                              Content-Length: 55
                                                              Connection: close
                                                              X-CID: 2
                                                              2024-09-06 07:58:35 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              9192.168.2.84975713.107.246.404434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:35 UTC438OUTGET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:35 UTC543INHTTP/1.1 200 OK
                                                              Date: Fri, 06 Sep 2024 07:58:35 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1579
                                                              Connection: close
                                                              Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT
                                                              ETag: 0x8DBDCB5DE99522A
                                                              x-ms-request-id: b82236bc-001e-000a-3bd3-ff718e000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240906T075835Z-16579567576cn8jdyhfng4vp3800000001bg000000009f7a
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-06 07:58:35 UTC1579INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              10192.168.2.84975813.107.246.404434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:35 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:35 UTC536INHTTP/1.1 200 OK
                                                              Date: Fri, 06 Sep 2024 07:58:35 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1966
                                                              Connection: close
                                                              Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                                              ETag: 0x8DBDCB5EC122A94
                                                              x-ms-request-id: 25350ece-301e-002b-08d4-fa1cbf000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240906T075835Z-16579567576c4hpgz3uh2pbn5g0000000dq0000000000dcr
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache-Info: L1_T2
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-06 07:58:35 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              11192.168.2.84976113.107.246.404434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:35 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:35 UTC515INHTTP/1.1 200 OK
                                                              Date: Fri, 06 Sep 2024 07:58:35 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1751
                                                              Connection: close
                                                              Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                                              ETag: 0x8DBCEA8D5AACC85
                                                              x-ms-request-id: 1e6d2d82-a01e-0061-7c30-fe2cd8000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240906T075835Z-16579567576c4hpgz3uh2pbn5g0000000dpg000000001kgh
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-06 07:58:35 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              12192.168.2.84976013.107.246.404434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:35 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:35 UTC515INHTTP/1.1 200 OK
                                                              Date: Fri, 06 Sep 2024 07:58:35 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1427
                                                              Connection: close
                                                              Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                                              ETag: 0x8DBDCB5EF021F8E
                                                              x-ms-request-id: 493a985f-801e-0076-6330-feecbb000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240906T075835Z-16579567576l8zffr7mt4xy2un0000000d80000000008nav
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-06 07:58:35 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              13192.168.2.84975913.107.246.404434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:35 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:35 UTC543INHTTP/1.1 200 OK
                                                              Date: Fri, 06 Sep 2024 07:58:35 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 2008
                                                              Connection: close
                                                              Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                                              ETag: 0x8DBC9B5C0C17219
                                                              x-ms-request-id: 99f39b71-d01e-004c-0354-ffaf18000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240906T075835Z-16579567576pgh4h94c7qn0kuc0000000dn00000000050he
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-06 07:58:35 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              14192.168.2.84976213.107.246.404434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:35 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:35 UTC536INHTTP/1.1 200 OK
                                                              Date: Fri, 06 Sep 2024 07:58:35 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 2229
                                                              Connection: close
                                                              Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                                              ETag: 0x8DBD59359A9E77B
                                                              x-ms-request-id: 453f1ddb-801e-005f-6ffe-fa9af9000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240906T075835Z-16579567576gnfmq2acf56mm700000000dk00000000027p7
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache-Info: L1_T2
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-06 07:58:35 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              15192.168.2.849763142.250.80.784434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:35 UTC1079OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=690438195&timestamp=1725609513689 HTTP/1.1
                                                              Host: accounts.youtube.com
                                                              Connection: keep-alive
                                                              sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                              sec-ch-ua-mobile: ?0
                                                              sec-ch-ua-full-version: "117.0.5938.132"
                                                              sec-ch-ua-arch: "x86"
                                                              sec-ch-ua-platform: "Windows"
                                                              sec-ch-ua-platform-version: "10.0.0"
                                                              sec-ch-ua-model: ""
                                                              sec-ch-ua-bitness: "64"
                                                              sec-ch-ua-wow64: ?0
                                                              sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                                              Upgrade-Insecure-Requests: 1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                              Sec-Fetch-Site: cross-site
                                                              Sec-Fetch-Mode: navigate
                                                              Sec-Fetch-Dest: iframe
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:35 UTC1971INHTTP/1.1 200 OK
                                                              Content-Type: text/html; charset=utf-8
                                                              X-Frame-Options: ALLOW-FROM https://accounts.google.com
                                                              Content-Security-Policy: frame-ancestors https://accounts.google.com
                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-P0Ugar8gmi91aGaKz4JmNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 06 Sep 2024 07:58:35 GMT
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Cross-Origin-Resource-Policy: cross-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmII1pBikPj6kkkDiJ3SZ7AGAXHSv_OsRUC8JOIi66HEi6yXuy-xXgdi1Z5LrKZALMTDsfrNq21sAjOuzJ_FrKSXlF8Yn5mSmleSWVKZkp-bmJmXnJ-fnZlaXJxaVJZaFG9kYGRiYGlgqGdgEV9gAAAoxi6L"
                                                              Server: ESF
                                                              X-XSS-Protection: 0
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Accept-Ranges: none
                                                              Vary: Accept-Encoding
                                                              Connection: close
                                                              Transfer-Encoding: chunked
                                                              2024-09-06 07:58:35 UTC1971INData Raw: 37 36 31 32 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 50 30 55 67 61 72 38 67 6d 69 39 31 61 47 61 4b 7a 34 4a 6d 4e 67 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                                                              Data Ascii: 7612<html><head><script nonce="P0Ugar8gmi91aGaKz4JmNg">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                                                              2024-09-06 07:58:35 UTC1971INData Raw: 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28 28 2e
                                                              Data Ascii: ident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\((.
                                                              2024-09-06 07:58:35 UTC1971INData Raw: 6f 6e 28 61 2c 62 2c 63 29 7b 61 3d 3d 6e 75 6c 6c 26 26 28 61 3d 79 61 29 3b 79 61 3d 76 6f 69 64 20 30 3b 69 66 28 61 3d 3d 6e 75 6c 6c 29 7b 76 61 72 20 64 3d 39 36 3b 63 3f 28 61 3d 5b 63 5d 2c 64 7c 3d 35 31 32 29 3a 61 3d 5b 5d 3b 62 26 26 28 64 3d 64 26 2d 31 36 37 36 30 38 33 33 7c 0a 28 62 26 31 30 32 33 29 3c 3c 31 34 29 7d 65 6c 73 65 7b 69 66 28 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6e 22 29 3b 64 3d 7a 28 61 29 3b 69 66 28 64 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6f 22 29 3b 69 66 28 64 26 36 34 29 72 65 74 75 72 6e 20 61 3b 64 7c 3d 36 34 3b 69 66 28 63 26 26 28 64 7c 3d 35 31 32 2c 63 21 3d 3d 61 5b 30 5d 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 22 29 3b 61 3a
                                                              Data Ascii: on(a,b,c){a==null&&(a=ya);ya=void 0;if(a==null){var d=96;c?(a=[c],d|=512):a=[];b&&(d=d&-16760833|(b&1023)<<14)}else{if(!Array.isArray(a))throw Error("n");d=z(a);if(d&2048)throw Error("o");if(d&64)return a;d|=64;if(c&&(d|=512,c!==a[0]))throw Error("p");a:
                                                              2024-09-06 07:58:35 UTC1971INData Raw: 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 43 3f 61 2e 4a 3a 4b 61 28 61 2e 4a 2c 4e 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 76 61 72 20 62 3d 21 43 2c 63 3d 61 2e 6c 65 6e 67 74 68 3b 69 66 28 63 29 7b 76 61 72 20 64 3d 61 5b 63 2d 31 5d 2c 65 3d 77 61 28 64 29 3b 65 3f 63 2d 2d 3a 64 3d 76 6f 69 64 20 30 3b 76 61 72 20 66 3d 61 3b 69 66 28 65 29 7b 62 3a 7b 76 61 72 20 68 3d 64 3b 76 61 72 20 67 3d 7b 7d 3b 65 3d 21 31 3b 69 66 28 68 29 66 6f 72 28 76 61 72 20 6b 20 69 6e 20 68 29 69 66 28 69 73 4e 61 4e 28 2b 6b 29 29 67 5b 6b 5d 3d 0a 68 5b 6b 5d 3b 65 6c 73 65 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6c 29 26 26 28 41 28 6c 29 7c 7c 76 61 28 6c 29 26 26 6c 2e 73 69 7a 65 3d 3d 3d 30 29 26 26 28 6c 3d
                                                              Data Ascii: nction(a){a=C?a.J:Ka(a.J,Na,void 0,void 0,!1);var b=!C,c=a.length;if(c){var d=a[c-1],e=wa(d);e?c--:d=void 0;var f=a;if(e){b:{var h=d;var g={};e=!1;if(h)for(var k in h)if(isNaN(+k))g[k]=h[k];else{var l=h[k];Array.isArray(l)&&(A(l)||va(l)&&l.size===0)&&(l=
                                                              2024-09-06 07:58:35 UTC1971INData Raw: 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 44 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 54 61 28 51 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 0a 76 61 72 20 54 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 2c 46 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d
                                                              Data Ascii: eof d==="function"&&typeof d.prototype[a]!="function"&&D(d.prototype,a,{configurable:!0,writable:!0,value:function(){return Ta(Qa(this))}})}return a});var Ta=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a},F=function(a){var b=
                                                              2024-09-06 07:58:35 UTC1971INData Raw: 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 47 28 6b 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6a 60 22 2b 6b 29 3b 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3d 6c 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 47 28 6b 2c 66 29 3f 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3a 76 6f 69 64 20 30 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 47 28 6b 2c 66 29 26 26 47 28 6b 5b 66 5d 2c 74 68 69 73 2e 67 29 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 0a 47 28 6b 2c 66 29
                                                              Data Ascii: ("i");d(k);if(!G(k,f))throw Error("j`"+k);k[f][this.g]=l;return this};g.prototype.get=function(k){return c(k)&&G(k,f)?k[f][this.g]:void 0};g.prototype.has=function(k){return c(k)&&G(k,f)&&G(k[f],this.g)};g.prototype.delete=function(k){return c(k)&&G(k,f)
                                                              2024-09-06 07:58:35 UTC1971INData Raw: 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 3f 6c 3d 62 2e 67 65 74 28 6b 29 3a 28 6c 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6b 2c 6c 29 29 3a 6c 3d 22 70 5f 22 2b 6b 3b 76 61 72 20 6d 3d 67 5b 30 5d 5b 6c 5d 3b 69 66 28 6d 26 26 47 28 67 5b 30 5d 2c 6c 29 29 66 6f 72 28 67 3d 30 3b 67 3c 6d 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 7b 76 61 72 20 71 3d 6d 5b 67 5d 3b 69 66 28 6b 21 3d 3d 6b 26 26 71 2e 6b 65 79 21 3d 3d 71 2e 6b 65 79 7c 7c 6b 3d 3d 3d 71 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 67 2c 6c 3a 71 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 2d 31 2c 6c 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20
                                                              Data Ascii: ="function"?b.has(k)?l=b.get(k):(l=""+ ++h,b.set(k,l)):l="p_"+k;var m=g[0][l];if(m&&G(g[0],l))for(g=0;g<m.length;g++){var q=m[g];if(k!==k&&q.key!==q.key||k===q.key)return{id:l,list:m,index:g,l:q}}return{id:l,list:m,index:-1,l:void 0}},e=function(g,k){var
                                                              2024-09-06 07:58:35 UTC1971INData Raw: 7b 69 66 28 21 61 29 74 68 72 6f 77 20 45 72 72 6f 72 28 29 3b 69 66 28 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 32 29 7b 76 61 72 20 64 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 32 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 3b 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 75 6e 73 68 69 66 74 2e 61 70 70 6c 79 28 65 2c 64 29 3b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 62 2c 65 29 7d 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 62 2c 0a 61 72 67 75 6d 65 6e 74 73 29 7d
                                                              Data Ascii: {if(!a)throw Error();if(arguments.length>2){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}
                                                              2024-09-06 07:58:36 UTC1971INData Raw: 6c 69 6e 65 7c 7c 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 7d 63 61 74 63 68 28 66 29 7b 64 3d 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 2c 63 3d 21 30 7d 74 72 79 7b 76 61 72 20 65 3d 61 2e 66 69 6c 65 4e 61 6d 65 7c 7c 0a 61 2e 66 69 6c 65 6e 61 6d 65 7c 7c 61 2e 73 6f 75 72 63 65 55 52 4c 7c 7c 72 2e 24 67 6f 6f 67 44 65 62 75 67 46 6e 61 6d 65 7c 7c 62 7d 63 61 74 63 68 28 66 29 7b 65 3d 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 2c 63 3d 21 30 7d 62 3d 6e 62 28 61 29 3b 72 65 74 75 72 6e 21 63 26 26 61 2e 6c 69 6e 65 4e 75 6d 62 65 72 26 26 61 2e 66 69 6c 65 4e 61 6d 65 26 26 61 2e 73 74 61 63 6b 26 26 61 2e 6d 65 73 73 61 67 65 26 26 61 2e 6e 61 6d 65 3f 7b 6d 65 73 73 61 67 65 3a 61 2e 6d 65 73 73 61 67 65 2c 6e 61 6d 65 3a 61 2e 6e 61 6d
                                                              Data Ascii: line||"Not available"}catch(f){d="Not available",c=!0}try{var e=a.fileName||a.filename||a.sourceURL||r.$googDebugFname||b}catch(f){e="Not available",c=!0}b=nb(a);return!c&&a.lineNumber&&a.fileName&&a.stack&&a.message&&a.name?{message:a.message,name:a.nam
                                                              2024-09-06 07:58:36 UTC1971INData Raw: 72 20 74 62 3d 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5b 5e 3a 2f 3f 23 2e 5d 2b 29 3a 29 3f 28 3f 3a 2f 2f 28 3f 3a 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 29 40 29 3f 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 3f 29 28 3f 3a 3a 28 5b 30 2d 39 5d 2b 29 29 3f 28 3f 3d 5b 5c 5c 5c 5c 2f 3f 23 5d 7c 24 29 29 3f 28 5b 5e 3f 23 5d 2b 29 3f 28 3f 3a 5c 5c 3f 28 5b 5e 23 5d 2a 29 29 3f 28 3f 3a 23 28 5b 5c 5c 73 5c 5c 53 5d 2a 29 29 3f 24 22 29 2c 75 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 21 62 29 72 65 74 75 72 6e 20 61 3b 76 61 72 20 63 3d 61 2e 69 6e 64 65 78 4f 66 28 22 23 22 29 3b 63 3c 30 26 26 28 63 3d 61 2e 6c 65 6e 67 74 68 29 3b 76 61 72 20 64 3d 61 2e 69 6e 64 65 78 4f 66 28 22 3f 22 29 3b 69 66 28 64 3c 30 7c 7c 64 3e 63 29 7b 64 3d 63 3b 76
                                                              Data Ascii: r tb=RegExp("^(?:([^:/?#.]+):)?(?://(?:([^\\\\/?#]*)@)?([^\\\\/?#]*?)(?::([0-9]+))?(?=[\\\\/?#]|$))?([^?#]+)?(?:\\?([^#]*))?(?:#([\\s\\S]*))?$"),ub=function(a,b){if(!b)return a;var c=a.indexOf("#");c<0&&(c=a.length);var d=a.indexOf("?");if(d<0||d>c){d=c;v


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              16192.168.2.84976413.107.246.404434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:36 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:36 UTC543INHTTP/1.1 200 OK
                                                              Date: Fri, 06 Sep 2024 07:58:36 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1154
                                                              Connection: close
                                                              Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                                              ETag: 0x8DBD5935D5B3965
                                                              x-ms-request-id: d980f417-701e-004a-5a07-ff5860000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240906T075836Z-16579567576qxwrndb60my3nes0000000dgg00000000bpa8
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-06 07:58:36 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              17192.168.2.849766142.250.81.2384434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:36 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                              Host: play.google.com
                                                              Connection: keep-alive
                                                              Accept: */*
                                                              Access-Control-Request-Method: POST
                                                              Access-Control-Request-Headers: x-goog-authuser
                                                              Origin: https://accounts.google.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                              Sec-Fetch-Mode: cors
                                                              Sec-Fetch-Site: same-site
                                                              Sec-Fetch-Dest: empty
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:36 UTC520INHTTP/1.1 200 OK
                                                              Access-Control-Allow-Origin: https://accounts.google.com
                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                              Access-Control-Max-Age: 86400
                                                              Access-Control-Allow-Credentials: true
                                                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                              Content-Type: text/plain; charset=UTF-8
                                                              Date: Fri, 06 Sep 2024 07:58:36 GMT
                                                              Server: Playlog
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              18192.168.2.84976513.107.246.404434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:36 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:36 UTC522INHTTP/1.1 200 OK
                                                              Date: Fri, 06 Sep 2024 07:58:36 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1468
                                                              Connection: close
                                                              Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                                              ETag: 0x8DBDCB5E23DFC43
                                                              x-ms-request-id: f8a0931b-601e-0038-3afc-fe295e000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240906T075836Z-165795675762h26c6ze2t4q7600000000dsg000000002fcn
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-06 07:58:36 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              19192.168.2.849767142.250.81.2384434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:36 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                              Host: play.google.com
                                                              Connection: keep-alive
                                                              Accept: */*
                                                              Access-Control-Request-Method: POST
                                                              Access-Control-Request-Headers: x-goog-authuser
                                                              Origin: https://accounts.google.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                              Sec-Fetch-Mode: cors
                                                              Sec-Fetch-Site: same-site
                                                              Sec-Fetch-Dest: empty
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:36 UTC520INHTTP/1.1 200 OK
                                                              Access-Control-Allow-Origin: https://accounts.google.com
                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                              Access-Control-Max-Age: 86400
                                                              Access-Control-Allow-Credentials: true
                                                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                              Content-Type: text/plain; charset=UTF-8
                                                              Date: Fri, 06 Sep 2024 07:58:36 GMT
                                                              Server: Playlog
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              20192.168.2.849768142.250.80.684434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:36 UTC881OUTGET /favicon.ico HTTP/1.1
                                                              Host: www.google.com
                                                              Connection: keep-alive
                                                              sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                              sec-ch-ua-mobile: ?0
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                              sec-ch-ua-arch: "x86"
                                                              sec-ch-ua-full-version: "117.0.5938.132"
                                                              sec-ch-ua-platform-version: "10.0.0"
                                                              sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                                              sec-ch-ua-bitness: "64"
                                                              sec-ch-ua-model: ""
                                                              sec-ch-ua-wow64: ?0
                                                              sec-ch-ua-platform: "Windows"
                                                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                              Sec-Fetch-Site: same-site
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: image
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:37 UTC705INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Cross-Origin-Resource-Policy: cross-origin
                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                              Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                              Content-Length: 5430
                                                              X-Content-Type-Options: nosniff
                                                              Server: sffe
                                                              X-XSS-Protection: 0
                                                              Date: Fri, 06 Sep 2024 07:34:55 GMT
                                                              Expires: Sat, 14 Sep 2024 07:34:55 GMT
                                                              Cache-Control: public, max-age=691200
                                                              Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                              Content-Type: image/x-icon
                                                              Vary: Accept-Encoding
                                                              Age: 1422
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close
                                                              2024-09-06 07:58:37 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                              Data Ascii: h& ( 0.v]X:X:rY
                                                              2024-09-06 07:58:37 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                                                              Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                              2024-09-06 07:58:37 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                                                              Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                              2024-09-06 07:58:37 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                              Data Ascii: BBBBBBF!4I
                                                              2024-09-06 07:58:37 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                              Data Ascii: $'


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              21192.168.2.84977413.107.246.404434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:39 UTC478OUTGET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Edge-Asset-Group: ProductCategories
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:39 UTC559INHTTP/1.1 200 OK
                                                              Date: Fri, 06 Sep 2024 07:58:39 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 82989
                                                              Connection: close
                                                              Last-Modified: Thu, 25 May 2023 20:28:02 GMT
                                                              ETag: 0x8DB5D5E89CE25EB
                                                              x-ms-request-id: f9285315-801e-0010-24d3-ff5ee1000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240906T075839Z-16579567576phhfj0h0z9mnmag0000000dgg000000004c2m
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-06 07:58:39 UTC15825INData Raw: 0a 22 08 f2 33 12 1d 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0d 42 65 6c 74 73 20 26 20 48 6f 73 65 73 0a 23 08 d7 2b 12 1e 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 09 41 69 72 20 50 75 6d 70 73 0a 21 08 b8 22 12 1c 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0c 42 6f 64 79 20 53 74 79 6c 69 6e 67 0a 34 08 c3 35 12 2f 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 13 53 70 69 63 65 73 20 26 20 53 65 61 73 6f 6e 69 6e 67 73 0a 27 08 a4 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 47 65 61 72 0a 21 08 f5 36 12 1c 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 0b 48 79 64 72 6f 70 6f 6e 69 63 73 0a 39 08 61 12 35 0a 11 42 6f 6f 6b 73 20 26 20 4d
                                                              Data Ascii: "3Car & GarageBelts & Hoses#+Sports & OutdoorsAir Pumps!"Car & GarageBody Styling45/Gourmet Food & ChocolateSpices & Seasonings',"Sports & OutdoorsSleeping Gear!6Lawn & GardenHydroponics9a5Books & M
                                                              2024-09-06 07:58:39 UTC16384INData Raw: 69 64 65 6f 20 47 61 6d 65 73 12 1b 4e 69 6e 74 65 6e 64 6f 20 53 79 73 74 65 6d 20 41 63 63 65 73 73 6f 72 69 65 73 0a 20 08 a2 26 12 1b 0a 10 54 6f 6f 6c 73 20 26 20 48 61 72 64 77 61 72 65 12 07 54 6f 69 6c 65 74 73 0a 2c 08 f3 28 12 27 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73 12 0f 45 6c 65 63 74 72 69 63 20 4d 69 78 65 72 73 0a 21 08 c0 32 12 1c 0a 04 54 6f 79 73 12 14 53 61 6e 64 62 6f 78 20 26 20 42 65 61 63 68 20 54 6f 79 73 0a 35 08 a5 25 12 30 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 14 53 65 61 66 6f 6f 64 20 43 6f 6d 62 69 6e 61 74 69 6f 6e 73 0a 24 08 d7 27 12 1f 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 0b 43 61 6b 65 20 53 74 61 6e 64 73 0a 2e 08 a4 28 12 29 0a
                                                              Data Ascii: ideo GamesNintendo System Accessories &Tools & HardwareToilets,('Kitchen & HousewaresElectric Mixers!2ToysSandbox & Beach Toys5%0Gourmet Food & ChocolateSeafood Combinations$'Home FurnishingsCake Stands.()
                                                              2024-09-06 07:58:39 UTC16384INData Raw: 26 20 47 61 72 61 67 65 12 1c 44 72 69 76 65 77 61 79 20 26 20 47 61 72 61 67 65 20 46 6c 6f 6f 72 20 43 61 72 65 0a 25 08 f0 2a 12 20 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 0d 50 61 70 65 72 20 50 75 6e 63 68 65 73 0a 2d 08 c1 2c 12 28 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 13 42 69 63 79 63 6c 65 20 41 63 63 65 73 73 6f 72 69 65 73 0a 22 08 a2 27 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 4e 6f 76 65 6c 74 69 65 73 0a 16 08 f3 29 12 11 0a 05 4d 75 73 69 63 12 08 45 78 65 72 63 69 73 65 0a 22 08 8e 31 12 1d 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 08 53 77 69 6d 6d 69 6e 67 0a 26 08 d4 21 12 21 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 0b 4d 61 6b 65 75 70
                                                              Data Ascii: & GarageDriveway & Garage Floor Care%* Office ProductsPaper Punches-,(Sports & OutdoorsBicycle Accessories"'Home FurnishingsNovelties)MusicExercise"1Sports & OutdoorsSwimming&!!Beauty & FragranceMakeup
                                                              2024-09-06 07:58:39 UTC16384INData Raw: 6f 63 6b 20 50 61 72 74 73 0a 1b 08 be 29 12 16 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 05 42 75 6c 62 73 0a 21 08 a3 21 12 1c 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 06 4d 61 6b 65 75 70 0a 2d 08 49 12 29 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 14 42 75 73 69 6e 65 73 73 20 26 20 45 63 6f 6e 6f 6d 69 63 73 0a 23 08 d5 23 12 1e 0a 09 43 6f 6d 70 75 74 69 6e 67 12 11 45 78 70 61 6e 73 69 6f 6e 20 4d 6f 64 75 6c 65 73 0a 2f 08 a2 24 12 2a 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 1b 43 44 20 50 6c 61 79 65 72 73 20 26 20 53 74 65 72 65 6f 20 53 79 73 74 65 6d 73 0a 1f 08 d4 26 12 1a 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 06 51 75 69 6c 74 73 0a 22 08 86 23 12 1d 0a 10 43 6c 6f 74 68 69 6e
                                                              Data Ascii: ock Parts)Lawn & GardenBulbs!!Beauty & FragranceMakeup-I)Books & MagazinesBusiness & Economics##ComputingExpansion Modules/$*ElectronicsCD Players & Stereo Systems&Home FurnishingsQuilts"#Clothin
                                                              2024-09-06 07:58:39 UTC16384INData Raw: 65 72 73 0a 27 08 a6 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 42 61 67 73 0a 24 08 bd 21 12 1f 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 09 46 72 61 67 72 61 6e 63 65 0a 28 08 63 12 24 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 0f 4d 75 73 69 63 20 4d 61 67 61 7a 69 6e 65 73 0a 1e 08 8a 2b 12 19 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 06 52 75 6c 65 72 73 0a 2d 08 a9 33 12 28 0a 09 43 6f 6d 70 75 74 69 6e 67 12 1b 50 72 69 6e 74 65 72 20 50 61 72 74 73 20 26 20 41 74 74 61 63 68 6d 65 6e 74 73 0a 27 08 ef 23 12 22 0a 09 43 6f 6d 70 75 74 69 6e 67 12 15 54 68 69 6e 20 43 6c 69 65 6e 74 20 43 6f 6d 70 75 74 65 72 73 0a 37 08 bc 24 12 32 0a 0b 45 6c
                                                              Data Ascii: ers',"Sports & OutdoorsSleeping Bags$!Beauty & FragranceFragrance(c$Books & MagazinesMusic Magazines+Office ProductsRulers-3(ComputingPrinter Parts & Attachments'#"ComputingThin Client Computers7$2El
                                                              2024-09-06 07:58:39 UTC1628INData Raw: 0b 44 56 44 20 50 6c 61 79 65 72 73 0a 34 08 dc 36 12 2f 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 1f 53 6e 6f 77 6d 6f 62 69 6c 65 20 26 20 41 54 56 20 53 6b 69 73 20 26 20 52 75 6e 6e 65 72 73 0a 23 08 a2 21 12 1e 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 08 54 77 65 65 7a 65 72 73 0a 30 08 8e 33 12 2b 0a 0c 50 65 74 20 53 75 70 70 6c 69 65 73 12 1b 50 65 74 20 48 61 62 69 74 61 74 20 26 20 43 61 67 65 20 53 75 70 70 6c 69 65 73 0a 29 08 d4 23 12 24 0a 09 43 6f 6d 70 75 74 69 6e 67 12 17 44 69 67 69 74 61 6c 20 4d 65 64 69 61 20 52 65 63 65 69 76 65 72 73 0a 2a 08 f3 2b 12 25 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 10 42 6f 61 74 20 4d 61 69 6e 74 65 6e 61 6e 63 65 0a 22 08 d7 26 12 1d 0a 10 48 6f 6d 65 20 46
                                                              Data Ascii: DVD Players46/Car & GarageSnowmobile & ATV Skis & Runners#!Beauty & FragranceTweezers03+Pet SuppliesPet Habitat & Cage Supplies)#$ComputingDigital Media Receivers*+%Sports & OutdoorsBoat Maintenance"&Home F


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              22192.168.2.84977320.12.23.50443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:39 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MTBHKczA2sLotkD&MD=RkYwNnal HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                              Host: slscr.update.microsoft.com
                                                              2024-09-06 07:58:39 UTC560INHTTP/1.1 200 OK
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/octet-stream
                                                              Expires: -1
                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                              MS-CorrelationId: a105b743-9374-4c02-b998-93e7c5cef0f2
                                                              MS-RequestId: 9a2b4ca1-6dcd-42f4-a053-d98e117d3e82
                                                              MS-CV: dqiWBd/zEUuQoyuQ.0
                                                              X-Microsoft-SLSClientCache: 2880
                                                              Content-Disposition: attachment; filename=environment.cab
                                                              X-Content-Type-Options: nosniff
                                                              Date: Fri, 06 Sep 2024 07:58:38 GMT
                                                              Connection: close
                                                              Content-Length: 24490
                                                              2024-09-06 07:58:39 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                              2024-09-06 07:58:39 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              23192.168.2.849776152.195.19.974434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:50 UTC616OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726214309&P2=404&P3=2&P4=O%2fpNuAiZNSYI4XIQUfSOTCiwltcz2p%2f8SpepG6ovVCzhorby60reVGx5WtBO2lzb6dUuTPXRM2mCEHyJ0PUKGA%3d%3d HTTP/1.1
                                                              Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                              Connection: keep-alive
                                                              MS-CV: S6cG+brGM4y5ndlTt0FJyl
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:58:50 UTC632INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Age: 5536061
                                                              Cache-Control: public, max-age=17280000
                                                              Content-Type: application/x-chrome-extension
                                                              Date: Fri, 06 Sep 2024 07:58:50 GMT
                                                              Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                              Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                              MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                              MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                              MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                              Server: ECAcc (nyd/D11E)
                                                              X-AspNet-Version: 4.0.30319
                                                              X-AspNetMvc-Version: 5.3
                                                              X-Cache: HIT
                                                              X-CCC: US
                                                              X-CID: 11
                                                              X-Powered-By: ASP.NET
                                                              X-Powered-By: ARR/3.0
                                                              X-Powered-By: ASP.NET
                                                              Content-Length: 11185
                                                              Connection: close
                                                              2024-09-06 07:58:50 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                              Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              24192.168.2.849778162.159.61.34434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:58:51 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-09-06 07:58:51 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 04 65 64 67 65 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 51 00 0c 00 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: edgemicrosoftcom)QM
                                                              2024-09-06 07:58:51 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Fri, 06 Sep 2024 07:58:51 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8becea9539e5c445-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-09-06 07:58:51 UTC468INData Raw: 00 00 81 80 00 01 00 04 00 00 00 01 04 65 64 67 65 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 00 00 0e 0e 00 2d 12 65 64 67 65 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 0b 64 75 61 6c 2d 61 2d 30 30 33 36 08 61 2d 6d 73 65 64 67 65 03 6e 65 74 00 c0 30 00 05 00 01 00 00 00 3a 00 02 c0 43 c0 43 00 01 00 01 00 00 00 3a 00 04 cc 4f c5 ef c0 43 00 01 00 01 00 00 00 3a 00 04 0d 6b 15 ef 00 00 29 04 d0 00 00 00 00 01 3e 00 0c 01 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: edgemicrosoftcom-edge-microsoft-comdual-a-0036a-msedgenet0:CC:OC:k)>:


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              25192.168.2.84979440.68.123.157443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:59:17 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MTBHKczA2sLotkD&MD=RkYwNnal HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                              Host: slscr.update.microsoft.com
                                                              2024-09-06 07:59:17 UTC560INHTTP/1.1 200 OK
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/octet-stream
                                                              Expires: -1
                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                              ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                              MS-CorrelationId: c04748db-94ba-46f4-a6b2-5e2aeaf384a7
                                                              MS-RequestId: 9b0d62fb-aa3c-4fc0-8b42-a5ba0dcb35a8
                                                              MS-CV: 7zJKYPebUk6EmAx2.0
                                                              X-Microsoft-SLSClientCache: 1440
                                                              Content-Disposition: attachment; filename=environment.cab
                                                              X-Content-Type-Options: nosniff
                                                              Date: Fri, 06 Sep 2024 07:59:17 GMT
                                                              Connection: close
                                                              Content-Length: 30005
                                                              2024-09-06 07:59:17 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                              Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                              2024-09-06 07:59:17 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                              Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              26192.168.2.84979623.219.161.1324434124C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-06 07:59:29 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                              Host: bzib.nelreports.net
                                                              Connection: keep-alive
                                                              Origin: https://business.bing.com
                                                              Access-Control-Request-Method: POST
                                                              Access-Control-Request-Headers: content-type
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-06 07:59:29 UTC332INHTTP/1.1 429 Too Many Requests
                                                              Content-Length: 0
                                                              Date: Fri, 06 Sep 2024 07:59:29 GMT
                                                              Connection: close
                                                              PMUSER_FORMAT_QS:
                                                              X-CDN-TraceId: 0.84112317.1725609569.1beeb688
                                                              Access-Control-Allow-Credentials: false
                                                              Access-Control-Allow-Methods: *
                                                              Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                              Access-Control-Allow-Origin: *


                                                              Click to jump to process

                                                              Click to jump to process

                                                              Click to dive into process behavior distribution

                                                              Click to jump to process

                                                              Target ID:0
                                                              Start time:03:58:21
                                                              Start date:06/09/2024
                                                              Path:C:\Users\user\Desktop\file.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                              Imagebase:0xa30000
                                                              File size:917'504 bytes
                                                              MD5 hash:9720060A0108D1A36B6F051E31353414
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              Target ID:2
                                                              Start time:03:58:22
                                                              Start date:06/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff7f97c0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              Target ID:3
                                                              Start time:03:58:22
                                                              Start date:06/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff6d20e0000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              Target ID:4
                                                              Start time:03:58:22
                                                              Start date:06/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                              Imagebase:0x7ff6d20e0000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              Target ID:6
                                                              Start time:03:58:22
                                                              Start date:06/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff6d20e0000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              Target ID:7
                                                              Start time:03:58:22
                                                              Start date:06/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2180,i,11385975426524790474,2291032491079240300,262144 /prefetch:3
                                                              Imagebase:0x7ff7f97c0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              Target ID:8
                                                              Start time:03:58:22
                                                              Start date:06/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff7f97c0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              Target ID:9
                                                              Start time:03:58:24
                                                              Start date:06/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2800 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:3
                                                              Imagebase:0x7ff7f97c0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              Target ID:10
                                                              Start time:03:58:25
                                                              Start date:06/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20230927232528 -prefsHandle 2272 -prefMapHandle 2264 -prefsLen 25298 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfa01b6f-fa55-4040-aa0b-785369d38a76} 6832 "\\.\pipe\gecko-crash-server-pipe.6832" 22755a6e110 socket
                                                              Imagebase:0x7ff6d20e0000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              Target ID:15
                                                              Start time:03:58:28
                                                              Start date:06/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6872 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8
                                                              Imagebase:0x7ff7f97c0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              Target ID:16
                                                              Start time:03:58:28
                                                              Start date:06/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7012 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8
                                                              Imagebase:0x7ff7f97c0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              Target ID:18
                                                              Start time:03:58:30
                                                              Start date:06/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4532 -parentBuildID 20230927232528 -prefsHandle 4516 -prefMapHandle 3888 -prefsLen 26313 -prefMapSize 238442 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b8c35b2-355b-43e8-bc2c-ddf9c5e64bd7} 6832 "\\.\pipe\gecko-crash-server-pipe.6832" 22765d1cf10 rdd
                                                              Imagebase:0x7ff6d20e0000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              Target ID:19
                                                              Start time:03:58:34
                                                              Start date:06/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6752 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8
                                                              Imagebase:0x7ff7f97c0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              Target ID:20
                                                              Start time:03:58:35
                                                              Start date:06/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7272 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8
                                                              Imagebase:0x7ff7f97c0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:21
                                                              Start time:03:58:35
                                                              Start date:06/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7892 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8
                                                              Imagebase:0x7ff7f97c0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:25
                                                              Start time:03:59:23
                                                              Start date:06/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7892 --field-trial-handle=2096,i,2847655531396615725,3108115374637525863,262144 /prefetch:8
                                                              Imagebase:0x7ff7f97c0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:1.8%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:4.8%
                                                                Total number of Nodes:1372
                                                                Total number of Limit Nodes:52
                                                                execution_graph 95788 a32de3 95789 a32df0 __wsopen_s 95788->95789 95790 a32e09 95789->95790 95791 a72c2b ___scrt_fastfail 95789->95791 95804 a33aa2 95790->95804 95794 a72c47 GetOpenFileNameW 95791->95794 95796 a72c96 95794->95796 95861 a36b57 95796->95861 95800 a72cab 95800->95800 95801 a32e27 95832 a344a8 95801->95832 95873 a71f50 95804->95873 95807 a33ae9 95879 a3a6c3 95807->95879 95808 a33ace 95809 a36b57 22 API calls 95808->95809 95811 a33ada 95809->95811 95875 a337a0 95811->95875 95814 a32da5 95815 a71f50 __wsopen_s 95814->95815 95816 a32db2 GetLongPathNameW 95815->95816 95817 a36b57 22 API calls 95816->95817 95818 a32dda 95817->95818 95819 a33598 95818->95819 95930 a3a961 95819->95930 95822 a33aa2 23 API calls 95823 a335b5 95822->95823 95824 a335c0 95823->95824 95825 a732eb 95823->95825 95935 a3515f 95824->95935 95829 a7330d 95825->95829 95947 a4ce60 41 API calls 95825->95947 95831 a335df 95831->95801 95948 a34ecb 95832->95948 95835 a73833 95970 aa2cf9 95835->95970 95837 a34ecb 94 API calls 95839 a344e1 95837->95839 95838 a73848 95840 a7384c 95838->95840 95841 a73869 95838->95841 95839->95835 95842 a344e9 95839->95842 95997 a34f39 95840->95997 95846 a4fe0b 22 API calls 95841->95846 95843 a73854 95842->95843 95844 a344f5 95842->95844 96003 a9da5a 82 API calls 95843->96003 95996 a3940c 136 API calls 2 library calls 95844->95996 95860 a738ae 95846->95860 95849 a32e31 95850 a73862 95850->95841 95851 a34f39 68 API calls 95854 a73a5f 95851->95854 95854->95851 96009 a9989b 82 API calls __wsopen_s 95854->96009 95857 a39cb3 22 API calls 95857->95860 95860->95854 95860->95857 96004 a9967e 22 API calls __fread_nolock 95860->96004 96005 a995ad 42 API calls _wcslen 95860->96005 96006 aa0b5a 22 API calls 95860->96006 96007 a3a4a1 22 API calls __fread_nolock 95860->96007 96008 a33ff7 22 API calls 95860->96008 95862 a36b67 _wcslen 95861->95862 95863 a74ba1 95861->95863 95866 a36ba2 95862->95866 95867 a36b7d 95862->95867 95864 a393b2 22 API calls 95863->95864 95865 a74baa 95864->95865 95865->95865 95869 a4fddb 22 API calls 95866->95869 96286 a36f34 22 API calls 95867->96286 95871 a36bae 95869->95871 95870 a36b85 __fread_nolock 95870->95800 95872 a4fe0b 22 API calls 95871->95872 95872->95870 95874 a33aaf GetFullPathNameW 95873->95874 95874->95807 95874->95808 95876 a337ae 95875->95876 95885 a393b2 95876->95885 95878 a32e12 95878->95814 95880 a3a6dd 95879->95880 95884 a3a6d0 95879->95884 95881 a4fddb 22 API calls 95880->95881 95882 a3a6e7 95881->95882 95883 a4fe0b 22 API calls 95882->95883 95883->95884 95884->95811 95886 a393c9 __fread_nolock 95885->95886 95887 a393c0 95885->95887 95886->95878 95887->95886 95889 a3aec9 95887->95889 95890 a3aedc 95889->95890 95894 a3aed9 __fread_nolock 95889->95894 95895 a4fddb 95890->95895 95892 a3aee7 95905 a4fe0b 95892->95905 95894->95886 95897 a4fde0 95895->95897 95898 a4fdfa 95897->95898 95901 a4fdfc 95897->95901 95915 a5ea0c 95897->95915 95922 a54ead 7 API calls 2 library calls 95897->95922 95898->95892 95900 a5066d 95924 a532a4 RaiseException 95900->95924 95901->95900 95923 a532a4 RaiseException 95901->95923 95903 a5068a 95903->95892 95907 a4fddb 95905->95907 95906 a5ea0c ___std_exception_copy 21 API calls 95906->95907 95907->95906 95908 a4fdfa 95907->95908 95912 a4fdfc 95907->95912 95927 a54ead 7 API calls 2 library calls 95907->95927 95908->95894 95910 a5066d 95929 a532a4 RaiseException 95910->95929 95912->95910 95928 a532a4 RaiseException 95912->95928 95913 a5068a 95913->95894 95921 a63820 _abort 95915->95921 95916 a6385e 95926 a5f2d9 20 API calls _abort 95916->95926 95918 a63849 RtlAllocateHeap 95919 a6385c 95918->95919 95918->95921 95919->95897 95921->95916 95921->95918 95925 a54ead 7 API calls 2 library calls 95921->95925 95922->95897 95923->95900 95924->95903 95925->95921 95926->95919 95927->95907 95928->95910 95929->95913 95931 a4fe0b 22 API calls 95930->95931 95932 a3a976 95931->95932 95933 a4fddb 22 API calls 95932->95933 95934 a335aa 95933->95934 95934->95822 95936 a3518f __fread_nolock 95935->95936 95937 a3516e 95935->95937 95938 a4fddb 22 API calls 95936->95938 95939 a4fe0b 22 API calls 95937->95939 95940 a335cc 95938->95940 95939->95936 95941 a335f3 95940->95941 95942 a33605 95941->95942 95946 a33624 __fread_nolock 95941->95946 95944 a4fe0b 22 API calls 95942->95944 95943 a4fddb 22 API calls 95945 a3363b 95943->95945 95944->95946 95945->95831 95946->95943 95947->95825 96010 a34e90 LoadLibraryA 95948->96010 95953 a34ef6 LoadLibraryExW 96018 a34e59 LoadLibraryA 95953->96018 95954 a73ccf 95956 a34f39 68 API calls 95954->95956 95957 a73cd6 95956->95957 95959 a34e59 3 API calls 95957->95959 95961 a73cde 95959->95961 96040 a350f5 40 API calls __fread_nolock 95961->96040 95962 a34f20 95962->95961 95963 a34f2c 95962->95963 95965 a34f39 68 API calls 95963->95965 95967 a344cd 95965->95967 95966 a73cf5 96041 aa28fe 27 API calls 95966->96041 95967->95835 95967->95837 95969 a73d05 95971 aa2d15 95970->95971 96117 a3511f 64 API calls 95971->96117 95973 aa2d29 96118 aa2e66 75 API calls 95973->96118 95975 aa2d3b 95976 aa2d3f 95975->95976 96119 a350f5 40 API calls __fread_nolock 95975->96119 95976->95838 95978 aa2d56 96120 a350f5 40 API calls __fread_nolock 95978->96120 95980 aa2d66 96121 a350f5 40 API calls __fread_nolock 95980->96121 95982 aa2d81 96122 a350f5 40 API calls __fread_nolock 95982->96122 95984 aa2d9c 96123 a3511f 64 API calls 95984->96123 95986 aa2db3 95987 a5ea0c ___std_exception_copy 21 API calls 95986->95987 95988 aa2dba 95987->95988 95989 a5ea0c ___std_exception_copy 21 API calls 95988->95989 95990 aa2dc4 95989->95990 96124 a350f5 40 API calls __fread_nolock 95990->96124 95992 aa2dd8 96125 aa28fe 27 API calls 95992->96125 95994 aa2dee 95994->95976 96126 aa22ce 95994->96126 95996->95849 95998 a34f43 95997->95998 96000 a34f4a 95997->96000 95999 a5e678 67 API calls 95998->95999 95999->96000 96001 a34f6a FreeLibrary 96000->96001 96002 a34f59 96000->96002 96001->96002 96002->95843 96003->95850 96004->95860 96005->95860 96006->95860 96007->95860 96008->95860 96009->95854 96011 a34ec6 96010->96011 96012 a34ea8 GetProcAddress 96010->96012 96015 a5e5eb 96011->96015 96013 a34eb8 96012->96013 96013->96011 96014 a34ebf FreeLibrary 96013->96014 96014->96011 96042 a5e52a 96015->96042 96017 a34eea 96017->95953 96017->95954 96019 a34e6e GetProcAddress 96018->96019 96020 a34e8d 96018->96020 96021 a34e7e 96019->96021 96023 a34f80 96020->96023 96021->96020 96022 a34e86 FreeLibrary 96021->96022 96022->96020 96024 a4fe0b 22 API calls 96023->96024 96025 a34f95 96024->96025 96103 a35722 96025->96103 96027 a34fa1 __fread_nolock 96028 a350a5 96027->96028 96029 a73d1d 96027->96029 96039 a34fdc 96027->96039 96106 a342a2 CreateStreamOnHGlobal 96028->96106 96114 aa304d 74 API calls 96029->96114 96032 a73d22 96115 a3511f 64 API calls 96032->96115 96035 a73d45 96116 a350f5 40 API calls __fread_nolock 96035->96116 96038 a3506e ISource 96038->95962 96039->96032 96039->96038 96112 a350f5 40 API calls __fread_nolock 96039->96112 96113 a3511f 64 API calls 96039->96113 96040->95966 96041->95969 96044 a5e536 ___scrt_is_nonwritable_in_current_image 96042->96044 96043 a5e544 96067 a5f2d9 20 API calls _abort 96043->96067 96044->96043 96047 a5e574 96044->96047 96046 a5e549 96068 a627ec 26 API calls ___std_exception_copy 96046->96068 96049 a5e586 96047->96049 96050 a5e579 96047->96050 96059 a68061 96049->96059 96069 a5f2d9 20 API calls _abort 96050->96069 96053 a5e58f 96054 a5e595 96053->96054 96055 a5e5a2 96053->96055 96070 a5f2d9 20 API calls _abort 96054->96070 96071 a5e5d4 LeaveCriticalSection __fread_nolock 96055->96071 96058 a5e554 __wsopen_s 96058->96017 96060 a6806d ___scrt_is_nonwritable_in_current_image 96059->96060 96072 a62f5e EnterCriticalSection 96060->96072 96062 a6807b 96073 a680fb 96062->96073 96066 a680ac __wsopen_s 96066->96053 96067->96046 96068->96058 96069->96058 96070->96058 96071->96058 96072->96062 96080 a6811e 96073->96080 96074 a68088 96087 a680b7 96074->96087 96075 a68177 96092 a64c7d 20 API calls 2 library calls 96075->96092 96077 a68180 96093 a629c8 96077->96093 96080->96074 96080->96075 96090 a5918d EnterCriticalSection 96080->96090 96091 a591a1 LeaveCriticalSection 96080->96091 96081 a68189 96081->96074 96099 a63405 11 API calls 2 library calls 96081->96099 96083 a681a8 96100 a5918d EnterCriticalSection 96083->96100 96086 a681bb 96086->96074 96102 a62fa6 LeaveCriticalSection 96087->96102 96089 a680be 96089->96066 96090->96080 96091->96080 96092->96077 96094 a629d3 RtlFreeHeap 96093->96094 96095 a629fc __dosmaperr 96093->96095 96094->96095 96096 a629e8 96094->96096 96095->96081 96101 a5f2d9 20 API calls _abort 96096->96101 96098 a629ee GetLastError 96098->96095 96099->96083 96100->96086 96101->96098 96102->96089 96104 a4fddb 22 API calls 96103->96104 96105 a35734 96104->96105 96105->96027 96107 a342bc FindResourceExW 96106->96107 96108 a342d9 96106->96108 96107->96108 96109 a735ba LoadResource 96107->96109 96108->96039 96109->96108 96110 a735cf SizeofResource 96109->96110 96110->96108 96111 a735e3 LockResource 96110->96111 96111->96108 96112->96039 96113->96039 96114->96032 96115->96035 96116->96038 96117->95973 96118->95975 96119->95978 96120->95980 96121->95982 96122->95984 96123->95986 96124->95992 96125->95994 96127 aa22e7 96126->96127 96128 aa22d9 96126->96128 96130 aa232c 96127->96130 96131 a5e5eb 29 API calls 96127->96131 96154 aa22f0 96127->96154 96129 a5e5eb 29 API calls 96128->96129 96129->96127 96155 aa2557 40 API calls __fread_nolock 96130->96155 96132 aa2311 96131->96132 96132->96130 96134 aa231a 96132->96134 96134->96154 96163 a5e678 96134->96163 96135 aa2370 96136 aa2395 96135->96136 96139 aa2374 96135->96139 96156 aa2171 96136->96156 96140 aa2381 96139->96140 96142 a5e678 67 API calls 96139->96142 96143 a5e678 67 API calls 96140->96143 96140->96154 96141 aa239d 96144 aa23c3 96141->96144 96145 aa23a3 96141->96145 96142->96140 96143->96154 96176 aa23f3 74 API calls 96144->96176 96147 aa23b0 96145->96147 96148 a5e678 67 API calls 96145->96148 96149 a5e678 67 API calls 96147->96149 96147->96154 96148->96147 96149->96154 96150 aa23de 96153 a5e678 67 API calls 96150->96153 96150->96154 96151 aa23ca 96151->96150 96152 a5e678 67 API calls 96151->96152 96152->96150 96153->96154 96154->95976 96155->96135 96157 a5ea0c ___std_exception_copy 21 API calls 96156->96157 96158 aa217f 96157->96158 96159 a5ea0c ___std_exception_copy 21 API calls 96158->96159 96160 aa2190 96159->96160 96161 a5ea0c ___std_exception_copy 21 API calls 96160->96161 96162 aa219c 96161->96162 96162->96141 96164 a5e684 ___scrt_is_nonwritable_in_current_image 96163->96164 96165 a5e695 96164->96165 96166 a5e6aa 96164->96166 96194 a5f2d9 20 API calls _abort 96165->96194 96175 a5e6a5 __wsopen_s 96166->96175 96177 a5918d EnterCriticalSection 96166->96177 96168 a5e69a 96195 a627ec 26 API calls ___std_exception_copy 96168->96195 96171 a5e6c6 96178 a5e602 96171->96178 96173 a5e6d1 96196 a5e6ee LeaveCriticalSection __fread_nolock 96173->96196 96175->96154 96176->96151 96177->96171 96179 a5e624 96178->96179 96180 a5e60f 96178->96180 96184 a5e61f 96179->96184 96197 a5dc0b 96179->96197 96229 a5f2d9 20 API calls _abort 96180->96229 96183 a5e614 96230 a627ec 26 API calls ___std_exception_copy 96183->96230 96184->96173 96190 a5e646 96214 a6862f 96190->96214 96193 a629c8 _free 20 API calls 96193->96184 96194->96168 96195->96175 96196->96175 96198 a5dc23 96197->96198 96199 a5dc1f 96197->96199 96198->96199 96200 a5d955 __fread_nolock 26 API calls 96198->96200 96203 a64d7a 96199->96203 96201 a5dc43 96200->96201 96231 a659be 62 API calls 4 library calls 96201->96231 96204 a5e640 96203->96204 96205 a64d90 96203->96205 96207 a5d955 96204->96207 96205->96204 96206 a629c8 _free 20 API calls 96205->96206 96206->96204 96208 a5d976 96207->96208 96209 a5d961 96207->96209 96208->96190 96232 a5f2d9 20 API calls _abort 96209->96232 96211 a5d966 96233 a627ec 26 API calls ___std_exception_copy 96211->96233 96213 a5d971 96213->96190 96215 a6863e 96214->96215 96219 a68653 96214->96219 96237 a5f2c6 20 API calls _abort 96215->96237 96216 a6868e 96239 a5f2c6 20 API calls _abort 96216->96239 96218 a68643 96238 a5f2d9 20 API calls _abort 96218->96238 96219->96216 96222 a6867a 96219->96222 96234 a68607 96222->96234 96223 a68693 96240 a5f2d9 20 API calls _abort 96223->96240 96226 a5e64c 96226->96184 96226->96193 96227 a6869b 96241 a627ec 26 API calls ___std_exception_copy 96227->96241 96229->96183 96230->96184 96231->96199 96232->96211 96233->96213 96242 a68585 96234->96242 96236 a6862b 96236->96226 96237->96218 96238->96226 96239->96223 96240->96227 96241->96226 96243 a68591 ___scrt_is_nonwritable_in_current_image 96242->96243 96253 a65147 EnterCriticalSection 96243->96253 96245 a6859f 96246 a685c6 96245->96246 96247 a685d1 96245->96247 96254 a686ae 96246->96254 96269 a5f2d9 20 API calls _abort 96247->96269 96250 a685cc 96270 a685fb LeaveCriticalSection __wsopen_s 96250->96270 96252 a685ee __wsopen_s 96252->96236 96253->96245 96271 a653c4 96254->96271 96256 a686c4 96284 a65333 21 API calls 2 library calls 96256->96284 96258 a686be 96258->96256 96259 a686f6 96258->96259 96262 a653c4 __wsopen_s 26 API calls 96258->96262 96259->96256 96260 a653c4 __wsopen_s 26 API calls 96259->96260 96263 a68702 FindCloseChangeNotification 96260->96263 96261 a6871c 96264 a6873e 96261->96264 96285 a5f2a3 20 API calls __dosmaperr 96261->96285 96265 a686ed 96262->96265 96263->96256 96266 a6870e GetLastError 96263->96266 96264->96250 96268 a653c4 __wsopen_s 26 API calls 96265->96268 96266->96256 96268->96259 96269->96250 96270->96252 96272 a653d1 96271->96272 96273 a653e6 96271->96273 96274 a5f2c6 __dosmaperr 20 API calls 96272->96274 96275 a5f2c6 __dosmaperr 20 API calls 96273->96275 96277 a6540b 96273->96277 96276 a653d6 96274->96276 96278 a65416 96275->96278 96279 a5f2d9 __dosmaperr 20 API calls 96276->96279 96277->96258 96280 a5f2d9 __dosmaperr 20 API calls 96278->96280 96281 a653de 96279->96281 96282 a6541e 96280->96282 96281->96258 96283 a627ec ___std_exception_copy 26 API calls 96282->96283 96283->96281 96284->96261 96285->96264 96286->95870 96287 a72ba5 96288 a32b25 96287->96288 96289 a72baf 96287->96289 96315 a32b83 7 API calls 96288->96315 96333 a33a5a 96289->96333 96292 a72bb8 96340 a39cb3 96292->96340 96296 a32b2f 96304 a32b44 96296->96304 96319 a33837 96296->96319 96297 a72bc6 96298 a72bf5 96297->96298 96299 a72bce 96297->96299 96302 a333c6 22 API calls 96298->96302 96346 a333c6 96299->96346 96313 a72bf1 GetForegroundWindow ShellExecuteW 96302->96313 96309 a32b5f 96304->96309 96329 a330f2 96304->96329 96308 a72be7 96311 a333c6 22 API calls 96308->96311 96312 a32b66 SetCurrentDirectoryW 96309->96312 96310 a72c26 96310->96309 96311->96313 96314 a32b7a 96312->96314 96313->96310 96356 a32cd4 7 API calls 96315->96356 96317 a32b2a 96318 a32c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96317->96318 96318->96296 96320 a33862 ___scrt_fastfail 96319->96320 96357 a34212 96320->96357 96323 a338e8 96325 a73386 Shell_NotifyIconW 96323->96325 96326 a33906 Shell_NotifyIconW 96323->96326 96361 a33923 96326->96361 96328 a3391c 96328->96304 96330 a33154 96329->96330 96331 a33104 ___scrt_fastfail 96329->96331 96330->96309 96332 a33123 Shell_NotifyIconW 96331->96332 96332->96330 96334 a71f50 __wsopen_s 96333->96334 96335 a33a67 GetModuleFileNameW 96334->96335 96336 a39cb3 22 API calls 96335->96336 96337 a33a8d 96336->96337 96338 a33aa2 23 API calls 96337->96338 96339 a33a97 96338->96339 96339->96292 96341 a39cc2 _wcslen 96340->96341 96342 a4fe0b 22 API calls 96341->96342 96343 a39cea __fread_nolock 96342->96343 96344 a4fddb 22 API calls 96343->96344 96345 a39d00 96344->96345 96345->96297 96347 a730bb 96346->96347 96348 a333dd 96346->96348 96349 a4fddb 22 API calls 96347->96349 96392 a333ee 96348->96392 96352 a730c5 _wcslen 96349->96352 96351 a333e8 96355 a36350 22 API calls 96351->96355 96353 a4fe0b 22 API calls 96352->96353 96354 a730fe __fread_nolock 96353->96354 96355->96308 96356->96317 96358 a735a4 96357->96358 96359 a338b7 96357->96359 96358->96359 96360 a735ad DestroyIcon 96358->96360 96359->96323 96383 a9c874 42 API calls _strftime 96359->96383 96360->96359 96362 a33a13 96361->96362 96363 a3393f 96361->96363 96362->96328 96384 a36270 96363->96384 96366 a73393 LoadStringW 96369 a733ad 96366->96369 96367 a3395a 96368 a36b57 22 API calls 96367->96368 96370 a3396f 96368->96370 96378 a33994 ___scrt_fastfail 96369->96378 96390 a3a8c7 22 API calls __fread_nolock 96369->96390 96371 a733c9 96370->96371 96372 a3397c 96370->96372 96391 a36350 22 API calls 96371->96391 96372->96369 96375 a33986 96372->96375 96389 a36350 22 API calls 96375->96389 96377 a733d7 96377->96378 96379 a333c6 22 API calls 96377->96379 96380 a339f9 Shell_NotifyIconW 96378->96380 96381 a733f9 96379->96381 96380->96362 96382 a333c6 22 API calls 96381->96382 96382->96378 96383->96323 96385 a4fe0b 22 API calls 96384->96385 96386 a36295 96385->96386 96387 a4fddb 22 API calls 96386->96387 96388 a3394d 96387->96388 96388->96366 96388->96367 96389->96378 96390->96378 96391->96377 96393 a333fe _wcslen 96392->96393 96394 a33411 96393->96394 96395 a7311d 96393->96395 96402 a3a587 96394->96402 96397 a4fddb 22 API calls 96395->96397 96399 a73127 96397->96399 96398 a3341e __fread_nolock 96398->96351 96400 a4fe0b 22 API calls 96399->96400 96401 a73157 __fread_nolock 96400->96401 96403 a3a59d 96402->96403 96405 a3a598 __fread_nolock 96402->96405 96404 a4fe0b 22 API calls 96403->96404 96406 a7f80f 96403->96406 96404->96405 96405->96398 96406->96406 96407 a68402 96412 a681be 96407->96412 96410 a6842a 96413 a681ef try_get_first_available_module 96412->96413 96423 a68338 96413->96423 96427 a58e0b 40 API calls 2 library calls 96413->96427 96415 a683ee 96431 a627ec 26 API calls ___std_exception_copy 96415->96431 96417 a68343 96417->96410 96424 a70984 96417->96424 96419 a6838c 96419->96423 96428 a58e0b 40 API calls 2 library calls 96419->96428 96421 a683ab 96421->96423 96429 a58e0b 40 API calls 2 library calls 96421->96429 96423->96417 96430 a5f2d9 20 API calls _abort 96423->96430 96432 a70081 96424->96432 96426 a7099f 96426->96410 96427->96419 96428->96421 96429->96423 96430->96415 96431->96417 96433 a7008d ___scrt_is_nonwritable_in_current_image 96432->96433 96434 a7009b 96433->96434 96437 a700d4 96433->96437 96490 a5f2d9 20 API calls _abort 96434->96490 96436 a700a0 96491 a627ec 26 API calls ___std_exception_copy 96436->96491 96443 a7065b 96437->96443 96442 a700aa __wsopen_s 96442->96426 96493 a7042f 96443->96493 96446 a706a6 96511 a65221 96446->96511 96447 a7068d 96525 a5f2c6 20 API calls _abort 96447->96525 96450 a706ab 96451 a706b4 96450->96451 96452 a706cb 96450->96452 96527 a5f2c6 20 API calls _abort 96451->96527 96524 a7039a CreateFileW 96452->96524 96456 a706b9 96528 a5f2d9 20 API calls _abort 96456->96528 96457 a700f8 96492 a70121 LeaveCriticalSection __wsopen_s 96457->96492 96459 a70781 GetFileType 96460 a707d3 96459->96460 96461 a7078c GetLastError 96459->96461 96533 a6516a 21 API calls 2 library calls 96460->96533 96531 a5f2a3 20 API calls __dosmaperr 96461->96531 96462 a70692 96526 a5f2d9 20 API calls _abort 96462->96526 96463 a70756 GetLastError 96530 a5f2a3 20 API calls __dosmaperr 96463->96530 96465 a70704 96465->96459 96465->96463 96529 a7039a CreateFileW 96465->96529 96467 a7079a CloseHandle 96467->96462 96469 a707c3 96467->96469 96532 a5f2d9 20 API calls _abort 96469->96532 96471 a70749 96471->96459 96471->96463 96473 a707f4 96475 a70840 96473->96475 96534 a705ab 72 API calls 3 library calls 96473->96534 96474 a707c8 96474->96462 96479 a7086d 96475->96479 96535 a7014d 72 API calls 4 library calls 96475->96535 96478 a70866 96478->96479 96480 a7087e 96478->96480 96481 a686ae __wsopen_s 29 API calls 96479->96481 96480->96457 96482 a708fc CloseHandle 96480->96482 96481->96457 96536 a7039a CreateFileW 96482->96536 96484 a70927 96485 a7095d 96484->96485 96486 a70931 GetLastError 96484->96486 96485->96457 96537 a5f2a3 20 API calls __dosmaperr 96486->96537 96488 a7093d 96538 a65333 21 API calls 2 library calls 96488->96538 96490->96436 96491->96442 96492->96442 96494 a7046a 96493->96494 96495 a70450 96493->96495 96539 a703bf 96494->96539 96495->96494 96546 a5f2d9 20 API calls _abort 96495->96546 96498 a7045f 96547 a627ec 26 API calls ___std_exception_copy 96498->96547 96500 a704a2 96501 a704d1 96500->96501 96548 a5f2d9 20 API calls _abort 96500->96548 96506 a70524 96501->96506 96550 a5d70d 26 API calls 2 library calls 96501->96550 96504 a7051f 96504->96506 96507 a7059e 96504->96507 96505 a704c6 96549 a627ec 26 API calls ___std_exception_copy 96505->96549 96506->96446 96506->96447 96551 a627fc 11 API calls _abort 96507->96551 96510 a705aa 96512 a6522d ___scrt_is_nonwritable_in_current_image 96511->96512 96554 a62f5e EnterCriticalSection 96512->96554 96515 a65234 96516 a65259 96515->96516 96520 a652c7 EnterCriticalSection 96515->96520 96523 a6527b 96515->96523 96558 a65000 21 API calls 3 library calls 96516->96558 96517 a652a4 __wsopen_s 96517->96450 96519 a6525e 96519->96523 96559 a65147 EnterCriticalSection 96519->96559 96521 a652d4 LeaveCriticalSection 96520->96521 96520->96523 96521->96515 96555 a6532a 96523->96555 96524->96465 96525->96462 96526->96457 96527->96456 96528->96462 96529->96471 96530->96462 96531->96467 96532->96474 96533->96473 96534->96475 96535->96478 96536->96484 96537->96488 96538->96485 96540 a703d7 96539->96540 96542 a703f2 96540->96542 96552 a5f2d9 20 API calls _abort 96540->96552 96542->96500 96543 a70416 96553 a627ec 26 API calls ___std_exception_copy 96543->96553 96545 a70421 96545->96500 96546->96498 96547->96494 96548->96505 96549->96501 96550->96504 96551->96510 96552->96543 96553->96545 96554->96515 96560 a62fa6 LeaveCriticalSection 96555->96560 96557 a65331 96557->96517 96558->96519 96559->96523 96560->96557 96561 a72402 96564 a31410 96561->96564 96565 a3144f mciSendStringW 96564->96565 96566 a724b8 DestroyWindow 96564->96566 96567 a316c6 96565->96567 96568 a3146b 96565->96568 96579 a724c4 96566->96579 96567->96568 96570 a316d5 UnregisterHotKey 96567->96570 96569 a31479 96568->96569 96568->96579 96597 a3182e 96569->96597 96570->96567 96572 a72509 96578 a7251c FreeLibrary 96572->96578 96580 a7252d 96572->96580 96573 a724e2 FindClose 96573->96579 96574 a724d8 96574->96579 96603 a36246 CloseHandle 96574->96603 96577 a3148e 96577->96580 96585 a3149c 96577->96585 96578->96572 96579->96572 96579->96573 96579->96574 96581 a72541 VirtualFree 96580->96581 96588 a31509 96580->96588 96581->96580 96582 a314f8 OleUninitialize 96582->96588 96583 a31514 96587 a31524 96583->96587 96584 a72589 96590 a72598 ISource 96584->96590 96604 aa32eb 6 API calls ISource 96584->96604 96585->96582 96601 a31944 VirtualFreeEx CloseHandle 96587->96601 96588->96583 96588->96584 96594 a72627 96590->96594 96605 a964d4 22 API calls ISource 96590->96605 96592 a3153a 96592->96590 96593 a3161f 96592->96593 96593->96594 96602 a31876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96593->96602 96596 a316c1 96599 a3183b 96597->96599 96598 a31480 96598->96572 96598->96577 96599->96598 96606 a9702a 22 API calls 96599->96606 96601->96592 96602->96596 96603->96574 96604->96584 96605->96590 96606->96599 96607 a31044 96612 a310f3 96607->96612 96609 a3104a 96648 a500a3 29 API calls __onexit 96609->96648 96611 a31054 96649 a31398 96612->96649 96616 a3116a 96617 a3a961 22 API calls 96616->96617 96618 a31174 96617->96618 96619 a3a961 22 API calls 96618->96619 96620 a3117e 96619->96620 96621 a3a961 22 API calls 96620->96621 96622 a31188 96621->96622 96623 a3a961 22 API calls 96622->96623 96624 a311c6 96623->96624 96625 a3a961 22 API calls 96624->96625 96626 a31292 96625->96626 96659 a3171c 96626->96659 96630 a312c4 96631 a3a961 22 API calls 96630->96631 96632 a312ce 96631->96632 96680 a41940 96632->96680 96634 a312f9 96690 a31aab 96634->96690 96636 a31315 96637 a31325 GetStdHandle 96636->96637 96638 a72485 96637->96638 96639 a3137a 96637->96639 96638->96639 96640 a7248e 96638->96640 96643 a31387 OleInitialize 96639->96643 96641 a4fddb 22 API calls 96640->96641 96642 a72495 96641->96642 96697 aa011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96642->96697 96643->96609 96645 a7249e 96698 aa0944 CreateThread 96645->96698 96647 a724aa CloseHandle 96647->96639 96648->96611 96699 a313f1 96649->96699 96652 a313f1 22 API calls 96653 a313d0 96652->96653 96654 a3a961 22 API calls 96653->96654 96655 a313dc 96654->96655 96656 a36b57 22 API calls 96655->96656 96657 a31129 96656->96657 96658 a31bc3 6 API calls 96657->96658 96658->96616 96660 a3a961 22 API calls 96659->96660 96661 a3172c 96660->96661 96662 a3a961 22 API calls 96661->96662 96663 a31734 96662->96663 96664 a3a961 22 API calls 96663->96664 96665 a3174f 96664->96665 96666 a4fddb 22 API calls 96665->96666 96667 a3129c 96666->96667 96668 a31b4a 96667->96668 96669 a31b58 96668->96669 96670 a3a961 22 API calls 96669->96670 96671 a31b63 96670->96671 96672 a3a961 22 API calls 96671->96672 96673 a31b6e 96672->96673 96674 a3a961 22 API calls 96673->96674 96675 a31b79 96674->96675 96676 a3a961 22 API calls 96675->96676 96677 a31b84 96676->96677 96678 a4fddb 22 API calls 96677->96678 96679 a31b96 RegisterWindowMessageW 96678->96679 96679->96630 96681 a41981 96680->96681 96688 a4195d 96680->96688 96706 a50242 5 API calls __Init_thread_wait 96681->96706 96683 a4198b 96683->96688 96707 a501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96683->96707 96685 a48727 96689 a4196e 96685->96689 96709 a501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96685->96709 96688->96689 96708 a50242 5 API calls __Init_thread_wait 96688->96708 96689->96634 96691 a31abb 96690->96691 96692 a7272d 96690->96692 96693 a4fddb 22 API calls 96691->96693 96710 aa3209 23 API calls 96692->96710 96695 a31ac3 96693->96695 96695->96636 96696 a72738 96697->96645 96698->96647 96711 aa092a 28 API calls 96698->96711 96700 a3a961 22 API calls 96699->96700 96701 a313fc 96700->96701 96702 a3a961 22 API calls 96701->96702 96703 a31404 96702->96703 96704 a3a961 22 API calls 96703->96704 96705 a313c6 96704->96705 96705->96652 96706->96683 96707->96688 96708->96685 96709->96689 96710->96696 96712 a82a00 96727 a3d7b0 ISource 96712->96727 96713 a3db11 PeekMessageW 96713->96727 96714 a3d807 GetInputState 96714->96713 96714->96727 96715 a81cbe TranslateAcceleratorW 96715->96727 96717 a3db8f PeekMessageW 96717->96727 96718 a3da04 timeGetTime 96718->96727 96719 a3db73 TranslateMessage DispatchMessageW 96719->96717 96720 a3dbaf Sleep 96738 a3dbc0 96720->96738 96721 a82b74 Sleep 96721->96738 96722 a4e551 timeGetTime 96722->96738 96723 a81dda timeGetTime 96862 a4e300 23 API calls 96723->96862 96726 a82c0b GetExitCodeProcess 96729 a82c21 WaitForSingleObject 96726->96729 96730 a82c37 CloseHandle 96726->96730 96727->96713 96727->96714 96727->96715 96727->96717 96727->96718 96727->96719 96727->96720 96727->96721 96727->96723 96728 a3d9d5 96727->96728 96744 a3dd50 96727->96744 96751 a41310 96727->96751 96802 a3dfd0 185 API calls 3 library calls 96727->96802 96803 a3bf40 96727->96803 96861 a4edf6 IsDialogMessageW GetClassLongW 96727->96861 96863 aa3a2a 23 API calls 96727->96863 96864 a3ec40 96727->96864 96888 aa359c 82 API calls __wsopen_s 96727->96888 96729->96727 96729->96730 96730->96738 96731 a82a31 96731->96728 96732 ac29bf GetForegroundWindow 96732->96738 96734 a82ca9 Sleep 96734->96727 96738->96722 96738->96726 96738->96727 96738->96728 96738->96731 96738->96732 96738->96734 96889 ab5658 23 API calls 96738->96889 96890 a9e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96738->96890 96891 a9d4dc CreateToolhelp32Snapshot Process32FirstW 96738->96891 96745 a3dd83 96744->96745 96746 a3dd6f 96744->96746 96933 aa359c 82 API calls __wsopen_s 96745->96933 96901 a3d260 96746->96901 96748 a3dd7a 96748->96727 96750 a82f75 96750->96750 96752 a41376 96751->96752 96753 a417b0 96751->96753 96754 a86331 96752->96754 96756 a41940 9 API calls 96752->96756 96955 a50242 5 API calls __Init_thread_wait 96753->96955 96960 ab709c 185 API calls 96754->96960 96760 a413a0 96756->96760 96757 a417ba 96761 a417fb 96757->96761 96763 a39cb3 22 API calls 96757->96763 96759 a8633d 96759->96727 96762 a41940 9 API calls 96760->96762 96765 a86346 96761->96765 96767 a4182c 96761->96767 96764 a413b6 96762->96764 96770 a417d4 96763->96770 96764->96761 96766 a413ec 96764->96766 96961 aa359c 82 API calls __wsopen_s 96765->96961 96766->96765 96789 a41408 __fread_nolock 96766->96789 96957 a3aceb 23 API calls ISource 96767->96957 96956 a501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96770->96956 96771 a41839 96958 a4d217 185 API calls 96771->96958 96774 a8636e 96962 aa359c 82 API calls __wsopen_s 96774->96962 96776 a4153c 96779 a41940 9 API calls 96776->96779 96777 a863d1 96964 ab5745 54 API calls _wcslen 96777->96964 96780 a41549 96779->96780 96785 a41940 9 API calls 96780->96785 96790 a415c7 ISource 96780->96790 96781 a4fddb 22 API calls 96781->96789 96782 a41872 96782->96754 96959 a4faeb 23 API calls 96782->96959 96783 a4fe0b 22 API calls 96783->96789 96787 a41563 96785->96787 96786 a4171d 96786->96727 96787->96790 96965 a3a8c7 22 API calls __fread_nolock 96787->96965 96789->96771 96789->96774 96789->96781 96789->96783 96789->96790 96791 a3ec40 185 API calls 96789->96791 96793 a4152f 96789->96793 96795 a863b2 96789->96795 96790->96782 96792 a4167b ISource 96790->96792 96794 a41940 9 API calls 96790->96794 96941 abac5b 96790->96941 96944 aba2ea 96790->96944 96949 aa5c5a 96790->96949 96966 aa359c 82 API calls __wsopen_s 96790->96966 96791->96789 96792->96786 96954 a4ce17 22 API calls ISource 96792->96954 96793->96776 96793->96777 96794->96790 96963 aa359c 82 API calls __wsopen_s 96795->96963 96802->96727 97031 a3adf0 96803->97031 96805 a3bf9d 96806 a3bfa9 96805->96806 96807 a804b6 96805->96807 96809 a804c6 96806->96809 96810 a3c01e 96806->96810 97050 aa359c 82 API calls __wsopen_s 96807->97050 97051 aa359c 82 API calls __wsopen_s 96809->97051 97036 a3ac91 96810->97036 96813 a3c603 96813->96727 96814 a3c7da 96818 a4fe0b 22 API calls 96814->96818 96823 a3c808 __fread_nolock 96818->96823 96821 a804f5 96824 a8055a 96821->96824 97052 a4d217 185 API calls 96821->97052 96828 a4fe0b 22 API calls 96823->96828 96824->96813 97053 aa359c 82 API calls __wsopen_s 96824->97053 96825 a3ec40 185 API calls 96843 a3c039 ISource __fread_nolock 96825->96843 96826 a97120 22 API calls 96826->96843 96827 a8091a 97063 aa3209 23 API calls 96827->97063 96832 a3c350 ISource __fread_nolock 96828->96832 96829 a3af8a 22 API calls 96829->96843 96844 a3c3ac 96832->96844 97049 a4ce17 22 API calls ISource 96832->97049 96833 a808a5 96834 a3ec40 185 API calls 96833->96834 96836 a808cf 96834->96836 96836->96813 97061 a3a81b 41 API calls 96836->97061 96837 a80591 97054 aa359c 82 API calls __wsopen_s 96837->97054 96838 a808f6 97062 aa359c 82 API calls __wsopen_s 96838->97062 96843->96813 96843->96814 96843->96821 96843->96823 96843->96824 96843->96825 96843->96826 96843->96827 96843->96829 96843->96833 96843->96837 96843->96838 96847 a3c237 96843->96847 96848 a4fe0b 22 API calls 96843->96848 96854 a4fddb 22 API calls 96843->96854 96856 a809bf 96843->96856 96858 a3bbe0 40 API calls 96843->96858 97040 a3ad81 96843->97040 97055 a97099 22 API calls __fread_nolock 96843->97055 97056 ab5745 54 API calls _wcslen 96843->97056 97057 a4aa42 22 API calls ISource 96843->97057 97058 a9f05c 40 API calls 96843->97058 97059 a3a993 41 API calls 96843->97059 97060 a3aceb 23 API calls ISource 96843->97060 96844->96727 96846 a80976 97065 a3aceb 23 API calls ISource 96846->97065 96850 a3c253 96847->96850 97064 a3a8c7 22 API calls __fread_nolock 96847->97064 96848->96843 96850->96846 96853 a3c297 ISource 96850->96853 96853->96856 97047 a3aceb 23 API calls ISource 96853->97047 96854->96843 96856->96813 97066 aa359c 82 API calls __wsopen_s 96856->97066 96857 a3c335 96857->96856 96859 a3c342 96857->96859 96858->96843 97048 a3a704 22 API calls ISource 96859->97048 96861->96727 96862->96727 96863->96727 96865 a3ec76 ISource 96864->96865 96866 a501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96865->96866 96867 a84beb 96865->96867 96869 a4fddb 22 API calls 96865->96869 96871 a3fef7 96865->96871 96872 a84b0b 96865->96872 96873 a3a8c7 22 API calls 96865->96873 96874 a84600 96865->96874 96880 a50242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96865->96880 96881 a3fbe3 96865->96881 96882 a3ed9d ISource 96865->96882 96883 a3a961 22 API calls 96865->96883 96886 a500a3 29 API calls pre_c_initialization 96865->96886 96887 a3f3ae ISource 96865->96887 97076 a401e0 185 API calls 2 library calls 96865->97076 97077 a406a0 41 API calls ISource 96865->97077 96866->96865 97083 aa359c 82 API calls __wsopen_s 96867->97083 96869->96865 96871->96882 97079 a3a8c7 22 API calls __fread_nolock 96871->97079 97081 aa359c 82 API calls __wsopen_s 96872->97081 96873->96865 96874->96882 97078 a3a8c7 22 API calls __fread_nolock 96874->97078 96880->96865 96881->96882 96884 a84bdc 96881->96884 96881->96887 96882->96727 96883->96865 97082 aa359c 82 API calls __wsopen_s 96884->97082 96886->96865 96887->96882 97080 aa359c 82 API calls __wsopen_s 96887->97080 96888->96727 96889->96738 96890->96738 97084 a9def7 96891->97084 96893 a9d529 Process32NextW 96894 a9d5db FindCloseChangeNotification 96893->96894 96896 a9d522 96893->96896 96894->96738 96895 a3a961 22 API calls 96895->96896 96896->96893 96896->96894 96896->96895 96897 a39cb3 22 API calls 96896->96897 97090 a3525f 22 API calls 96896->97090 97091 a36350 22 API calls 96896->97091 97092 a4ce60 41 API calls 96896->97092 96897->96896 96902 a3ec40 185 API calls 96901->96902 96903 a3d29d 96902->96903 96904 a3d30b ISource 96903->96904 96905 a81bc4 96903->96905 96907 a3d6d5 96903->96907 96908 a3d3c3 96903->96908 96914 a3d4b8 96903->96914 96921 a4fddb 22 API calls 96903->96921 96928 a3d429 ISource __fread_nolock 96903->96928 96904->96748 96940 aa359c 82 API calls __wsopen_s 96905->96940 96907->96904 96915 a4fe0b 22 API calls 96907->96915 96908->96907 96910 a3d3ce 96908->96910 96909 a3d5ff 96912 a3d614 96909->96912 96913 a81bb5 96909->96913 96911 a4fddb 22 API calls 96910->96911 96920 a3d3d5 __fread_nolock 96911->96920 96916 a4fddb 22 API calls 96912->96916 96939 ab5705 23 API calls 96913->96939 96918 a4fe0b 22 API calls 96914->96918 96915->96920 96924 a3d46a 96916->96924 96918->96928 96919 a4fddb 22 API calls 96922 a3d3f6 96919->96922 96920->96919 96920->96922 96921->96903 96922->96928 96934 a3bec0 185 API calls 96922->96934 96924->96748 96925 a81ba4 96938 aa359c 82 API calls __wsopen_s 96925->96938 96928->96909 96928->96924 96928->96925 96929 a81b7f 96928->96929 96931 a81b5d 96928->96931 96935 a31f6f 185 API calls 96928->96935 96937 aa359c 82 API calls __wsopen_s 96929->96937 96936 aa359c 82 API calls __wsopen_s 96931->96936 96933->96750 96934->96928 96935->96928 96936->96924 96937->96924 96938->96924 96939->96905 96940->96904 96967 abad64 96941->96967 96943 abac6f 96943->96790 96945 a37510 53 API calls 96944->96945 96946 aba306 96945->96946 96947 a9d4dc 47 API calls 96946->96947 96948 aba315 96947->96948 96948->96790 96950 a37510 53 API calls 96949->96950 96951 aa5c6d 96950->96951 97026 a9dbbe lstrlenW 96951->97026 96953 aa5c77 96953->96790 96954->96792 96955->96757 96956->96761 96957->96771 96958->96782 96959->96782 96960->96759 96961->96790 96962->96790 96963->96790 96964->96787 96965->96790 96966->96790 96968 a3a961 22 API calls 96967->96968 96969 abad77 ___scrt_fastfail 96968->96969 96970 abadce 96969->96970 96972 a37510 53 API calls 96969->96972 96971 abadee 96970->96971 96974 a37510 53 API calls 96970->96974 96975 abae3a 96971->96975 96977 a37510 53 API calls 96971->96977 96973 abadab 96972->96973 96973->96970 96978 a37510 53 API calls 96973->96978 96976 abade4 96974->96976 96980 abae4d ___scrt_fastfail 96975->96980 97021 a3b567 39 API calls 96975->97021 97019 a37620 22 API calls _wcslen 96976->97019 96986 abae04 96977->96986 96981 abadc4 96978->96981 96995 a37510 96980->96995 97018 a37620 22 API calls _wcslen 96981->97018 96986->96975 96987 a37510 53 API calls 96986->96987 96988 abae28 96987->96988 96988->96975 97020 a3a8c7 22 API calls __fread_nolock 96988->97020 96990 abaec8 96990->96943 96991 abaeb0 96991->96990 96992 abaf35 GetProcessId 96991->96992 96993 abaf48 96992->96993 96994 abaf58 CloseHandle 96993->96994 96994->96990 96996 a37522 ShellExecuteExW 96995->96996 96997 a37525 96995->96997 96996->96991 96998 a3755b 96997->96998 96999 a3752d 96997->96999 97001 a750f6 96998->97001 97004 a3756d 96998->97004 97010 a7500f 96998->97010 97022 a551c6 26 API calls 96999->97022 97025 a55183 26 API calls 97001->97025 97002 a3753d 97009 a4fddb 22 API calls 97002->97009 97023 a4fb21 51 API calls 97004->97023 97006 a75088 97024 a4fb21 51 API calls 97006->97024 97007 a7510e 97007->97007 97011 a37547 97009->97011 97010->97006 97013 a4fe0b 22 API calls 97010->97013 97012 a39cb3 22 API calls 97011->97012 97012->96996 97015 a75058 97013->97015 97014 a4fddb 22 API calls 97016 a7507f 97014->97016 97015->97014 97017 a39cb3 22 API calls 97016->97017 97017->97006 97018->96970 97019->96971 97020->96975 97021->96980 97022->97002 97023->97002 97024->97001 97025->97007 97027 a9dbdc GetFileAttributesW 97026->97027 97028 a9dc06 97026->97028 97027->97028 97029 a9dbe8 FindFirstFileW 97027->97029 97028->96953 97029->97028 97030 a9dbf9 FindClose 97029->97030 97030->97028 97032 a3ae01 97031->97032 97035 a3ae1c ISource 97031->97035 97033 a3aec9 22 API calls 97032->97033 97034 a3ae09 CharUpperBuffW 97033->97034 97034->97035 97035->96805 97037 a3acae 97036->97037 97039 a3acd1 97037->97039 97067 aa359c 82 API calls __wsopen_s 97037->97067 97039->96843 97041 a3ad92 97040->97041 97042 a7fadb 97040->97042 97043 a4fddb 22 API calls 97041->97043 97044 a3ad99 97043->97044 97068 a3adcd 97044->97068 97047->96857 97048->96832 97049->96832 97050->96809 97051->96813 97052->96824 97053->96813 97054->96813 97055->96843 97056->96843 97057->96843 97058->96843 97059->96843 97060->96843 97061->96838 97062->96813 97063->96847 97064->96850 97065->96856 97066->96813 97067->97039 97072 a3addd 97068->97072 97069 a3adb6 97069->96843 97070 a4fddb 22 API calls 97070->97072 97071 a3a961 22 API calls 97071->97072 97072->97069 97072->97070 97072->97071 97073 a3adcd 22 API calls 97072->97073 97075 a3a8c7 22 API calls __fread_nolock 97072->97075 97073->97072 97075->97072 97076->96865 97077->96865 97078->96882 97079->96882 97080->96882 97081->96882 97082->96867 97083->96882 97085 a9df02 97084->97085 97086 a9df19 97085->97086 97089 a9df1f 97085->97089 97093 a563b2 GetStringTypeW _strftime 97085->97093 97094 a562fb 39 API calls _strftime 97086->97094 97089->96896 97090->96896 97091->96896 97092->96896 97093->97085 97094->97089 97095 a31cad SystemParametersInfoW 97096 a31033 97101 a34c91 97096->97101 97100 a31042 97102 a3a961 22 API calls 97101->97102 97103 a34cff 97102->97103 97109 a33af0 97103->97109 97105 a34d9c 97107 a31038 97105->97107 97112 a351f7 22 API calls __fread_nolock 97105->97112 97108 a500a3 29 API calls __onexit 97107->97108 97108->97100 97113 a33b1c 97109->97113 97112->97105 97114 a33b0f 97113->97114 97115 a33b29 97113->97115 97114->97105 97115->97114 97116 a33b30 RegOpenKeyExW 97115->97116 97116->97114 97117 a33b4a RegQueryValueExW 97116->97117 97118 a33b80 RegCloseKey 97117->97118 97119 a33b6b 97117->97119 97118->97114 97119->97118 97120 a32e37 97121 a3a961 22 API calls 97120->97121 97122 a32e4d 97121->97122 97199 a34ae3 97122->97199 97124 a32e6b 97125 a33a5a 24 API calls 97124->97125 97126 a32e7f 97125->97126 97127 a39cb3 22 API calls 97126->97127 97128 a32e8c 97127->97128 97129 a34ecb 94 API calls 97128->97129 97130 a32ea5 97129->97130 97131 a72cb0 97130->97131 97132 a32ead 97130->97132 97133 aa2cf9 80 API calls 97131->97133 97213 a3a8c7 22 API calls __fread_nolock 97132->97213 97134 a72cc3 97133->97134 97136 a72ccf 97134->97136 97138 a34f39 68 API calls 97134->97138 97140 a34f39 68 API calls 97136->97140 97137 a32ec3 97214 a36f88 22 API calls 97137->97214 97138->97136 97142 a72ce5 97140->97142 97141 a32ecf 97143 a39cb3 22 API calls 97141->97143 97231 a33084 22 API calls 97142->97231 97144 a32edc 97143->97144 97215 a3a81b 41 API calls 97144->97215 97147 a32eec 97149 a39cb3 22 API calls 97147->97149 97148 a72d02 97232 a33084 22 API calls 97148->97232 97150 a32f12 97149->97150 97216 a3a81b 41 API calls 97150->97216 97153 a72d1e 97154 a33a5a 24 API calls 97153->97154 97155 a72d44 97154->97155 97233 a33084 22 API calls 97155->97233 97156 a32f21 97159 a3a961 22 API calls 97156->97159 97158 a72d50 97234 a3a8c7 22 API calls __fread_nolock 97158->97234 97161 a32f3f 97159->97161 97217 a33084 22 API calls 97161->97217 97162 a72d5e 97235 a33084 22 API calls 97162->97235 97165 a32f4b 97218 a54a28 40 API calls 3 library calls 97165->97218 97166 a72d6d 97236 a3a8c7 22 API calls __fread_nolock 97166->97236 97168 a32f59 97168->97142 97169 a32f63 97168->97169 97219 a54a28 40 API calls 3 library calls 97169->97219 97172 a32f6e 97172->97148 97174 a32f78 97172->97174 97173 a72d83 97237 a33084 22 API calls 97173->97237 97220 a54a28 40 API calls 3 library calls 97174->97220 97177 a72d90 97178 a32f83 97178->97153 97179 a32f8d 97178->97179 97221 a54a28 40 API calls 3 library calls 97179->97221 97181 a32fdc 97181->97166 97183 a32fe8 97181->97183 97182 a32f98 97182->97181 97222 a33084 22 API calls 97182->97222 97183->97177 97225 a363eb 22 API calls 97183->97225 97186 a32fbf 97223 a3a8c7 22 API calls __fread_nolock 97186->97223 97187 a32ff8 97226 a36a50 22 API calls 97187->97226 97190 a32fcd 97224 a33084 22 API calls 97190->97224 97191 a33006 97227 a370b0 23 API calls 97191->97227 97196 a33021 97197 a33065 97196->97197 97228 a36f88 22 API calls 97196->97228 97229 a370b0 23 API calls 97196->97229 97230 a33084 22 API calls 97196->97230 97200 a34af0 __wsopen_s 97199->97200 97201 a36b57 22 API calls 97200->97201 97202 a34b22 97200->97202 97201->97202 97212 a34b58 97202->97212 97238 a34c6d 97202->97238 97204 a39cb3 22 API calls 97206 a34c52 97204->97206 97205 a39cb3 22 API calls 97205->97212 97207 a3515f 22 API calls 97206->97207 97210 a34c5e 97207->97210 97208 a34c6d 22 API calls 97208->97212 97209 a3515f 22 API calls 97209->97212 97210->97124 97211 a34c29 97211->97204 97211->97210 97212->97205 97212->97208 97212->97209 97212->97211 97213->97137 97214->97141 97215->97147 97216->97156 97217->97165 97218->97168 97219->97172 97220->97178 97221->97182 97222->97186 97223->97190 97224->97181 97225->97187 97226->97191 97227->97196 97228->97196 97229->97196 97230->97196 97231->97148 97232->97153 97233->97158 97234->97162 97235->97166 97236->97173 97237->97177 97239 a3aec9 22 API calls 97238->97239 97240 a34c78 97239->97240 97240->97202 97241 a33156 97244 a33170 97241->97244 97245 a33187 97244->97245 97246 a331eb 97245->97246 97247 a3318c 97245->97247 97284 a331e9 97245->97284 97249 a331f1 97246->97249 97250 a72dfb 97246->97250 97251 a33265 PostQuitMessage 97247->97251 97252 a33199 97247->97252 97248 a331d0 DefWindowProcW 97286 a3316a 97248->97286 97253 a331f8 97249->97253 97254 a3321d SetTimer RegisterWindowMessageW 97249->97254 97292 a318e2 10 API calls 97250->97292 97251->97286 97256 a331a4 97252->97256 97257 a72e7c 97252->97257 97258 a33201 KillTimer 97253->97258 97259 a72d9c 97253->97259 97261 a33246 CreatePopupMenu 97254->97261 97254->97286 97262 a331ae 97256->97262 97263 a72e68 97256->97263 97296 a9bf30 34 API calls ___scrt_fastfail 97257->97296 97267 a330f2 Shell_NotifyIconW 97258->97267 97265 a72dd7 MoveWindow 97259->97265 97266 a72da1 97259->97266 97260 a72e1c 97293 a4e499 42 API calls 97260->97293 97261->97286 97270 a72e4d 97262->97270 97271 a331b9 97262->97271 97295 a9c161 27 API calls ___scrt_fastfail 97263->97295 97265->97286 97273 a72da7 97266->97273 97274 a72dc6 SetFocus 97266->97274 97275 a33214 97267->97275 97270->97248 97294 a90ad7 22 API calls 97270->97294 97277 a331c4 97271->97277 97278 a33253 97271->97278 97272 a72e8e 97272->97248 97272->97286 97273->97277 97279 a72db0 97273->97279 97274->97286 97289 a33c50 DeleteObject DestroyWindow 97275->97289 97276 a33263 97276->97286 97277->97248 97285 a330f2 Shell_NotifyIconW 97277->97285 97290 a3326f 44 API calls ___scrt_fastfail 97278->97290 97291 a318e2 10 API calls 97279->97291 97284->97248 97287 a72e41 97285->97287 97288 a33837 49 API calls 97287->97288 97288->97284 97289->97286 97290->97276 97291->97286 97292->97260 97293->97277 97294->97284 97295->97276 97296->97272 97297 a3105b 97302 a3344d 97297->97302 97299 a3106a 97333 a500a3 29 API calls __onexit 97299->97333 97301 a31074 97303 a3345d __wsopen_s 97302->97303 97304 a3a961 22 API calls 97303->97304 97305 a33513 97304->97305 97306 a33a5a 24 API calls 97305->97306 97307 a3351c 97306->97307 97334 a33357 97307->97334 97310 a333c6 22 API calls 97311 a33535 97310->97311 97312 a3515f 22 API calls 97311->97312 97313 a33544 97312->97313 97314 a3a961 22 API calls 97313->97314 97315 a3354d 97314->97315 97316 a3a6c3 22 API calls 97315->97316 97317 a33556 RegOpenKeyExW 97316->97317 97318 a73176 RegQueryValueExW 97317->97318 97322 a33578 97317->97322 97319 a73193 97318->97319 97320 a7320c RegCloseKey 97318->97320 97321 a4fe0b 22 API calls 97319->97321 97320->97322 97330 a7321e _wcslen 97320->97330 97323 a731ac 97321->97323 97322->97299 97324 a35722 22 API calls 97323->97324 97325 a731b7 RegQueryValueExW 97324->97325 97326 a731d4 97325->97326 97329 a731ee ISource 97325->97329 97327 a36b57 22 API calls 97326->97327 97327->97329 97328 a34c6d 22 API calls 97328->97330 97329->97320 97330->97322 97330->97328 97331 a39cb3 22 API calls 97330->97331 97332 a3515f 22 API calls 97330->97332 97331->97330 97332->97330 97333->97301 97335 a71f50 __wsopen_s 97334->97335 97336 a33364 GetFullPathNameW 97335->97336 97337 a33386 97336->97337 97338 a36b57 22 API calls 97337->97338 97339 a333a4 97338->97339 97339->97310 97340 a31098 97345 a342de 97340->97345 97344 a310a7 97346 a3a961 22 API calls 97345->97346 97347 a342f5 GetVersionExW 97346->97347 97348 a36b57 22 API calls 97347->97348 97349 a34342 97348->97349 97350 a393b2 22 API calls 97349->97350 97362 a34378 97349->97362 97351 a3436c 97350->97351 97353 a337a0 22 API calls 97351->97353 97352 a3441b GetCurrentProcess IsWow64Process 97354 a34437 97352->97354 97353->97362 97355 a73824 GetSystemInfo 97354->97355 97356 a3444f LoadLibraryA 97354->97356 97357 a34460 GetProcAddress 97356->97357 97358 a3449c GetSystemInfo 97356->97358 97357->97358 97361 a34470 GetNativeSystemInfo 97357->97361 97359 a34476 97358->97359 97363 a3109d 97359->97363 97364 a3447a FreeLibrary 97359->97364 97360 a737df 97361->97359 97362->97352 97362->97360 97365 a500a3 29 API calls __onexit 97363->97365 97364->97363 97365->97344 97366 a3f7bf 97367 a3f7d3 97366->97367 97368 a3fcb6 97366->97368 97370 a3fcc2 97367->97370 97371 a4fddb 22 API calls 97367->97371 97403 a3aceb 23 API calls ISource 97368->97403 97404 a3aceb 23 API calls ISource 97370->97404 97373 a3f7e5 97371->97373 97373->97370 97374 a3f83e 97373->97374 97375 a3fd3d 97373->97375 97377 a41310 185 API calls 97374->97377 97398 a3ed9d ISource 97374->97398 97405 aa1155 22 API calls 97375->97405 97400 a3ec76 ISource 97377->97400 97379 a3fef7 97379->97398 97407 a3a8c7 22 API calls __fread_nolock 97379->97407 97380 a4fddb 22 API calls 97380->97400 97382 a84b0b 97409 aa359c 82 API calls __wsopen_s 97382->97409 97383 a3a8c7 22 API calls 97383->97400 97384 a84600 97384->97398 97406 a3a8c7 22 API calls __fread_nolock 97384->97406 97390 a3fbe3 97392 a84bdc 97390->97392 97390->97398 97399 a3f3ae ISource 97390->97399 97391 a3a961 22 API calls 97391->97400 97410 aa359c 82 API calls __wsopen_s 97392->97410 97394 a500a3 29 API calls pre_c_initialization 97394->97400 97395 a50242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97395->97400 97396 a501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97396->97400 97397 a84beb 97411 aa359c 82 API calls __wsopen_s 97397->97411 97399->97398 97408 aa359c 82 API calls __wsopen_s 97399->97408 97400->97379 97400->97380 97400->97382 97400->97383 97400->97384 97400->97390 97400->97391 97400->97394 97400->97395 97400->97396 97400->97397 97400->97398 97400->97399 97401 a401e0 185 API calls 2 library calls 97400->97401 97402 a406a0 41 API calls ISource 97400->97402 97401->97400 97402->97400 97403->97370 97404->97375 97405->97398 97406->97398 97407->97398 97408->97398 97409->97398 97410->97397 97411->97398 97412 a83f75 97423 a4ceb1 97412->97423 97414 a83f8b 97415 a84006 97414->97415 97432 a4e300 23 API calls 97414->97432 97418 a3bf40 185 API calls 97415->97418 97417 a83fe6 97420 a84052 97417->97420 97433 aa1abf 22 API calls 97417->97433 97418->97420 97421 a84a88 97420->97421 97434 aa359c 82 API calls __wsopen_s 97420->97434 97424 a4ced2 97423->97424 97425 a4cebf 97423->97425 97426 a4cf05 97424->97426 97427 a4ced7 97424->97427 97435 a3aceb 23 API calls ISource 97425->97435 97436 a3aceb 23 API calls ISource 97426->97436 97429 a4fddb 22 API calls 97427->97429 97431 a4cec9 97429->97431 97431->97414 97432->97417 97433->97415 97434->97421 97435->97431 97436->97431 97437 a503fb 97438 a50407 ___scrt_is_nonwritable_in_current_image 97437->97438 97466 a4feb1 97438->97466 97440 a5040e 97441 a50561 97440->97441 97444 a50438 97440->97444 97496 a5083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 97441->97496 97443 a50568 97489 a54e52 97443->97489 97454 a50477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 97444->97454 97477 a6247d 97444->97477 97451 a50457 97453 a504d8 97485 a50959 97453->97485 97454->97453 97492 a54e1a 38 API calls 2 library calls 97454->97492 97457 a504de 97458 a504f3 97457->97458 97493 a50992 GetModuleHandleW 97458->97493 97460 a504fa 97460->97443 97461 a504fe 97460->97461 97462 a50507 97461->97462 97494 a54df5 28 API calls _abort 97461->97494 97495 a50040 13 API calls 2 library calls 97462->97495 97465 a5050f 97465->97451 97467 a4feba 97466->97467 97498 a50698 IsProcessorFeaturePresent 97467->97498 97469 a4fec6 97499 a52c94 10 API calls 3 library calls 97469->97499 97471 a4fecb 97472 a4fecf 97471->97472 97500 a62317 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97471->97500 97472->97440 97474 a4fed8 97475 a4fee6 97474->97475 97501 a52cbd 8 API calls 3 library calls 97474->97501 97475->97440 97478 a62494 97477->97478 97502 a50a8c 97478->97502 97480 a50451 97480->97451 97481 a62421 97480->97481 97482 a62450 97481->97482 97483 a50a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97482->97483 97484 a62479 97483->97484 97484->97454 97510 a52340 97485->97510 97488 a5097f 97488->97457 97512 a54bcf 97489->97512 97492->97453 97493->97460 97494->97462 97495->97465 97496->97443 97498->97469 97499->97471 97500->97474 97501->97472 97503 a50a95 97502->97503 97504 a50a97 IsProcessorFeaturePresent 97502->97504 97503->97480 97506 a50c5d 97504->97506 97509 a50c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97506->97509 97508 a50d40 97508->97480 97509->97508 97511 a5096c GetStartupInfoW 97510->97511 97511->97488 97513 a54bdb _abort 97512->97513 97514 a54bf4 97513->97514 97515 a54be2 97513->97515 97536 a62f5e EnterCriticalSection 97514->97536 97551 a54d29 GetModuleHandleW 97515->97551 97518 a54be7 97518->97514 97552 a54d6d GetModuleHandleExW 97518->97552 97519 a54c99 97540 a54cd9 97519->97540 97523 a54c70 97527 a54c88 97523->97527 97532 a62421 _abort 5 API calls 97523->97532 97525 a54cb6 97543 a54ce8 97525->97543 97526 a54ce2 97560 a71d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 97526->97560 97533 a62421 _abort 5 API calls 97527->97533 97528 a54bfb 97528->97519 97528->97523 97537 a621a8 97528->97537 97532->97527 97533->97519 97536->97528 97561 a61ee1 97537->97561 97580 a62fa6 LeaveCriticalSection 97540->97580 97542 a54cb2 97542->97525 97542->97526 97581 a6360c 97543->97581 97546 a54d16 97549 a54d6d _abort 8 API calls 97546->97549 97547 a54cf6 GetPEB 97547->97546 97548 a54d06 GetCurrentProcess TerminateProcess 97547->97548 97548->97546 97550 a54d1e ExitProcess 97549->97550 97551->97518 97553 a54d97 GetProcAddress 97552->97553 97554 a54dba 97552->97554 97558 a54dac 97553->97558 97555 a54dc0 FreeLibrary 97554->97555 97556 a54dc9 97554->97556 97555->97556 97557 a50a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97556->97557 97559 a54bf3 97557->97559 97558->97554 97559->97514 97564 a61e90 97561->97564 97563 a61f05 97563->97523 97565 a61e9c ___scrt_is_nonwritable_in_current_image 97564->97565 97572 a62f5e EnterCriticalSection 97565->97572 97567 a61eaa 97573 a61f31 97567->97573 97571 a61ec8 __wsopen_s 97571->97563 97572->97567 97576 a61f59 97573->97576 97578 a61f51 97573->97578 97574 a50a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97575 a61eb7 97574->97575 97579 a61ed5 LeaveCriticalSection _abort 97575->97579 97577 a629c8 _free 20 API calls 97576->97577 97576->97578 97577->97578 97578->97574 97579->97571 97580->97542 97582 a63627 97581->97582 97583 a63631 97581->97583 97585 a50a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97582->97585 97588 a62fd7 5 API calls 2 library calls 97583->97588 97587 a54cf2 97585->97587 97586 a63648 97586->97582 97587->97546 97587->97547 97588->97586

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 234 a342de-a3434d call a3a961 GetVersionExW call a36b57 239 a73617-a7362a 234->239 240 a34353 234->240 241 a7362b-a7362f 239->241 242 a34355-a34357 240->242 243 a73632-a7363e 241->243 244 a73631 241->244 245 a73656 242->245 246 a3435d-a343bc call a393b2 call a337a0 242->246 243->241 247 a73640-a73642 243->247 244->243 250 a7365d-a73660 245->250 260 a343c2-a343c4 246->260 261 a737df-a737e6 246->261 247->242 249 a73648-a7364f 247->249 249->239 252 a73651 249->252 253 a73666-a736a8 250->253 254 a3441b-a34435 GetCurrentProcess IsWow64Process 250->254 252->245 253->254 259 a736ae-a736b1 253->259 257 a34437 254->257 258 a34494-a3449a 254->258 262 a3443d-a34449 257->262 258->262 263 a736b3-a736bd 259->263 264 a736db-a736e5 259->264 260->250 267 a343ca-a343dd 260->267 268 a73806-a73809 261->268 269 a737e8 261->269 272 a73824-a73828 GetSystemInfo 262->272 273 a3444f-a3445e LoadLibraryA 262->273 265 a736bf-a736c5 263->265 266 a736ca-a736d6 263->266 270 a736e7-a736f3 264->270 271 a736f8-a73702 264->271 265->254 266->254 274 a343e3-a343e5 267->274 275 a73726-a7372f 267->275 279 a737f4-a737fc 268->279 280 a7380b-a7381a 268->280 276 a737ee 269->276 270->254 277 a73715-a73721 271->277 278 a73704-a73710 271->278 281 a34460-a3446e GetProcAddress 273->281 282 a3449c-a344a6 GetSystemInfo 273->282 284 a343eb-a343ee 274->284 285 a7374d-a73762 274->285 286 a73731-a73737 275->286 287 a7373c-a73748 275->287 276->279 277->254 278->254 279->268 280->276 288 a7381c-a73822 280->288 281->282 289 a34470-a34474 GetNativeSystemInfo 281->289 283 a34476-a34478 282->283 294 a34481-a34493 283->294 295 a3447a-a3447b FreeLibrary 283->295 290 a73791-a73794 284->290 291 a343f4-a3440f 284->291 292 a73764-a7376a 285->292 293 a7376f-a7377b 285->293 286->254 287->254 288->279 289->283 290->254 298 a7379a-a737c1 290->298 296 a34415 291->296 297 a73780-a7378c 291->297 292->254 293->254 295->294 296->254 297->254 299 a737c3-a737c9 298->299 300 a737ce-a737da 298->300 299->254 300->254
                                                                APIs
                                                                • GetVersionExW.KERNEL32(?), ref: 00A3430D
                                                                  • Part of subcall function 00A36B57: _wcslen.LIBCMT ref: 00A36B6A
                                                                • GetCurrentProcess.KERNEL32(?,00ACCB64,00000000,?,?), ref: 00A34422
                                                                • IsWow64Process.KERNEL32(00000000,?,?), ref: 00A34429
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00A34454
                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00A34466
                                                                • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00A34474
                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 00A3447B
                                                                • GetSystemInfo.KERNEL32(?,?,?), ref: 00A344A0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                • API String ID: 3290436268-3101561225
                                                                • Opcode ID: 13a1ed120ac3c13754136dbb5a0e941f792f89453d8d5ce34903c890f2498c16
                                                                • Instruction ID: d10cef8ed80d8b9d4d384ec5b1b1d8b5a5483bb6cb05e5ab80ea1deb5d036807
                                                                • Opcode Fuzzy Hash: 13a1ed120ac3c13754136dbb5a0e941f792f89453d8d5ce34903c890f2498c16
                                                                • Instruction Fuzzy Hash: 80A1957290A2C0FFCB1DC7AD7C815957FE47B3A340F09DCA9E08597A62DA305909DB29

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 638 a342a2-a342ba CreateStreamOnHGlobal 639 a342da-a342dd 638->639 640 a342bc-a342d3 FindResourceExW 638->640 641 a342d9 640->641 642 a735ba-a735c9 LoadResource 640->642 641->639 642->641 643 a735cf-a735dd SizeofResource 642->643 643->641 644 a735e3-a735ee LockResource 643->644 644->641 645 a735f4-a73612 644->645 645->641
                                                                APIs
                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00A350AA,?,?,00000000,00000000), ref: 00A342B2
                                                                • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00A350AA,?,?,00000000,00000000), ref: 00A342C9
                                                                • LoadResource.KERNEL32(?,00000000,?,?,00A350AA,?,?,00000000,00000000,?,?,?,?,?,?,00A34F20), ref: 00A735BE
                                                                • SizeofResource.KERNEL32(?,00000000,?,?,00A350AA,?,?,00000000,00000000,?,?,?,?,?,?,00A34F20), ref: 00A735D3
                                                                • LockResource.KERNEL32(00A350AA,?,?,00A350AA,?,?,00000000,00000000,?,?,?,?,?,?,00A34F20,?), ref: 00A735E6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                • String ID: SCRIPT
                                                                • API String ID: 3051347437-3967369404
                                                                • Opcode ID: 8de3b97afd6b5ac29c013ded9ea6333aed372651aaf710dd1ed908820b8692a5
                                                                • Instruction ID: 26942d125bea45043d055824e7a4d607bd75dfce8e5afdd561d7e9eceaf437b8
                                                                • Opcode Fuzzy Hash: 8de3b97afd6b5ac29c013ded9ea6333aed372651aaf710dd1ed908820b8692a5
                                                                • Instruction Fuzzy Hash: 81117C71200700BFDB219BAADC48FA77BBDEBCAB61F158169F41696650DB71EC018A20

                                                                Control-flow Graph

                                                                APIs
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00A32B6B
                                                                  • Part of subcall function 00A33A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00B01418,?,00A32E7F,?,?,?,00000000), ref: 00A33A78
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                • GetForegroundWindow.USER32(runas,?,?,?,?,?,00AF2224), ref: 00A72C10
                                                                • ShellExecuteW.SHELL32(00000000,?,?,00AF2224), ref: 00A72C17
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                • String ID: runas
                                                                • API String ID: 448630720-4000483414
                                                                • Opcode ID: 756943a86ef73b290e959126421173fed422081ff46a70358548714df4620b1e
                                                                • Instruction ID: c4577c50c7d0a9235e75ed1e1677b1378e7b55e054214ec94dfe0aba782d6eab
                                                                • Opcode Fuzzy Hash: 756943a86ef73b290e959126421173fed422081ff46a70358548714df4620b1e
                                                                • Instruction Fuzzy Hash: EB11D63250C3456ACB08FF64DA56EBEBBA4AB91350F04582DF186571A2CF618A0ADB12

                                                                Control-flow Graph

                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00A9D501
                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00A9D50F
                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00A9D52F
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 00A9D5DC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                • String ID:
                                                                • API String ID: 3243318325-0
                                                                • Opcode ID: f336e0c1d174fd1b7ba4ef25d0505cbe2a9ac22fecad55e02b3f4e036d79ccde
                                                                • Instruction ID: 92030ef733f2016aa4add1b54cb414e3b6b50c635e697f944d624108c4a7afc1
                                                                • Opcode Fuzzy Hash: f336e0c1d174fd1b7ba4ef25d0505cbe2a9ac22fecad55e02b3f4e036d79ccde
                                                                • Instruction Fuzzy Hash: 3E319C711083009FD700EF64C985AAFBBF8EFD9354F14092DF585861A1EB719A89CBA3

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 907 a9dbbe-a9dbda lstrlenW 908 a9dbdc-a9dbe6 GetFileAttributesW 907->908 909 a9dc06 907->909 910 a9dc09-a9dc0d 908->910 911 a9dbe8-a9dbf7 FindFirstFileW 908->911 909->910 911->909 912 a9dbf9-a9dc04 FindClose 911->912 912->910
                                                                APIs
                                                                • lstrlenW.KERNEL32(?,00A75222), ref: 00A9DBCE
                                                                • GetFileAttributesW.KERNEL32(?), ref: 00A9DBDD
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00A9DBEE
                                                                • FindClose.KERNEL32(00000000), ref: 00A9DBFA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                • String ID:
                                                                • API String ID: 2695905019-0
                                                                • Opcode ID: fe755e14b696a1c62d35edc88e1ee9031a5b73f21ffe48b4bfc4abd046c691d3
                                                                • Instruction ID: d2466f8b51edd9311e138dc8ce0b72cd6700de6647df4a32edd0e5d2ae83148e
                                                                • Opcode Fuzzy Hash: fe755e14b696a1c62d35edc88e1ee9031a5b73f21ffe48b4bfc4abd046c691d3
                                                                • Instruction Fuzzy Hash: F1F0A93081091067CA20ABB8EC0D8AA77AC9E02334B144702F83AC20E0EBB099968696
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(00A628E9,?,00A54CBE,00A628E9,00AF88B8,0000000C,00A54E15,00A628E9,00000002,00000000,?,00A628E9), ref: 00A54D09
                                                                • TerminateProcess.KERNEL32(00000000,?,00A54CBE,00A628E9,00AF88B8,0000000C,00A54E15,00A628E9,00000002,00000000,?,00A628E9), ref: 00A54D10
                                                                • ExitProcess.KERNEL32 ref: 00A54D22
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$CurrentExitTerminate
                                                                • String ID:
                                                                • API String ID: 1703294689-0
                                                                • Opcode ID: a70386c5fcb5fe97d18c4e40e0dc8f19e49dc7d5afb4136156c20c3940e8b1c2
                                                                • Instruction ID: d9f02add53db5d88b358cb6ca3437ee8ce878744e5cc689603cf51732a8fbfde
                                                                • Opcode Fuzzy Hash: a70386c5fcb5fe97d18c4e40e0dc8f19e49dc7d5afb4136156c20c3940e8b1c2
                                                                • Instruction Fuzzy Hash: C3E0B632400148AFCF11AF94EE09E597B79FB45796B154018FC198B222CB3ADD87CA90
                                                                APIs
                                                                • GetInputState.USER32 ref: 00A3D807
                                                                • timeGetTime.WINMM ref: 00A3DA07
                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A3DB28
                                                                • TranslateMessage.USER32(?), ref: 00A3DB7B
                                                                • DispatchMessageW.USER32(?), ref: 00A3DB89
                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A3DB9F
                                                                • Sleep.KERNEL32(0000000A), ref: 00A3DBB1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                • String ID:
                                                                • API String ID: 2189390790-0
                                                                • Opcode ID: 9b8ed32eb6b353af8c911b0fe3316a7474286e5c5665c8e46bb8b8e9c3101a12
                                                                • Instruction ID: 16100fc05b720c45c2af3f19c24db7ca9975624bd10ec7dabe22042bcdb5ca37
                                                                • Opcode Fuzzy Hash: 9b8ed32eb6b353af8c911b0fe3316a7474286e5c5665c8e46bb8b8e9c3101a12
                                                                • Instruction Fuzzy Hash: 0F42BD70608341EFD728DF24D988BBABBE4BF85314F148A59F4A687291D770E845CB92

                                                                Control-flow Graph

                                                                APIs
                                                                • GetSysColorBrush.USER32(0000000F), ref: 00A32D07
                                                                • RegisterClassExW.USER32(00000030), ref: 00A32D31
                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A32D42
                                                                • InitCommonControlsEx.COMCTL32(?), ref: 00A32D5F
                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A32D6F
                                                                • LoadIconW.USER32(000000A9), ref: 00A32D85
                                                                • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A32D94
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                • API String ID: 2914291525-1005189915
                                                                • Opcode ID: e55f0ed0f63f7f7d50dacc560c95f90945444777d98bd4264c43a9e6e9ed2f33
                                                                • Instruction ID: ce2b8de4482d8b423843116af4530f6104121302efe09d8d681043f3a38a377c
                                                                • Opcode Fuzzy Hash: e55f0ed0f63f7f7d50dacc560c95f90945444777d98bd4264c43a9e6e9ed2f33
                                                                • Instruction Fuzzy Hash: 4A21B2B5D01318AFDB00DFE8EC49B9DBBB8FB08710F01451AF615A72A0DBB145468F95

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 302 a7065b-a7068b call a7042f 305 a706a6-a706b2 call a65221 302->305 306 a7068d-a70698 call a5f2c6 302->306 311 a706b4-a706c9 call a5f2c6 call a5f2d9 305->311 312 a706cb-a70714 call a7039a 305->312 313 a7069a-a706a1 call a5f2d9 306->313 311->313 321 a70716-a7071f 312->321 322 a70781-a7078a GetFileType 312->322 323 a7097d-a70983 313->323 327 a70756-a7077c GetLastError call a5f2a3 321->327 328 a70721-a70725 321->328 324 a707d3-a707d6 322->324 325 a7078c-a707bd GetLastError call a5f2a3 CloseHandle 322->325 330 a707df-a707e5 324->330 331 a707d8-a707dd 324->331 325->313 339 a707c3-a707ce call a5f2d9 325->339 327->313 328->327 332 a70727-a70754 call a7039a 328->332 336 a707e9-a70837 call a6516a 330->336 337 a707e7 330->337 331->336 332->322 332->327 345 a70847-a7086b call a7014d 336->345 346 a70839-a70845 call a705ab 336->346 337->336 339->313 352 a7087e-a708c1 345->352 353 a7086d 345->353 346->345 351 a7086f-a70879 call a686ae 346->351 351->323 355 a708c3-a708c7 352->355 356 a708e2-a708f0 352->356 353->351 355->356 358 a708c9-a708dd 355->358 359 a708f6-a708fa 356->359 360 a7097b 356->360 358->356 359->360 361 a708fc-a7092f CloseHandle call a7039a 359->361 360->323 364 a70963-a70977 361->364 365 a70931-a7095d GetLastError call a5f2a3 call a65333 361->365 364->360 365->364
                                                                APIs
                                                                  • Part of subcall function 00A7039A: CreateFileW.KERNEL32(00000000,00000000,?,00A70704,?,?,00000000,?,00A70704,00000000,0000000C), ref: 00A703B7
                                                                • GetLastError.KERNEL32 ref: 00A7076F
                                                                • __dosmaperr.LIBCMT ref: 00A70776
                                                                • GetFileType.KERNEL32(00000000), ref: 00A70782
                                                                • GetLastError.KERNEL32 ref: 00A7078C
                                                                • __dosmaperr.LIBCMT ref: 00A70795
                                                                • CloseHandle.KERNEL32(00000000), ref: 00A707B5
                                                                • CloseHandle.KERNEL32(?), ref: 00A708FF
                                                                • GetLastError.KERNEL32 ref: 00A70931
                                                                • __dosmaperr.LIBCMT ref: 00A70938
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                • String ID: H
                                                                • API String ID: 4237864984-2852464175
                                                                • Opcode ID: da3f0f4001e5dda17288d55c99d8b8b093379d9d5dd543bd74634ba9e6867695
                                                                • Instruction ID: 518ae976c7f91890e4d6f1c5ae539805a5fb275fa730a78eb89680915de8c3ae
                                                                • Opcode Fuzzy Hash: da3f0f4001e5dda17288d55c99d8b8b093379d9d5dd543bd74634ba9e6867695
                                                                • Instruction Fuzzy Hash: 4FA11232A101498FDF19EF68DC51BAE7BB0AB16320F14815DF81A9F392DB319812CB91

                                                                Control-flow Graph

                                                                APIs
                                                                  • Part of subcall function 00A33A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00B01418,?,00A32E7F,?,?,?,00000000), ref: 00A33A78
                                                                  • Part of subcall function 00A33357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A33379
                                                                • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00A3356A
                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00A7318D
                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00A731CE
                                                                • RegCloseKey.ADVAPI32(?), ref: 00A73210
                                                                • _wcslen.LIBCMT ref: 00A73277
                                                                • _wcslen.LIBCMT ref: 00A73286
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                • API String ID: 98802146-2727554177
                                                                • Opcode ID: a4d1b67b8fe45627c1fe06123883f6ab4fbc77ffe3b945d7941cfbfe1c67886a
                                                                • Instruction ID: e057066d263ddf8e683dbe0dd30ce60081c58e9719687313045e4a817e0ddddd
                                                                • Opcode Fuzzy Hash: a4d1b67b8fe45627c1fe06123883f6ab4fbc77ffe3b945d7941cfbfe1c67886a
                                                                • Instruction Fuzzy Hash: 6F71B4724043009EC704EF65DD869ABBBE8FFA4350F40482EF549971A1EF749A4CCB56

                                                                Control-flow Graph

                                                                APIs
                                                                • GetSysColorBrush.USER32(0000000F), ref: 00A32B8E
                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00A32B9D
                                                                • LoadIconW.USER32(00000063), ref: 00A32BB3
                                                                • LoadIconW.USER32(000000A4), ref: 00A32BC5
                                                                • LoadIconW.USER32(000000A2), ref: 00A32BD7
                                                                • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00A32BEF
                                                                • RegisterClassExW.USER32(?), ref: 00A32C40
                                                                  • Part of subcall function 00A32CD4: GetSysColorBrush.USER32(0000000F), ref: 00A32D07
                                                                  • Part of subcall function 00A32CD4: RegisterClassExW.USER32(00000030), ref: 00A32D31
                                                                  • Part of subcall function 00A32CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A32D42
                                                                  • Part of subcall function 00A32CD4: InitCommonControlsEx.COMCTL32(?), ref: 00A32D5F
                                                                  • Part of subcall function 00A32CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A32D6F
                                                                  • Part of subcall function 00A32CD4: LoadIconW.USER32(000000A9), ref: 00A32D85
                                                                  • Part of subcall function 00A32CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A32D94
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                • String ID: #$0$AutoIt v3
                                                                • API String ID: 423443420-4155596026
                                                                • Opcode ID: 2ed193f708c6df50d89efecdb1f630d96f6b71e77336a54e0fe1a35f3a5b90e7
                                                                • Instruction ID: 1c95f1528496a6cfee61ec7ea741dddb55ab726b2c5c1e74d90fba060a387c80
                                                                • Opcode Fuzzy Hash: 2ed193f708c6df50d89efecdb1f630d96f6b71e77336a54e0fe1a35f3a5b90e7
                                                                • Instruction Fuzzy Hash: B1210771E00318BBDB18DFA9EC59AA97FF4FB58B50F04041AF505A76A0DBB14541CF98

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 443 a33170-a33185 444 a33187-a3318a 443->444 445 a331e5-a331e7 443->445 447 a331eb 444->447 448 a3318c-a33193 444->448 445->444 446 a331e9 445->446 449 a331d0-a331d8 DefWindowProcW 446->449 450 a331f1-a331f6 447->450 451 a72dfb-a72e23 call a318e2 call a4e499 447->451 452 a33265-a3326d PostQuitMessage 448->452 453 a33199-a3319e 448->453 454 a331de-a331e4 449->454 456 a331f8-a331fb 450->456 457 a3321d-a33244 SetTimer RegisterWindowMessageW 450->457 485 a72e28-a72e2f 451->485 455 a33219-a3321b 452->455 459 a331a4-a331a8 453->459 460 a72e7c-a72e90 call a9bf30 453->460 455->454 461 a33201-a3320f KillTimer call a330f2 456->461 462 a72d9c-a72d9f 456->462 457->455 464 a33246-a33251 CreatePopupMenu 457->464 465 a331ae-a331b3 459->465 466 a72e68-a72e77 call a9c161 459->466 460->455 476 a72e96 460->476 480 a33214 call a33c50 461->480 468 a72dd7-a72df6 MoveWindow 462->468 469 a72da1-a72da5 462->469 464->455 473 a72e4d-a72e54 465->473 474 a331b9-a331be 465->474 466->455 468->455 477 a72da7-a72daa 469->477 478 a72dc6-a72dd2 SetFocus 469->478 473->449 479 a72e5a-a72e63 call a90ad7 473->479 483 a33253-a33263 call a3326f 474->483 484 a331c4-a331ca 474->484 476->449 477->484 486 a72db0-a72dc1 call a318e2 477->486 478->455 479->449 480->455 483->455 484->449 484->485 485->449 491 a72e35-a72e48 call a330f2 call a33837 485->491 486->455 491->449
                                                                APIs
                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00A3316A,?,?), ref: 00A331D8
                                                                • KillTimer.USER32(?,00000001,?,?,?,?,?,00A3316A,?,?), ref: 00A33204
                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A33227
                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00A3316A,?,?), ref: 00A33232
                                                                • CreatePopupMenu.USER32 ref: 00A33246
                                                                • PostQuitMessage.USER32(00000000), ref: 00A33267
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                • String ID: TaskbarCreated
                                                                • API String ID: 129472671-2362178303
                                                                • Opcode ID: 6baff048ed635a9fdb3d2d7834da026709099cabaea9acd27e8e7e3c8cb12621
                                                                • Instruction ID: 04fceb19156d2f5e94928fc97db46edf55509ed15a218608871efad9919524c6
                                                                • Opcode Fuzzy Hash: 6baff048ed635a9fdb3d2d7834da026709099cabaea9acd27e8e7e3c8cb12621
                                                                • Instruction Fuzzy Hash: 75413933648200BBDF185BBC9D0DBBE3B69EB25350F048625F60A872E1DF718E4197A5

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 499 a31410-a31449 500 a3144f-a31465 mciSendStringW 499->500 501 a724b8-a724b9 DestroyWindow 499->501 502 a316c6-a316d3 500->502 503 a3146b-a31473 500->503 504 a724c4-a724d1 501->504 506 a316d5-a316f0 UnregisterHotKey 502->506 507 a316f8-a316ff 502->507 503->504 505 a31479-a31488 call a3182e 503->505 509 a724d3-a724d6 504->509 510 a72500-a72507 504->510 520 a7250e-a7251a 505->520 521 a3148e-a31496 505->521 506->507 512 a316f2-a316f3 call a310d0 506->512 507->503 508 a31705 507->508 508->502 514 a724e2-a724e5 FindClose 509->514 515 a724d8-a724e0 call a36246 509->515 510->504 513 a72509 510->513 512->507 513->520 519 a724eb-a724f8 514->519 515->519 519->510 525 a724fa-a724fb call aa32b1 519->525 522 a72524-a7252b 520->522 523 a7251c-a7251e FreeLibrary 520->523 526 a72532-a7253f 521->526 527 a3149c-a314c1 call a3cfa0 521->527 522->520 528 a7252d 522->528 523->522 525->510 529 a72566-a7256d 526->529 530 a72541-a7255e VirtualFree 526->530 536 a314c3 527->536 537 a314f8-a31503 OleUninitialize 527->537 528->526 529->526 535 a7256f 529->535 530->529 534 a72560-a72561 call aa3317 530->534 534->529 540 a72574-a72578 535->540 539 a314c6-a314f6 call a31a05 call a319ae 536->539 537->540 541 a31509-a3150e 537->541 539->537 540->541 542 a7257e-a72584 540->542 544 a31514-a3151e 541->544 545 a72589-a72596 call aa32eb 541->545 542->541 548 a31707-a31714 call a4f80e 544->548 549 a31524-a315a5 call a3988f call a31944 call a317d5 call a4fe14 call a3177c call a3988f call a3cfa0 call a317fe call a4fe14 544->549 557 a72598 545->557 548->549 559 a3171a 548->559 561 a7259d-a725bf call a4fdcd 549->561 589 a315ab-a315cf call a4fe14 549->589 557->561 559->548 568 a725c1 561->568 571 a725c6-a725e8 call a4fdcd 568->571 576 a725ea 571->576 579 a725ef-a72611 call a4fdcd 576->579 585 a72613 579->585 588 a72618-a72625 call a964d4 585->588 595 a72627 588->595 589->571 594 a315d5-a315f9 call a4fe14 589->594 594->579 599 a315ff-a31619 call a4fe14 594->599 598 a7262c-a72639 call a4ac64 595->598 604 a7263b 598->604 599->588 605 a3161f-a31643 call a317d5 call a4fe14 599->605 606 a72640-a7264d call aa3245 604->606 605->598 614 a31649-a31651 605->614 612 a7264f 606->612 615 a72654-a72661 call aa32cc 612->615 614->606 616 a31657-a31675 call a3988f call a3190a 614->616 621 a72663 615->621 616->615 624 a3167b-a31689 616->624 625 a72668-a72675 call aa32cc 621->625 624->625 626 a3168f-a316c5 call a3988f * 3 call a31876 624->626 631 a72677 625->631 631->631
                                                                APIs
                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00A31459
                                                                • OleUninitialize.OLE32(?,00000000), ref: 00A314F8
                                                                • UnregisterHotKey.USER32(?), ref: 00A316DD
                                                                • DestroyWindow.USER32(?), ref: 00A724B9
                                                                • FreeLibrary.KERNEL32(?), ref: 00A7251E
                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00A7254B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                • String ID: close all
                                                                • API String ID: 469580280-3243417748
                                                                • Opcode ID: d7da564ba0c79a17b263276881a51d747ad7685ff077b81f427aa6e9b9852954
                                                                • Instruction ID: 76bb827d60ba87fad20dcfc4b604ebd5ae94113aa6872f351b6c16aec5070290
                                                                • Opcode Fuzzy Hash: d7da564ba0c79a17b263276881a51d747ad7685ff077b81f427aa6e9b9852954
                                                                • Instruction Fuzzy Hash: BED18A31701212CFCB29EF55C999B29F7A4BF45710F1582ADF44AAB252DB30AD12CF91

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 648 a32c63-a32cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                APIs
                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00A32C91
                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00A32CB2
                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00A31CAD,?), ref: 00A32CC6
                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00A31CAD,?), ref: 00A32CCF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$CreateShow
                                                                • String ID: AutoIt v3$edit
                                                                • API String ID: 1584632944-3779509399
                                                                • Opcode ID: 1a1d1f48c54375e2d7b6917c805162f1d03697864fe913d7a58de80a8c549fb4
                                                                • Instruction ID: 2701f6c5434746ccf53c3079021e647270e577f00c78258a963b8f3b07b787d0
                                                                • Opcode Fuzzy Hash: 1a1d1f48c54375e2d7b6917c805162f1d03697864fe913d7a58de80a8c549fb4
                                                                • Instruction Fuzzy Hash: C6F05E755403907AEB30071BAC08F773EBDD7D6F60F01041EF904A35A0DA710841DAB8

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 763 abad64-abad9c call a3a961 call a52340 768 abad9e-abadb5 call a37510 763->768 769 abadd1-abadd5 763->769 768->769 777 abadb7-abadce call a37510 call a37620 768->777 770 abadf1-abadf5 769->770 771 abadd7-abadee call a37510 call a37620 769->771 775 abae3a 770->775 776 abadf7-abae0e call a37510 770->776 771->770 779 abae3c-abae40 775->779 776->779 786 abae10-abae21 call a39b47 776->786 777->769 783 abae53-abaeae call a52340 call a37510 ShellExecuteExW 779->783 784 abae42-abae50 call a3b567 779->784 800 abaeb0-abaeb6 call a4fe14 783->800 801 abaeb7-abaeb9 783->801 784->783 786->775 799 abae23-abae2e call a37510 786->799 799->775 808 abae30-abae35 call a3a8c7 799->808 800->801 805 abaebb-abaec1 call a4fe14 801->805 806 abaec2-abaec6 801->806 805->806 810 abaf0a-abaf0e 806->810 811 abaec8-abaed6 806->811 808->775 812 abaf1b-abaf33 call a3cfa0 810->812 813 abaf10-abaf19 810->813 816 abaedb-abaeeb 811->816 817 abaed8 811->817 818 abaf6d-abaf7b call a3988f 812->818 826 abaf35-abaf46 GetProcessId 812->826 813->818 820 abaeed 816->820 821 abaef0-abaf08 call a3cfa0 816->821 817->816 820->821 821->818 828 abaf48 826->828 829 abaf4e-abaf67 call a3cfa0 CloseHandle 826->829 828->829 829->818
                                                                APIs
                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 00ABAEA3
                                                                  • Part of subcall function 00A37620: _wcslen.LIBCMT ref: 00A37625
                                                                • GetProcessId.KERNEL32(00000000), ref: 00ABAF38
                                                                • CloseHandle.KERNEL32(00000000), ref: 00ABAF67
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                • String ID: <$@
                                                                • API String ID: 146682121-1426351568
                                                                • Opcode ID: f351493345ad037fc81028f930cb06b3c3ba17c3b6ee1490e8ae56ee090ad13c
                                                                • Instruction ID: 66546a692a6f4eb5fa4035040e796b70ddc9c1996b52700252e9b3d2fc30121d
                                                                • Opcode Fuzzy Hash: f351493345ad037fc81028f930cb06b3c3ba17c3b6ee1490e8ae56ee090ad13c
                                                                • Instruction Fuzzy Hash: EC717675A00618DFCB14DFA4C584A9EBBF4FF08310F048499E85AAB3A2CB74ED41CB91

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 868 a33b1c-a33b27 869 a33b99-a33b9b 868->869 870 a33b29-a33b2e 868->870 872 a33b8c-a33b8f 869->872 870->869 871 a33b30-a33b48 RegOpenKeyExW 870->871 871->869 873 a33b4a-a33b69 RegQueryValueExW 871->873 874 a33b80-a33b8b RegCloseKey 873->874 875 a33b6b-a33b76 873->875 874->872 876 a33b90-a33b97 875->876 877 a33b78-a33b7a 875->877 878 a33b7e 876->878 877->878 878->874
                                                                APIs
                                                                • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00A33B0F,SwapMouseButtons,00000004,?), ref: 00A33B40
                                                                • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00A33B0F,SwapMouseButtons,00000004,?), ref: 00A33B61
                                                                • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00A33B0F,SwapMouseButtons,00000004,?), ref: 00A33B83
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseOpenQueryValue
                                                                • String ID: Control Panel\Mouse
                                                                • API String ID: 3677997916-824357125
                                                                • Opcode ID: d48ee9382e323b044a470425cafcd68347427f3be7202cbdf5d77e2b370561e1
                                                                • Instruction ID: ac1c93e7d8132a7b76fcf8b99423779e83be3b6127b8be7e7157f81c410dc383
                                                                • Opcode Fuzzy Hash: d48ee9382e323b044a470425cafcd68347427f3be7202cbdf5d77e2b370561e1
                                                                • Instruction Fuzzy Hash: 10112AB6514208FFDF20CFA5DC44EAEB7B8EF04754F104459F806D7110E2719E419760
                                                                APIs
                                                                • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00A733A2
                                                                  • Part of subcall function 00A36B57: _wcslen.LIBCMT ref: 00A36B6A
                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A33A04
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: IconLoadNotifyShell_String_wcslen
                                                                • String ID: Line:
                                                                • API String ID: 2289894680-1585850449
                                                                • Opcode ID: 3c5ddc06692f259539d80dab53e1bd6895abb9c44aed2bc65a2807759bc9114a
                                                                • Instruction ID: ecf448c25cf6d2ba7074a59809463dab3af3e9b50d3ab6adb47ac9b84536dc35
                                                                • Opcode Fuzzy Hash: 3c5ddc06692f259539d80dab53e1bd6895abb9c44aed2bc65a2807759bc9114a
                                                                • Instruction Fuzzy Hash: CC31B27240C304AECB25EB24DC45BEBB7E8AB54714F00892EF59997091EF709A49C7C6
                                                                APIs
                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A50668
                                                                  • Part of subcall function 00A532A4: RaiseException.KERNEL32(?,?,?,00A5068A,?,00B01444,?,?,?,?,?,?,00A5068A,00A31129,00AF8738,00A31129), ref: 00A53304
                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A50685
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                • String ID: Unknown exception
                                                                • API String ID: 3476068407-410509341
                                                                • Opcode ID: c003f5252862ff3ddb3690e081c82456ab2eac92d1db83c47d832903937f6668
                                                                • Instruction ID: eb45d6316092aa66c1158dab63148d8d0fdbd28641c419b71df59b61445e7a28
                                                                • Opcode Fuzzy Hash: c003f5252862ff3ddb3690e081c82456ab2eac92d1db83c47d832903937f6668
                                                                • Instruction Fuzzy Hash: 4CF0C23490060D7BCF00BBA4D946D9E776C7E80355B604531BD14D6992EFB1DA6DC590
                                                                APIs
                                                                  • Part of subcall function 00A31BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A31BF4
                                                                  • Part of subcall function 00A31BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00A31BFC
                                                                  • Part of subcall function 00A31BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A31C07
                                                                  • Part of subcall function 00A31BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A31C12
                                                                  • Part of subcall function 00A31BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00A31C1A
                                                                  • Part of subcall function 00A31BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00A31C22
                                                                  • Part of subcall function 00A31B4A: RegisterWindowMessageW.USER32(00000004,?,00A312C4), ref: 00A31BA2
                                                                • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00A3136A
                                                                • OleInitialize.OLE32 ref: 00A31388
                                                                • CloseHandle.KERNEL32(00000000,00000000), ref: 00A724AB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                • String ID:
                                                                • API String ID: 1986988660-0
                                                                • Opcode ID: 4affea0ee4bc8c229ebc708b6f0b99cbc1aa3ca1938f283977626c63fbb0265c
                                                                • Instruction ID: dc3b8923a37744fe81719c099bf9afba8648c58f1fd0817f3da8f53f2a255217
                                                                • Opcode Fuzzy Hash: 4affea0ee4bc8c229ebc708b6f0b99cbc1aa3ca1938f283977626c63fbb0265c
                                                                • Instruction Fuzzy Hash: 4471A7B99113008EC38CEF7DAD45A593AE4BBB8354B548A6EE44ADB3B1EF308501CF50
                                                                APIs
                                                                • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,00A685CC,?,00AF8CC8,0000000C), ref: 00A68704
                                                                • GetLastError.KERNEL32(?,00A685CC,?,00AF8CC8,0000000C), ref: 00A6870E
                                                                • __dosmaperr.LIBCMT ref: 00A68739
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                • String ID:
                                                                • API String ID: 490808831-0
                                                                • Opcode ID: 18f7f9d4908a04d08058b7923704f21e4cbd78fbf96a92a663508d0f29694421
                                                                • Instruction ID: bca22c5e6c5b5255f80f1c37a705d1683d3d7e2a651e24f9b427fd6fbe16676e
                                                                • Opcode Fuzzy Hash: 18f7f9d4908a04d08058b7923704f21e4cbd78fbf96a92a663508d0f29694421
                                                                • Instruction Fuzzy Hash: D3014936A056602AD634A334E945B7E677D4B92F74F390319F9198F2D2DEB8CC819190
                                                                APIs
                                                                • __Init_thread_footer.LIBCMT ref: 00A417F6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Init_thread_footer
                                                                • String ID: CALL
                                                                • API String ID: 1385522511-4196123274
                                                                • Opcode ID: 57ea302361d8170e4cf9e3f674fd3bbdf9dbf0f9b384a63bb176c883d5a12353
                                                                • Instruction ID: a40992f826080eb8bf5102fea8cbe818420948c3cca0b9c7850cece731e1d7b9
                                                                • Opcode Fuzzy Hash: 57ea302361d8170e4cf9e3f674fd3bbdf9dbf0f9b384a63bb176c883d5a12353
                                                                • Instruction Fuzzy Hash: 422279786082019FD714DF14C984B2ABBF1BFC9314F24896DF4968B3A2D771E885CB92
                                                                APIs
                                                                • GetOpenFileNameW.COMDLG32(?), ref: 00A72C8C
                                                                  • Part of subcall function 00A33AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A33A97,?,?,00A32E7F,?,?,?,00000000), ref: 00A33AC2
                                                                  • Part of subcall function 00A32DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00A32DC4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Name$Path$FileFullLongOpen
                                                                • String ID: X
                                                                • API String ID: 779396738-3081909835
                                                                • Opcode ID: 9a49cd0a8f51cf95b53e0e94ba198f1659210d1cc8fb179320cb5456da2696ee
                                                                • Instruction ID: f40c21f1d21deb3c659886e53f4f01500d9e20b742483a834ed4c90e987a755f
                                                                • Opcode Fuzzy Hash: 9a49cd0a8f51cf95b53e0e94ba198f1659210d1cc8fb179320cb5456da2696ee
                                                                • Instruction Fuzzy Hash: 0C219371A002589FCB01EF94C949BEE7BF8AF49315F008059F509A7241DBB45A898FA1
                                                                APIs
                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A33908
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: IconNotifyShell_
                                                                • String ID:
                                                                • API String ID: 1144537725-0
                                                                • Opcode ID: b89c16f786b85caa7f8f97e904cb4e70a97525fc2a8d1b8943409190d8759d3d
                                                                • Instruction ID: 2a5d416d8669d8884c7a2f4732902f55e448b2ec7af1ede16f4415e942b47d5f
                                                                • Opcode Fuzzy Hash: b89c16f786b85caa7f8f97e904cb4e70a97525fc2a8d1b8943409190d8759d3d
                                                                • Instruction Fuzzy Hash: A7319171608701DFDB20DF64D98479BBBE8FB49719F00092EF59A87280E771AA44CB92
                                                                APIs
                                                                  • Part of subcall function 00A34E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A34EDD,?,00B01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A34E9C
                                                                  • Part of subcall function 00A34E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A34EAE
                                                                  • Part of subcall function 00A34E90: FreeLibrary.KERNEL32(00000000,?,?,00A34EDD,?,00B01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A34EC0
                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00B01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A34EFD
                                                                  • Part of subcall function 00A34E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A73CDE,?,00B01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A34E62
                                                                  • Part of subcall function 00A34E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A34E74
                                                                  • Part of subcall function 00A34E59: FreeLibrary.KERNEL32(00000000,?,?,00A73CDE,?,00B01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A34E87
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$Load$AddressFreeProc
                                                                • String ID:
                                                                • API String ID: 2632591731-0
                                                                • Opcode ID: 2f9175cee4b1418129ddeb04d4f5cdc5b10272d20580ccac3e0e60e2d35fb392
                                                                • Instruction ID: da569b2ddda1cc9d93f79de61f35c88825e2c955cad6064f52cae49a6c3e668c
                                                                • Opcode Fuzzy Hash: 2f9175cee4b1418129ddeb04d4f5cdc5b10272d20580ccac3e0e60e2d35fb392
                                                                • Instruction Fuzzy Hash: 3A11E332600305AACF18FBB4DE02FED77A5AF48B11F24842DF546A61C1EE74AA099B50
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: __wsopen_s
                                                                • String ID:
                                                                • API String ID: 3347428461-0
                                                                • Opcode ID: bcff91c1ae48a645a419bf5ccfd115ac9280cedadee011958d87fddf042a2842
                                                                • Instruction ID: c51a656d03c92643c5e2cb872eddb049629baed5b961b27bbc328168b587df5b
                                                                • Opcode Fuzzy Hash: bcff91c1ae48a645a419bf5ccfd115ac9280cedadee011958d87fddf042a2842
                                                                • Instruction Fuzzy Hash: 8811187590410AAFCB05DF58E945A9A7BF9EF48314F108199F808AB312DA31DA11CBA5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                • Instruction ID: 1f338b71070755820799b8c78c0f51e87c2062026586d75bca510f148c95c2a2
                                                                • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                • Instruction Fuzzy Hash: 14F02832511E109AD7357B79CE05B5A33ADBFA23B3F100B15FC21935D2CB74D90A86A5
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000000,?,00B01444,?,00A4FDF5,?,?,00A3A976,00000010,00B01440,00A313FC,?,00A313C6,?,00A31129), ref: 00A63852
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 8a92b021aa567b7a551b3e084acd36a14ae338ed43c0b33bf94ce5ea98f6c0e7
                                                                • Instruction ID: e04755c5f48f80a11f0eecaeb04d458c060af5f1edaca80f3a45b95067ef613b
                                                                • Opcode Fuzzy Hash: 8a92b021aa567b7a551b3e084acd36a14ae338ed43c0b33bf94ce5ea98f6c0e7
                                                                • Instruction Fuzzy Hash: 77E06533102324AAEE212BB79D05BDA3679AB427B1F150121BD15975D1DB21DD0382E1
                                                                APIs
                                                                • FreeLibrary.KERNEL32(?,?,00B01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A34F6D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: FreeLibrary
                                                                • String ID:
                                                                • API String ID: 3664257935-0
                                                                • Opcode ID: b59b910bf148b9b60351285bf00c0d3d7a9bda91d5fc6987301fff42a12ea264
                                                                • Instruction ID: 8d55925f86f7426d5dcc39e0100d6c768d1f6ce599c24e584af1d673e85e1c28
                                                                • Opcode Fuzzy Hash: b59b910bf148b9b60351285bf00c0d3d7a9bda91d5fc6987301fff42a12ea264
                                                                • Instruction Fuzzy Hash: 17F03971105752CFDB389F65D590822BBF4FF187297288ABEF1EA82621C731A848DF10
                                                                APIs
                                                                • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A3314E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: IconNotifyShell_
                                                                • String ID:
                                                                • API String ID: 1144537725-0
                                                                • Opcode ID: afa8f96e20be61c89b9c47c025e51db163ab4226fb42fa2b8a2f1aff36e48482
                                                                • Instruction ID: 561f33f1036f02729667503f9d9a29351aab82fc9b898cdb58092b966e8b9156
                                                                • Opcode Fuzzy Hash: afa8f96e20be61c89b9c47c025e51db163ab4226fb42fa2b8a2f1aff36e48482
                                                                • Instruction Fuzzy Hash: 3BF0A770904304AFEB56DB24DC497D57BBCA701708F0000E5A54897181DB704788CF55
                                                                APIs
                                                                • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00A32DC4
                                                                  • Part of subcall function 00A36B57: _wcslen.LIBCMT ref: 00A36B6A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: LongNamePath_wcslen
                                                                • String ID:
                                                                • API String ID: 541455249-0
                                                                • Opcode ID: cea98dfca1685a0dab129926fb01a32d0973e5516d5d5c843a21c7da9b587ca5
                                                                • Instruction ID: 8709826ccaa840a02c6d04573a41b20664a2e8ae21457b45c6d9530279e63974
                                                                • Opcode Fuzzy Hash: cea98dfca1685a0dab129926fb01a32d0973e5516d5d5c843a21c7da9b587ca5
                                                                • Instruction Fuzzy Hash: 6DE0CD72A001246BC710E7989C05FDA77DDDFC8790F054071FD0DD7248E960AD808650
                                                                APIs
                                                                  • Part of subcall function 00A33837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A33908
                                                                  • Part of subcall function 00A3D730: GetInputState.USER32 ref: 00A3D807
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00A32B6B
                                                                  • Part of subcall function 00A330F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A3314E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                • String ID:
                                                                • API String ID: 3667716007-0
                                                                • Opcode ID: 4b43727202f22c3628825cbbe76569e3cf3423b0c4ff01c6841b51cfce712b6a
                                                                • Instruction ID: 3d670311dd4fdd9929f87c160d18e1290cdb0aebe947fc8b6c040db7cddf4da1
                                                                • Opcode Fuzzy Hash: 4b43727202f22c3628825cbbe76569e3cf3423b0c4ff01c6841b51cfce712b6a
                                                                • Instruction Fuzzy Hash: 00E0CD3370824407CE0CFB74A95257DF7599BD1361F40197EF146472B3CF6485454752
                                                                APIs
                                                                • CreateFileW.KERNEL32(00000000,00000000,?,00A70704,?,?,00000000,?,00A70704,00000000,0000000C), ref: 00A703B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: 9d268919ccfe51941c5d87c0070fa9309df925cccfd0dc00a9018af19c2a3037
                                                                • Instruction ID: a684e3f17b62faaefc5ac8b813d82e4c689da8fa5479adf0442f53b11bc74a8b
                                                                • Opcode Fuzzy Hash: 9d268919ccfe51941c5d87c0070fa9309df925cccfd0dc00a9018af19c2a3037
                                                                • Instruction Fuzzy Hash: 6ED06C3204010DBBDF028F85DD06EDA3BAAFB48714F014100FE1856020C732E822AB90
                                                                APIs
                                                                • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00A31CBC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: InfoParametersSystem
                                                                • String ID:
                                                                • API String ID: 3098949447-0
                                                                • Opcode ID: 88d96584f53568c448fbaed27e6b7be55c06f01b9740567995cd84a276fcd926
                                                                • Instruction ID: 4f7a8e3b77412b0a0693c92ccbfaf70c8d308f5988cedb3273d22b4d397b5f10
                                                                • Opcode Fuzzy Hash: 88d96584f53568c448fbaed27e6b7be55c06f01b9740567995cd84a276fcd926
                                                                • Instruction Fuzzy Hash: 85C092362C0308AFF3188BC4BC4FF107764A368B10F048401F60DAA5E3CBA22822EA58
                                                                APIs
                                                                  • Part of subcall function 00A49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A49BB2
                                                                • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00AC961A
                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00AC965B
                                                                • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00AC969F
                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00AC96C9
                                                                • SendMessageW.USER32 ref: 00AC96F2
                                                                • GetKeyState.USER32(00000011), ref: 00AC978B
                                                                • GetKeyState.USER32(00000009), ref: 00AC9798
                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00AC97AE
                                                                • GetKeyState.USER32(00000010), ref: 00AC97B8
                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00AC97E9
                                                                • SendMessageW.USER32 ref: 00AC9810
                                                                • SendMessageW.USER32(?,00001030,?,00AC7E95), ref: 00AC9918
                                                                • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00AC992E
                                                                • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00AC9941
                                                                • SetCapture.USER32(?), ref: 00AC994A
                                                                • ClientToScreen.USER32(?,?), ref: 00AC99AF
                                                                • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00AC99BC
                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00AC99D6
                                                                • ReleaseCapture.USER32 ref: 00AC99E1
                                                                • GetCursorPos.USER32(?), ref: 00AC9A19
                                                                • ScreenToClient.USER32(?,?), ref: 00AC9A26
                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00AC9A80
                                                                • SendMessageW.USER32 ref: 00AC9AAE
                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00AC9AEB
                                                                • SendMessageW.USER32 ref: 00AC9B1A
                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00AC9B3B
                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00AC9B4A
                                                                • GetCursorPos.USER32(?), ref: 00AC9B68
                                                                • ScreenToClient.USER32(?,?), ref: 00AC9B75
                                                                • GetParent.USER32(?), ref: 00AC9B93
                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00AC9BFA
                                                                • SendMessageW.USER32 ref: 00AC9C2B
                                                                • ClientToScreen.USER32(?,?), ref: 00AC9C84
                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00AC9CB4
                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00AC9CDE
                                                                • SendMessageW.USER32 ref: 00AC9D01
                                                                • ClientToScreen.USER32(?,?), ref: 00AC9D4E
                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00AC9D82
                                                                  • Part of subcall function 00A49944: GetWindowLongW.USER32(?,000000EB), ref: 00A49952
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AC9E05
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                • String ID: @GUI_DRAGID$F
                                                                • API String ID: 3429851547-4164748364
                                                                • Opcode ID: 96f45b8799e9683748e1237c47f4207685a60a4d22192fbf1a1d92dbe1d3ecf0
                                                                • Instruction ID: b71e325c5b4363cd6b983381d2ab6833dff7a99a9f6e609b9894247eabdd8fdc
                                                                • Opcode Fuzzy Hash: 96f45b8799e9683748e1237c47f4207685a60a4d22192fbf1a1d92dbe1d3ecf0
                                                                • Instruction Fuzzy Hash: B9427A35204201AFDB25CF68CD48FABBBE5FF48320F120A1DF699972A1D731A961CB51
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00AC48F3
                                                                • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00AC4908
                                                                • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00AC4927
                                                                • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00AC494B
                                                                • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00AC495C
                                                                • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00AC497B
                                                                • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00AC49AE
                                                                • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00AC49D4
                                                                • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00AC4A0F
                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00AC4A56
                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00AC4A7E
                                                                • IsMenu.USER32(?), ref: 00AC4A97
                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00AC4AF2
                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00AC4B20
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AC4B94
                                                                • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00AC4BE3
                                                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00AC4C82
                                                                • wsprintfW.USER32 ref: 00AC4CAE
                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00AC4CC9
                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00AC4CF1
                                                                • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00AC4D13
                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00AC4D33
                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00AC4D5A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                • String ID: %d/%02d/%02d
                                                                • API String ID: 4054740463-328681919
                                                                • Opcode ID: 73d95f16cfdc756633fbded58cd834d1159728196abf32d6d1e64630c4d615db
                                                                • Instruction ID: c8fa5fa367e2e0a6557c9f2c9e00cb707ba018486541e47776d370b30995a30e
                                                                • Opcode Fuzzy Hash: 73d95f16cfdc756633fbded58cd834d1159728196abf32d6d1e64630c4d615db
                                                                • Instruction Fuzzy Hash: 6F121F31600214ABEB258F68CD59FAE7BF8EF48710F11412DF51AEB2E0DB789941CB54
                                                                APIs
                                                                • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00A4F998
                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A8F474
                                                                • IsIconic.USER32(00000000), ref: 00A8F47D
                                                                • ShowWindow.USER32(00000000,00000009), ref: 00A8F48A
                                                                • SetForegroundWindow.USER32(00000000), ref: 00A8F494
                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00A8F4AA
                                                                • GetCurrentThreadId.KERNEL32 ref: 00A8F4B1
                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00A8F4BD
                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 00A8F4CE
                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 00A8F4D6
                                                                • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00A8F4DE
                                                                • SetForegroundWindow.USER32(00000000), ref: 00A8F4E1
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A8F4F6
                                                                • keybd_event.USER32(00000012,00000000), ref: 00A8F501
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A8F50B
                                                                • keybd_event.USER32(00000012,00000000), ref: 00A8F510
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A8F519
                                                                • keybd_event.USER32(00000012,00000000), ref: 00A8F51E
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A8F528
                                                                • keybd_event.USER32(00000012,00000000), ref: 00A8F52D
                                                                • SetForegroundWindow.USER32(00000000), ref: 00A8F530
                                                                • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00A8F557
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                • String ID: Shell_TrayWnd
                                                                • API String ID: 4125248594-2988720461
                                                                • Opcode ID: 9bb78a5ed89befa986c57be0628c5568763464e541ed3e7cc29184fa320006f9
                                                                • Instruction ID: 66623d11068d78d66e5baab2eeae31a85be8a7a9f0ff71c909728f5093b63700
                                                                • Opcode Fuzzy Hash: 9bb78a5ed89befa986c57be0628c5568763464e541ed3e7cc29184fa320006f9
                                                                • Instruction Fuzzy Hash: 52315471A8021CBFEB20ABF55C4AFBF7E6CEB44B60F110066F605E61D1C6B55D01AB60
                                                                APIs
                                                                  • Part of subcall function 00A916C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A9170D
                                                                  • Part of subcall function 00A916C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A9173A
                                                                  • Part of subcall function 00A916C3: GetLastError.KERNEL32 ref: 00A9174A
                                                                • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00A91286
                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00A912A8
                                                                • CloseHandle.KERNEL32(?), ref: 00A912B9
                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00A912D1
                                                                • GetProcessWindowStation.USER32 ref: 00A912EA
                                                                • SetProcessWindowStation.USER32(00000000), ref: 00A912F4
                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00A91310
                                                                  • Part of subcall function 00A910BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00A911FC), ref: 00A910D4
                                                                  • Part of subcall function 00A910BF: CloseHandle.KERNEL32(?,?,00A911FC), ref: 00A910E9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                • String ID: $default$winsta0
                                                                • API String ID: 22674027-1027155976
                                                                • Opcode ID: 9fd3986b88a072941e198c3c877de8f3fe7d6683932b84c37f7b46858e1f5d48
                                                                • Instruction ID: 65799634f90a482a9916f90867101e3e203a5a38e025872a923cb8d3c1cac22a
                                                                • Opcode Fuzzy Hash: 9fd3986b88a072941e198c3c877de8f3fe7d6683932b84c37f7b46858e1f5d48
                                                                • Instruction Fuzzy Hash: 32819FB1A0020AAFEF11DFA8DD49FEE7BF9EF48714F144129FA15A61A0D7318945CB20
                                                                APIs
                                                                  • Part of subcall function 00A910F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A91114
                                                                  • Part of subcall function 00A910F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00A90B9B,?,?,?), ref: 00A91120
                                                                  • Part of subcall function 00A910F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A90B9B,?,?,?), ref: 00A9112F
                                                                  • Part of subcall function 00A910F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A90B9B,?,?,?), ref: 00A91136
                                                                  • Part of subcall function 00A910F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A9114D
                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00A90BCC
                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00A90C00
                                                                • GetLengthSid.ADVAPI32(?), ref: 00A90C17
                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00A90C51
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00A90C6D
                                                                • GetLengthSid.ADVAPI32(?), ref: 00A90C84
                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00A90C8C
                                                                • HeapAlloc.KERNEL32(00000000), ref: 00A90C93
                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00A90CB4
                                                                • CopySid.ADVAPI32(00000000), ref: 00A90CBB
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00A90CEA
                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00A90D0C
                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00A90D1E
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A90D45
                                                                • HeapFree.KERNEL32(00000000), ref: 00A90D4C
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A90D55
                                                                • HeapFree.KERNEL32(00000000), ref: 00A90D5C
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A90D65
                                                                • HeapFree.KERNEL32(00000000), ref: 00A90D6C
                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00A90D78
                                                                • HeapFree.KERNEL32(00000000), ref: 00A90D7F
                                                                  • Part of subcall function 00A91193: GetProcessHeap.KERNEL32(00000008,00A90BB1,?,00000000,?,00A90BB1,?), ref: 00A911A1
                                                                  • Part of subcall function 00A91193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00A90BB1,?), ref: 00A911A8
                                                                  • Part of subcall function 00A91193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00A90BB1,?), ref: 00A911B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                • String ID:
                                                                • API String ID: 4175595110-0
                                                                • Opcode ID: c784711f099f3db7ad12fc1f0d7444f384937f9814125467d34b3340739e91c7
                                                                • Instruction ID: 40c6772bd2ee2f3c242bd098a2c3df923d9de2f7fc13c8ca7b42decf1101063a
                                                                • Opcode Fuzzy Hash: c784711f099f3db7ad12fc1f0d7444f384937f9814125467d34b3340739e91c7
                                                                • Instruction Fuzzy Hash: BB717B72A0021AEFDF10DFE5DC44FAEBBBCBF04354F054615E918A6291DB71A906CBA0
                                                                APIs
                                                                • OpenClipboard.USER32(00ACCC08), ref: 00AAEB29
                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 00AAEB37
                                                                • GetClipboardData.USER32(0000000D), ref: 00AAEB43
                                                                • CloseClipboard.USER32 ref: 00AAEB4F
                                                                • GlobalLock.KERNEL32(00000000), ref: 00AAEB87
                                                                • CloseClipboard.USER32 ref: 00AAEB91
                                                                • GlobalUnlock.KERNEL32(00000000,00000000), ref: 00AAEBBC
                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 00AAEBC9
                                                                • GetClipboardData.USER32(00000001), ref: 00AAEBD1
                                                                • GlobalLock.KERNEL32(00000000), ref: 00AAEBE2
                                                                • GlobalUnlock.KERNEL32(00000000,?), ref: 00AAEC22
                                                                • IsClipboardFormatAvailable.USER32(0000000F), ref: 00AAEC38
                                                                • GetClipboardData.USER32(0000000F), ref: 00AAEC44
                                                                • GlobalLock.KERNEL32(00000000), ref: 00AAEC55
                                                                • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00AAEC77
                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00AAEC94
                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00AAECD2
                                                                • GlobalUnlock.KERNEL32(00000000,?,?), ref: 00AAECF3
                                                                • CountClipboardFormats.USER32 ref: 00AAED14
                                                                • CloseClipboard.USER32 ref: 00AAED59
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                • String ID:
                                                                • API String ID: 420908878-0
                                                                • Opcode ID: cec39d941a858a19149c1b0655344d241b040ed88e44194cb1621f6c95447064
                                                                • Instruction ID: 0eb7155e1fe4e89ee605e315b86dc08cbf3789fed24a7283767de8438fce2168
                                                                • Opcode Fuzzy Hash: cec39d941a858a19149c1b0655344d241b040ed88e44194cb1621f6c95447064
                                                                • Instruction Fuzzy Hash: 8361DF35204301AFD300EF64D988F6AB7E8AF85724F15851DF45A9B2E2CB71DD46CBA2
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00AA69BE
                                                                • FindClose.KERNEL32(00000000), ref: 00AA6A12
                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00AA6A4E
                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00AA6A75
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00AA6AB2
                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00AA6ADF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                • API String ID: 3830820486-3289030164
                                                                • Opcode ID: 249822d4e7079f1eb27c39dd3f1c734999143cf527ca758874d4a4de3fddf004
                                                                • Instruction ID: 4c40d36e5144d0bfe89136b8706aaff09b46a5a8fe6b0164970d2cf9e4da54b4
                                                                • Opcode Fuzzy Hash: 249822d4e7079f1eb27c39dd3f1c734999143cf527ca758874d4a4de3fddf004
                                                                • Instruction Fuzzy Hash: 1FD15EB2508300AFC714EBA4C985EAFB7ECAF89704F44491DF589D7191EB74DA44CB62
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?,75568FB0,?,00000000), ref: 00AA9663
                                                                • GetFileAttributesW.KERNEL32(?), ref: 00AA96A1
                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 00AA96BB
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00AA96D3
                                                                • FindClose.KERNEL32(00000000), ref: 00AA96DE
                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00AA96FA
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AA974A
                                                                • SetCurrentDirectoryW.KERNEL32(00AF6B7C), ref: 00AA9768
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00AA9772
                                                                • FindClose.KERNEL32(00000000), ref: 00AA977F
                                                                • FindClose.KERNEL32(00000000), ref: 00AA978F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                • String ID: *.*
                                                                • API String ID: 1409584000-438819550
                                                                • Opcode ID: e05f03c20beea7f14414e7b741815a4e1ac81cf78233fdc797bfc64071703151
                                                                • Instruction ID: 686ff9576babbd0d90906cbebea33133c52f1d1108361c91154e59fc5ba32e76
                                                                • Opcode Fuzzy Hash: e05f03c20beea7f14414e7b741815a4e1ac81cf78233fdc797bfc64071703151
                                                                • Instruction Fuzzy Hash: F331C2329406197ADB14EFF4EC08EEF77ACAF4A361F114155F909E31D0EB30D9458A20
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?,75568FB0,?,00000000), ref: 00AA97BE
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00AA9819
                                                                • FindClose.KERNEL32(00000000), ref: 00AA9824
                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00AA9840
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AA9890
                                                                • SetCurrentDirectoryW.KERNEL32(00AF6B7C), ref: 00AA98AE
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00AA98B8
                                                                • FindClose.KERNEL32(00000000), ref: 00AA98C5
                                                                • FindClose.KERNEL32(00000000), ref: 00AA98D5
                                                                  • Part of subcall function 00A9DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00A9DB00
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                • String ID: *.*
                                                                • API String ID: 2640511053-438819550
                                                                • Opcode ID: 121af262800dd4c15c7a2002b784bc5ba46a1f183c4f805f28c741b1e7d8626b
                                                                • Instruction ID: 6b831208076c94c1143cf7b292e4763fc1ec4663e6ae138fc73af61ebf768cd0
                                                                • Opcode Fuzzy Hash: 121af262800dd4c15c7a2002b784bc5ba46a1f183c4f805f28c741b1e7d8626b
                                                                • Instruction Fuzzy Hash: 3B31B0325406197ADB10EFF4EC48EEF77ACAF0B360F114555E914A31D0DB38DA858B60
                                                                APIs
                                                                  • Part of subcall function 00ABC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00ABB6AE,?,?), ref: 00ABC9B5
                                                                  • Part of subcall function 00ABC998: _wcslen.LIBCMT ref: 00ABC9F1
                                                                  • Part of subcall function 00ABC998: _wcslen.LIBCMT ref: 00ABCA68
                                                                  • Part of subcall function 00ABC998: _wcslen.LIBCMT ref: 00ABCA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00ABBF3E
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00ABBFA9
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00ABBFCD
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00ABC02C
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00ABC0E7
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00ABC154
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00ABC1E9
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00ABC23A
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00ABC2E3
                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00ABC382
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00ABC38F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                • String ID:
                                                                • API String ID: 3102970594-0
                                                                • Opcode ID: 3d919e59724a5f9b5bbc4cb0064d61f41b9d3d82c19314d33f3f29f68d831dbc
                                                                • Instruction ID: 22dc23b3be17b357295394b6ed12689f927fb99b583a43f4efff5a45f10ed094
                                                                • Opcode Fuzzy Hash: 3d919e59724a5f9b5bbc4cb0064d61f41b9d3d82c19314d33f3f29f68d831dbc
                                                                • Instruction Fuzzy Hash: 3C024C71604200AFD714DF28C991E6ABBE9AF89314F58849DF84ADF2A2D731EC46CB51
                                                                APIs
                                                                • GetLocalTime.KERNEL32(?), ref: 00AA8257
                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00AA8267
                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00AA8273
                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00AA8310
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AA8324
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AA8356
                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00AA838C
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AA8395
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectoryTime$File$Local$System
                                                                • String ID: *.*
                                                                • API String ID: 1464919966-438819550
                                                                • Opcode ID: 5fe9252341888d995dd14b44876c69463a10ebbca7b602466c37a917300f91ea
                                                                • Instruction ID: 90c4204ef87b0c354076bc990ce42a2758c1098fb9de923509d6a9eb75ded0c4
                                                                • Opcode Fuzzy Hash: 5fe9252341888d995dd14b44876c69463a10ebbca7b602466c37a917300f91ea
                                                                • Instruction Fuzzy Hash: 6E616C725043459FCB10EF64C9409AFB3E8FF89314F04891EF99997291EB35E949CBA2
                                                                APIs
                                                                  • Part of subcall function 00A33AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A33A97,?,?,00A32E7F,?,?,?,00000000), ref: 00A33AC2
                                                                  • Part of subcall function 00A9E199: GetFileAttributesW.KERNEL32(?,00A9CF95), ref: 00A9E19A
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00A9D122
                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00A9D1DD
                                                                • MoveFileW.KERNEL32(?,?), ref: 00A9D1F0
                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 00A9D20D
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A9D237
                                                                  • Part of subcall function 00A9D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00A9D21C,?,?), ref: 00A9D2B2
                                                                • FindClose.KERNEL32(00000000,?,?,?), ref: 00A9D253
                                                                • FindClose.KERNEL32(00000000), ref: 00A9D264
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                • String ID: \*.*
                                                                • API String ID: 1946585618-1173974218
                                                                • Opcode ID: c6816b6fd8d44415bbc009ec201662d9fda992cdb1b333f34ef813828a8e4511
                                                                • Instruction ID: 7d620cf5ada958b76d5695de26f47d3ffa88a5164d630b893705bf052e6c393f
                                                                • Opcode Fuzzy Hash: c6816b6fd8d44415bbc009ec201662d9fda992cdb1b333f34ef813828a8e4511
                                                                • Instruction Fuzzy Hash: 3C616A31D0510DABCF05EBE0DA929EEB7B5AF55300F204169F446771A2EB31AF49CB61
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                • String ID:
                                                                • API String ID: 1737998785-0
                                                                • Opcode ID: 1a3bc8ea7b3cdb7a325415aecda788a0fef0fb574c0fcf504319a695f66ea1a4
                                                                • Instruction ID: f8bafdcb1c7fae3f5dc2ca6ef347792db553c817f2ed1d96cd4c9ae2ff4b2761
                                                                • Opcode Fuzzy Hash: 1a3bc8ea7b3cdb7a325415aecda788a0fef0fb574c0fcf504319a695f66ea1a4
                                                                • Instruction Fuzzy Hash: A941BC35204611AFE720DF59D888F19BBE5FF45329F15C09DE42A8B6A2C735EC42CB90
                                                                APIs
                                                                  • Part of subcall function 00A916C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A9170D
                                                                  • Part of subcall function 00A916C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A9173A
                                                                  • Part of subcall function 00A916C3: GetLastError.KERNEL32 ref: 00A9174A
                                                                • ExitWindowsEx.USER32(?,00000000), ref: 00A9E932
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                • String ID: $ $@$SeShutdownPrivilege
                                                                • API String ID: 2234035333-3163812486
                                                                • Opcode ID: d5e25ce8d56e4df68316b2eaf847d0e94c55a602c5866a3ab72397a02e3aed84
                                                                • Instruction ID: 56e0f759199a685066d72737bb3abe1547f1140bbbdfa3384959ad87d52f7755
                                                                • Opcode Fuzzy Hash: d5e25ce8d56e4df68316b2eaf847d0e94c55a602c5866a3ab72397a02e3aed84
                                                                • Instruction Fuzzy Hash: 8001F972B10215AFEF54E7B49D86FBFB2ECA714B60F150821FD13E21D3D9A15C418190
                                                                APIs
                                                                • socket.WSOCK32(00000002,00000001,00000006), ref: 00AB1276
                                                                • WSAGetLastError.WSOCK32 ref: 00AB1283
                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00AB12BA
                                                                • WSAGetLastError.WSOCK32 ref: 00AB12C5
                                                                • closesocket.WSOCK32(00000000), ref: 00AB12F4
                                                                • listen.WSOCK32(00000000,00000005), ref: 00AB1303
                                                                • WSAGetLastError.WSOCK32 ref: 00AB130D
                                                                • closesocket.WSOCK32(00000000), ref: 00AB133C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                • String ID:
                                                                • API String ID: 540024437-0
                                                                • Opcode ID: 319629f2a64befe7abb006340e2ef73a12c9b75683afeefcfced23194de908eb
                                                                • Instruction ID: 8a0eecdd56165925c3dcee699a5a6dd2fd751bc1187593d53687967552f86631
                                                                • Opcode Fuzzy Hash: 319629f2a64befe7abb006340e2ef73a12c9b75683afeefcfced23194de908eb
                                                                • Instruction Fuzzy Hash: BB4184716001009FD710DF64C594BAABBE9BF46328F598198E8569F293C771ED82CBE1
                                                                APIs
                                                                • _free.LIBCMT ref: 00A6B9D4
                                                                • _free.LIBCMT ref: 00A6B9F8
                                                                • _free.LIBCMT ref: 00A6BB7F
                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00AD3700), ref: 00A6BB91
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00B0121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00A6BC09
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00B01270,000000FF,?,0000003F,00000000,?), ref: 00A6BC36
                                                                • _free.LIBCMT ref: 00A6BD4B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                • String ID:
                                                                • API String ID: 314583886-0
                                                                • Opcode ID: 0819203b434fe48f3078e7922ff7fa0d89e624a1442357ad742ccd0dd92f66fd
                                                                • Instruction ID: 33068b86078693b9962b47fc7dec6df5289000e96102fbf33ec150d196c06fa4
                                                                • Opcode Fuzzy Hash: 0819203b434fe48f3078e7922ff7fa0d89e624a1442357ad742ccd0dd92f66fd
                                                                • Instruction Fuzzy Hash: 78C16C72A14204AFCB24DF78CD41BAE7BB9EF55350F14419AE594DB292EB308E81CB70
                                                                APIs
                                                                  • Part of subcall function 00A33AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A33A97,?,?,00A32E7F,?,?,?,00000000), ref: 00A33AC2
                                                                  • Part of subcall function 00A9E199: GetFileAttributesW.KERNEL32(?,00A9CF95), ref: 00A9E19A
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00A9D420
                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 00A9D470
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A9D481
                                                                • FindClose.KERNEL32(00000000), ref: 00A9D498
                                                                • FindClose.KERNEL32(00000000), ref: 00A9D4A1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                • String ID: \*.*
                                                                • API String ID: 2649000838-1173974218
                                                                • Opcode ID: 155342cc440e259bdb8a9c60b8d40bd488ed66e008f6086ea7c8741e7b6d4bcf
                                                                • Instruction ID: faa09e90ae9e6a0b52f90948321e9f171675eea9b6823f942abecbf061142ca5
                                                                • Opcode Fuzzy Hash: 155342cc440e259bdb8a9c60b8d40bd488ed66e008f6086ea7c8741e7b6d4bcf
                                                                • Instruction Fuzzy Hash: 87316C7100C345ABC704EFA4DA919AFB7E8BEE1314F444A1DF4D5931A1EB30AA49CB63
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: __floor_pentium4
                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                • API String ID: 4168288129-2761157908
                                                                • Opcode ID: 554d004ff2d087de38442b006dd579c06765811b41e98ddfa260d1b71c6097a8
                                                                • Instruction ID: 194b9f25ca0c04dd5dbc5855fd2668b7cdfd74ffdf5127293103f951e21980b6
                                                                • Opcode Fuzzy Hash: 554d004ff2d087de38442b006dd579c06765811b41e98ddfa260d1b71c6097a8
                                                                • Instruction Fuzzy Hash: 5FC24876E086288FDB25CF28DD407EAB7B5EB48305F1541EAD84EE7240E775AE858F40
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 00AA64DC
                                                                • CoInitialize.OLE32(00000000), ref: 00AA6639
                                                                • CoCreateInstance.OLE32(00ACFCF8,00000000,00000001,00ACFB68,?), ref: 00AA6650
                                                                • CoUninitialize.OLE32 ref: 00AA68D4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                • String ID: .lnk
                                                                • API String ID: 886957087-24824748
                                                                • Opcode ID: 5f3f83910e4bef316b101afab37c7b6bdca93fbfb88726d22691793d48a18485
                                                                • Instruction ID: 202fdedd414755520795814b866210de8155d5ddcd1c4bbcbcc032f513a6db4c
                                                                • Opcode Fuzzy Hash: 5f3f83910e4bef316b101afab37c7b6bdca93fbfb88726d22691793d48a18485
                                                                • Instruction Fuzzy Hash: 2BD13671508301AFC314EF24C981E6BB7E9FF99704F14496DF5958B2A1EB70E909CB92
                                                                APIs
                                                                • GetForegroundWindow.USER32(?,?,00000000), ref: 00AB22E8
                                                                  • Part of subcall function 00AAE4EC: GetWindowRect.USER32(?,?), ref: 00AAE504
                                                                • GetDesktopWindow.USER32 ref: 00AB2312
                                                                • GetWindowRect.USER32(00000000), ref: 00AB2319
                                                                • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00AB2355
                                                                • GetCursorPos.USER32(?), ref: 00AB2381
                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00AB23DF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                • String ID:
                                                                • API String ID: 2387181109-0
                                                                • Opcode ID: 177f8cb265841e51c24f2d2236c68d2753d8c8e2dbc87dae05a6393c7c91e3f5
                                                                • Instruction ID: 8e3b3f8dd12f77e89cc0a237ac5e144813e07c413e49030f39c8e9ad95cdd87a
                                                                • Opcode Fuzzy Hash: 177f8cb265841e51c24f2d2236c68d2753d8c8e2dbc87dae05a6393c7c91e3f5
                                                                • Instruction Fuzzy Hash: 7A31C1725043159BCB20DF54C849F9BB7EDFF84710F00091AF5899B192DB35E909CB92
                                                                APIs
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00AA9B78
                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00AA9C8B
                                                                  • Part of subcall function 00AA3874: GetInputState.USER32 ref: 00AA38CB
                                                                  • Part of subcall function 00AA3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AA3966
                                                                • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00AA9BA8
                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00AA9C75
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                • String ID: *.*
                                                                • API String ID: 1972594611-438819550
                                                                • Opcode ID: 48edeb6992b70b0005a372e4ea01b04fce6d99fcf3bb60486507d7f78aee81a6
                                                                • Instruction ID: d217a2ba196685515d64412f71d3950bd4f0c40d858d25616a48ada79adba788
                                                                • Opcode Fuzzy Hash: 48edeb6992b70b0005a372e4ea01b04fce6d99fcf3bb60486507d7f78aee81a6
                                                                • Instruction Fuzzy Hash: A6415C7194460AAFCF14DFA4C989AEEBBB8EF06320F248155F805A7191EB309E45CF61
                                                                APIs
                                                                  • Part of subcall function 00A49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A49BB2
                                                                • DefDlgProcW.USER32(?,?,?,?,?), ref: 00A49A4E
                                                                • GetSysColor.USER32(0000000F), ref: 00A49B23
                                                                • SetBkColor.GDI32(?,00000000), ref: 00A49B36
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$LongProcWindow
                                                                • String ID:
                                                                • API String ID: 3131106179-0
                                                                • Opcode ID: 6cbafa47f5c2ad6c019249330b07a1eac15179523a084952fc970c62a3ffe1b7
                                                                • Instruction ID: 9b72655d1ad0d5e7a3205a2a7d08ab8d979add253cd9e121048774ce32ea07ab
                                                                • Opcode Fuzzy Hash: 6cbafa47f5c2ad6c019249330b07a1eac15179523a084952fc970c62a3ffe1b7
                                                                • Instruction Fuzzy Hash: 36A10B74108554BEE729FB3C8D48E7F2AADEBC2390B254229F502D6691CA25DD23D371
                                                                APIs
                                                                  • Part of subcall function 00AB304E: inet_addr.WSOCK32(?), ref: 00AB307A
                                                                  • Part of subcall function 00AB304E: _wcslen.LIBCMT ref: 00AB309B
                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 00AB185D
                                                                • WSAGetLastError.WSOCK32 ref: 00AB1884
                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00AB18DB
                                                                • WSAGetLastError.WSOCK32 ref: 00AB18E6
                                                                • closesocket.WSOCK32(00000000), ref: 00AB1915
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                • String ID:
                                                                • API String ID: 1601658205-0
                                                                • Opcode ID: 936f805f6f36d6343522b70ba66ea6f82f45e514b7f188e9a457735b0d400e56
                                                                • Instruction ID: 5d6dea45bae79f067282ad42cba163de759402a6f5aed7e5a1a384a2c2c4cb07
                                                                • Opcode Fuzzy Hash: 936f805f6f36d6343522b70ba66ea6f82f45e514b7f188e9a457735b0d400e56
                                                                • Instruction Fuzzy Hash: 1651D675A00200AFDB10EF64C996F6A77E5AB44718F44845CFA0AAF3D3D771AD41CBA1
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                • String ID:
                                                                • API String ID: 292994002-0
                                                                • Opcode ID: 34596aab77b59ebeb7579217e3c531260f840e1240b5cf48b117e9986a8f9594
                                                                • Instruction ID: 3bbfb717a0c8e6ec8582d5efaa63b705c617cfae937c42cb3dd2a3afb77a96ca
                                                                • Opcode Fuzzy Hash: 34596aab77b59ebeb7579217e3c531260f840e1240b5cf48b117e9986a8f9594
                                                                • Instruction Fuzzy Hash: B621A3317442105FD7208F1AC884F6A7BE5EF96325F1A805CF84A8B352DB71DC42CB90
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                • API String ID: 0-1546025612
                                                                • Opcode ID: cdee8f5df5715b25e21315f171140131a56d44b07adfbe5fac22c9aa81a40aae
                                                                • Instruction ID: 08c6a7f0195c2e3f2338ded926001802a0889a38cb091288beccd8fcdafcc2e7
                                                                • Opcode Fuzzy Hash: cdee8f5df5715b25e21315f171140131a56d44b07adfbe5fac22c9aa81a40aae
                                                                • Instruction Fuzzy Hash: B8A24F71E0061ACBDF24CF58C9417AEB7B1BF54314F24C5AAF819AB285EB749D81CB90
                                                                APIs
                                                                • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00A9AAAC
                                                                • SetKeyboardState.USER32(00000080), ref: 00A9AAC8
                                                                • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00A9AB36
                                                                • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00A9AB88
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                • String ID:
                                                                • API String ID: 432972143-0
                                                                • Opcode ID: 7e14160868300a04171128ec53b06a11061b63c657e9fcf3624a15c0bd250f6b
                                                                • Instruction ID: c4b4caa7b97f08750c2f8630e69faabec0ba4302c65d76ac35a6b082be376e39
                                                                • Opcode Fuzzy Hash: 7e14160868300a04171128ec53b06a11061b63c657e9fcf3624a15c0bd250f6b
                                                                • Instruction Fuzzy Hash: 11310330B40218AFEF35CB698C05BFA7BE6EB64320F04421BE585961D0D7749D81C7E2
                                                                APIs
                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 00AACE89
                                                                • GetLastError.KERNEL32(?,00000000), ref: 00AACEEA
                                                                • SetEvent.KERNEL32(?,?,00000000), ref: 00AACEFE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorEventFileInternetLastRead
                                                                • String ID:
                                                                • API String ID: 234945975-0
                                                                • Opcode ID: 927c6fa88b1a2875acd5d2c4fb75fe9dbeef3e9a6715f2ec6e2945be09434190
                                                                • Instruction ID: adfddcb03e2067ba466b16e561e27ba52917168bb1eaa862dd05552830fadc7e
                                                                • Opcode Fuzzy Hash: 927c6fa88b1a2875acd5d2c4fb75fe9dbeef3e9a6715f2ec6e2945be09434190
                                                                • Instruction Fuzzy Hash: CE219D71500305AFEB30DFA5C948BAAB7F8EB41364F10442EE64693191E770EE09CB90
                                                                APIs
                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00A982AA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: lstrlen
                                                                • String ID: ($|
                                                                • API String ID: 1659193697-1631851259
                                                                • Opcode ID: c33438af2b67abcf8c49cec06d5b1df21f8582e6fa1b7d2e4bc30f3391497a3b
                                                                • Instruction ID: dcefdf9e225108fd468a48c6017483058a5a863b3eb4cdf72a3767465ca432ff
                                                                • Opcode Fuzzy Hash: c33438af2b67abcf8c49cec06d5b1df21f8582e6fa1b7d2e4bc30f3391497a3b
                                                                • Instruction Fuzzy Hash: 88323575A006059FCB28CF59C481AAAB7F0FF48710B15C56EE59ADB3A1EB74E941CB40
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00AA5CC1
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00AA5D17
                                                                • FindClose.KERNEL32(?), ref: 00AA5D5F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$CloseFirstNext
                                                                • String ID:
                                                                • API String ID: 3541575487-0
                                                                • Opcode ID: 71b8e8cb98d419ab729816a57c0c6e1536c67a5ed087f420b38bdaec823652f4
                                                                • Instruction ID: 71a81fd7d32765d1aa1c4a084ebc5ed8e5518a3efadbd4093fc441f1636453a8
                                                                • Opcode Fuzzy Hash: 71b8e8cb98d419ab729816a57c0c6e1536c67a5ed087f420b38bdaec823652f4
                                                                • Instruction Fuzzy Hash: F0517875A04A019FC714DF28C494E9AB7E4FF4A324F14855EE99A8B3A1DB30ED05CF91
                                                                APIs
                                                                • IsDebuggerPresent.KERNEL32 ref: 00A6271A
                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00A62724
                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 00A62731
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                • String ID:
                                                                • API String ID: 3906539128-0
                                                                • Opcode ID: e81ab4cea4b7f65b521fed6b66dcaad5ba34c1d5bea30740b0af7423a32b2b60
                                                                • Instruction ID: 2e43d4434f2d8c5202955bb6afc4965c4a805e8e047ec75fd5dc224694f3065b
                                                                • Opcode Fuzzy Hash: e81ab4cea4b7f65b521fed6b66dcaad5ba34c1d5bea30740b0af7423a32b2b60
                                                                • Instruction Fuzzy Hash: 9231B47491121CABCB21DF64DD89BD9B7B8BF08310F5041EAE81CA7261E7309F858F45
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 00AA51DA
                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00AA5238
                                                                • SetErrorMode.KERNEL32(00000000), ref: 00AA52A1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                • String ID:
                                                                • API String ID: 1682464887-0
                                                                • Opcode ID: 30382d53ce766d8650566fec836d87487fcf7b5432436404042cfce1287b466b
                                                                • Instruction ID: 057f7d47fe290de0148184765e1f56013695ca1e975573fcbff6ba812da4d7e0
                                                                • Opcode Fuzzy Hash: 30382d53ce766d8650566fec836d87487fcf7b5432436404042cfce1287b466b
                                                                • Instruction Fuzzy Hash: 1F312F75A00518DFDB00DF95D884FADBBB4FF49314F098099E805AB392DB31E856CB91
                                                                APIs
                                                                  • Part of subcall function 00A4FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00A50668
                                                                  • Part of subcall function 00A4FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00A50685
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A9170D
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A9173A
                                                                • GetLastError.KERNEL32 ref: 00A9174A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                • String ID:
                                                                • API String ID: 577356006-0
                                                                • Opcode ID: 726c78f718c04ff620913bd18c2789cb37c20f0bc3f9d62c518497c9bcbbb4a0
                                                                • Instruction ID: 1d8086bd7c08e8f6429902a94d185759628422eb9143a79c0a3368aba2e475b2
                                                                • Opcode Fuzzy Hash: 726c78f718c04ff620913bd18c2789cb37c20f0bc3f9d62c518497c9bcbbb4a0
                                                                • Instruction Fuzzy Hash: 7F1191B2904305AFE718DF94EC86D6AB7F9EF44724B24852EE05657641EB70BC428A60
                                                                APIs
                                                                • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00A9D608
                                                                • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00A9D645
                                                                • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00A9D650
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                • String ID:
                                                                • API String ID: 33631002-0
                                                                • Opcode ID: 725ee4b91ecd1e5ed94791eb8b750e2fd2e9441c45ee15a020708ba29d52e92e
                                                                • Instruction ID: 98e8bde1f4d6ad7f3e45dcc2cec3d520dd5481f0ebf60780f55a178158081a00
                                                                • Opcode Fuzzy Hash: 725ee4b91ecd1e5ed94791eb8b750e2fd2e9441c45ee15a020708ba29d52e92e
                                                                • Instruction Fuzzy Hash: 30115E75E05228BFDB10CF95EC45FAFBBBCEB45B60F108115F908E7290D6704A058BA1
                                                                APIs
                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00A9168C
                                                                • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00A916A1
                                                                • FreeSid.ADVAPI32(?), ref: 00A916B1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                • String ID:
                                                                • API String ID: 3429775523-0
                                                                • Opcode ID: 1434128abb2ea4f3271bdcfb2f51819dc2673cd3974a8fa53c36aa77cacc41dd
                                                                • Instruction ID: c0675aad3812389ab4d9825839a6b47a34878da28058ccbebf49a015be4a5cca
                                                                • Opcode Fuzzy Hash: 1434128abb2ea4f3271bdcfb2f51819dc2673cd3974a8fa53c36aa77cacc41dd
                                                                • Instruction Fuzzy Hash: 86F0F475950309FBDF00DFE49C89EAEBBBCFB08614F504565E901E2181E774AA458A54
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: /
                                                                • API String ID: 0-2043925204
                                                                • Opcode ID: 9e48a9bc1f7371b143dee509e4cf86f99bb93d5a000b44b591018977a13ca6e2
                                                                • Instruction ID: 634a92f6371c8269ffcd4d732ccf8c803701fe7b82b075559753062eb3d7adde
                                                                • Opcode Fuzzy Hash: 9e48a9bc1f7371b143dee509e4cf86f99bb93d5a000b44b591018977a13ca6e2
                                                                • Instruction Fuzzy Hash: BC413B725002196FCB20EFB9DC4DEBBB778EB84724F504269F955DB280E6709D41CB50
                                                                APIs
                                                                • GetUserNameW.ADVAPI32(?,?), ref: 00A8D28C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: NameUser
                                                                • String ID: X64
                                                                • API String ID: 2645101109-893830106
                                                                • Opcode ID: dac364476b31265fa1d78cdedda41a604673af5b905795a232a00391704c4c8d
                                                                • Instruction ID: 0b3e4944792afa8e83b9f21020972181c4fc9359fe69f2e69641784d7bd0987d
                                                                • Opcode Fuzzy Hash: dac364476b31265fa1d78cdedda41a604673af5b905795a232a00391704c4c8d
                                                                • Instruction Fuzzy Hash: 2ED0CAB880112DEACB90DBA0EC88DDAB3BCBB04316F100292F10AA2040EB3096498F20
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                • Instruction ID: d8514f4940e39aae2bd67fa551105417ec72a065db3f67d63d9303cd380cecaa
                                                                • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                • Instruction Fuzzy Hash: 09021B72E002199FDF14CFA9C9806ADBBF1FF48325F25816AD819E7385D731AA45CB80
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00AA6918
                                                                • FindClose.KERNEL32(00000000), ref: 00AA6961
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$CloseFileFirst
                                                                • String ID:
                                                                • API String ID: 2295610775-0
                                                                • Opcode ID: 907b1c7e24a720f57d25189ed6b6bf6776b1e5d555c588b0a9b4569e77c8159f
                                                                • Instruction ID: 6f2f901a7e07b1ced3160dd9a6416c0c044be420c2d3779b4436058b905bad5a
                                                                • Opcode Fuzzy Hash: 907b1c7e24a720f57d25189ed6b6bf6776b1e5d555c588b0a9b4569e77c8159f
                                                                • Instruction Fuzzy Hash: FB1190756042009FC710DF69D888A16BBE5FF89328F19C699F4698F6A2CB30EC05CF91
                                                                APIs
                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00AB4891,?,?,00000035,?), ref: 00AA37E4
                                                                • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00AB4891,?,?,00000035,?), ref: 00AA37F4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorFormatLastMessage
                                                                • String ID:
                                                                • API String ID: 3479602957-0
                                                                • Opcode ID: 550f4ec1b39eba1cea3ea2d393b28fc8523ea2b78f97bf931c0d477cc1b710ab
                                                                • Instruction ID: 94334d12b35970f3cb105309e4c6c59bd4ee11f3bc0db4d97e619b660df2123b
                                                                • Opcode Fuzzy Hash: 550f4ec1b39eba1cea3ea2d393b28fc8523ea2b78f97bf931c0d477cc1b710ab
                                                                • Instruction Fuzzy Hash: 37F0EC716043142ADB1097A65D4DFDB76ADDFC5771F000175F509D32C1D6605905C6B0
                                                                APIs
                                                                • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00A9B25D
                                                                • keybd_event.USER32(?,76C1C0D0,?,00000000), ref: 00A9B270
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: InputSendkeybd_event
                                                                • String ID:
                                                                • API String ID: 3536248340-0
                                                                • Opcode ID: b39692a988a7b9951131652cc8063f77881bf5eee71a543ebddda9f7f4197018
                                                                • Instruction ID: f019fd3b0b52c763a55cce0ecf89a1f9f33eda4834c939da1b239eee365c69e0
                                                                • Opcode Fuzzy Hash: b39692a988a7b9951131652cc8063f77881bf5eee71a543ebddda9f7f4197018
                                                                • Instruction Fuzzy Hash: 5DF01D7191424DABDF05DFA0D805BEE7BB4FF04315F00801AF955A5191C37996129FA4
                                                                APIs
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00A911FC), ref: 00A910D4
                                                                • CloseHandle.KERNEL32(?,?,00A911FC), ref: 00A910E9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                • String ID:
                                                                • API String ID: 81990902-0
                                                                • Opcode ID: d29a733472a5444739adb29a3a5e1f11e33a2da49989d201c773bd7d34f9f228
                                                                • Instruction ID: bd6feee270eab70e8e19e83213900f527bd779849294981424047657d2fbe76f
                                                                • Opcode Fuzzy Hash: d29a733472a5444739adb29a3a5e1f11e33a2da49989d201c773bd7d34f9f228
                                                                • Instruction Fuzzy Hash: 57E04F36004600EEEB252B51FD05E7377E9EB04320B14882DF4A6804B1DB626C91DB10
                                                                Strings
                                                                • Variable is not of type 'Object'., xrefs: 00A80C40
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Variable is not of type 'Object'.
                                                                • API String ID: 0-1840281001
                                                                • Opcode ID: ba93c00e46d76b530efb8b924d2fe4bea4bb77c0b36d299bbdb76faaa78edf6f
                                                                • Instruction ID: cc70070ae323b282e0d0f5cc3ca497e9685627bdf2caf621a691711e374759b1
                                                                • Opcode Fuzzy Hash: ba93c00e46d76b530efb8b924d2fe4bea4bb77c0b36d299bbdb76faaa78edf6f
                                                                • Instruction Fuzzy Hash: F6327774900218DBCF14EF94C985EEEB7B5BF05354F248069F806BB292DB75AE49CB60
                                                                APIs
                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00A66766,?,?,00000008,?,?,00A6FEFE,00000000), ref: 00A66998
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ExceptionRaise
                                                                • String ID:
                                                                • API String ID: 3997070919-0
                                                                • Opcode ID: 7c282ddc38825bcb0eeceb27b639fd3addcf022dabbf88874d25da39e9d4acc7
                                                                • Instruction ID: a5d4a6b601ecd10e3b15dfdb96b740f659cf3f60169622ba314d2e035d4eb920
                                                                • Opcode Fuzzy Hash: 7c282ddc38825bcb0eeceb27b639fd3addcf022dabbf88874d25da39e9d4acc7
                                                                • Instruction Fuzzy Hash: 19B12A72610609DFD719CF28C48AB657BF0FF45364F298658E8A9CF2A2C735E991CB40
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 75e6e1da6f53ed0a300143753495fffa2307dce7372b615e13bb23e6bc7cff9e
                                                                • Instruction ID: e1109956878c14fb7ae8e27806c5b9ea27633abb2e906e984a5ace215d0c94fa
                                                                • Opcode Fuzzy Hash: 75e6e1da6f53ed0a300143753495fffa2307dce7372b615e13bb23e6bc7cff9e
                                                                • Instruction Fuzzy Hash: AD126F75910229DFCB24DF58C8806EEB7B5FF48710F54819AE849EB255EB349E81CFA0
                                                                APIs
                                                                • BlockInput.USER32(00000001), ref: 00AAEABD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: BlockInput
                                                                • String ID:
                                                                • API String ID: 3456056419-0
                                                                • Opcode ID: 0468e5d4b996c7980ab905b8cdb39ada0a5c67a027658d4c7db126d0de2dac6a
                                                                • Instruction ID: 15504e78a9ee8b245ab423c4f12e9fb3b026ed211852b31d4f91052060337ffe
                                                                • Opcode Fuzzy Hash: 0468e5d4b996c7980ab905b8cdb39ada0a5c67a027658d4c7db126d0de2dac6a
                                                                • Instruction Fuzzy Hash: 6DE04F362102049FC710EF59D904E9AF7E9AF997B0F00841AFD4ADB391DB70EC418BA0
                                                                APIs
                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00A503EE), ref: 00A509DA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled
                                                                • String ID:
                                                                • API String ID: 3192549508-0
                                                                • Opcode ID: 8430117ea047e51f111c3088f7f5317ccdffc52ecf8471f898601b6c55fa0dce
                                                                • Instruction ID: 718fd98d59832d37f1438500e7b86c8a392d48f8ac15475ccdd35612a7534c88
                                                                • Opcode Fuzzy Hash: 8430117ea047e51f111c3088f7f5317ccdffc52ecf8471f898601b6c55fa0dce
                                                                • Instruction Fuzzy Hash:
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0
                                                                • API String ID: 0-4108050209
                                                                • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                • Instruction ID: a6cc86ce13f633caa049d0576a126caf17e6dedc903956502eb63bb17d5289f4
                                                                • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                • Instruction Fuzzy Hash: 39516A7160C7059BDB388768A95DBBE63D9BB12343F180509DC86F7282C635DE8DD362
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8da065ac3e331aeaee16112037136c360d0ff76393546089a28ab25eb3ac87de
                                                                • Instruction ID: 8669f5a0e03e810e09624e1db3ca438fb0f2abed45914c93d41d8bf23af78f2f
                                                                • Opcode Fuzzy Hash: 8da065ac3e331aeaee16112037136c360d0ff76393546089a28ab25eb3ac87de
                                                                • Instruction Fuzzy Hash: 47320321D3AF414DD7239635C822339A759AFB73C9F15D737E82AB59A5EF29C4834200
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f73389ed75648908981a76ac9b72608d72e39b38e157d907418f54a4aed4da35
                                                                • Instruction ID: a5545b4774aaba176c9dff9f7f9347602dc983632a8e89917f996c5fd23c4353
                                                                • Opcode Fuzzy Hash: f73389ed75648908981a76ac9b72608d72e39b38e157d907418f54a4aed4da35
                                                                • Instruction Fuzzy Hash: 23323636A00105CBDF28EF69C4D467DBBB1EB85330F28856AD59ACB291E230DD81DF60
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eab4d2fe19b7a2bf5641bcdbda64946fc6135cc224cf8e4eed8a001e5f7a90da
                                                                • Instruction ID: d7072155f917e82e27f467fd90de0c7fdf13930d1dc6fd152a3d5417bba7b90f
                                                                • Opcode Fuzzy Hash: eab4d2fe19b7a2bf5641bcdbda64946fc6135cc224cf8e4eed8a001e5f7a90da
                                                                • Instruction Fuzzy Hash: F922B3B0E04609DFDF14CFA4C981AAEB7F5FF44300F248629E816AB291EB75AD55CB50
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ea07bf391afe096dc2bf1123e4a53bc72cf4833092357896cdaf757fd078f190
                                                                • Instruction ID: d0746b3aecae70e085e106611ed0d42d7fe3866ac8956acf171ae84e7fb5e0a0
                                                                • Opcode Fuzzy Hash: ea07bf391afe096dc2bf1123e4a53bc72cf4833092357896cdaf757fd078f190
                                                                • Instruction Fuzzy Hash: C102B5B1E00205EFDF05DF54D981AAEB7B5FF48340F10C169F81A9B291EB71AA15CB91
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e67758d2e34a99e3cdab50247f5f878f503cebe964eeef91cbaba766f1ca4925
                                                                • Instruction ID: 47fb70e11c4339c368184e3ebbc76a93e650bed81467b2a5517d41eac62b7f72
                                                                • Opcode Fuzzy Hash: e67758d2e34a99e3cdab50247f5f878f503cebe964eeef91cbaba766f1ca4925
                                                                • Instruction Fuzzy Hash: 46B1F021D2AF414DC62396798931336B75CAFBB6D5F92D31BFC2778D22EB2286834141
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                • Instruction ID: f2da8e85e314d29de01a6038186ed8ea3cd67704c126b3345dd90d0830d8a828
                                                                • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                • Instruction Fuzzy Hash: EA9154731080A34ADB29473A857567EFEF16A523A371A079EDCF2CA1C1FE34895CD620
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                • Instruction ID: bf356828bc785668ff6e784a77f9b34d8fd313fafd14a6131416bd6de7566d27
                                                                • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                • Instruction Fuzzy Hash: A99133722094A349DB694339857463EFEE17A933A371A079EDCF2CA1C5EE34895CD720
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                • Instruction ID: c3f8e7f21e8c6eacc91fadd2a42b49be58f4349d27af359f522e81db96b5fa3f
                                                                • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                • Instruction Fuzzy Hash: C69143722090A34ADB2E437A857427DFFF16A923A371A079DD8F2CA1C1FE34855CD620
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4eb733d3f5ea7a384693540f228847efd4ee20cdbf4002b19a51abe3f8ea325b
                                                                • Instruction ID: b2e79097e10f8366f04cf92697c04f771c30d205d6b6881efcb978d6bedd476c
                                                                • Opcode Fuzzy Hash: 4eb733d3f5ea7a384693540f228847efd4ee20cdbf4002b19a51abe3f8ea325b
                                                                • Instruction Fuzzy Hash: CE617771608709A7EA349B28B995BBE23A4FF41743F140919ED43FB281DA359E4EC315
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fe1dbc02a61d57ea636fbec343a14cca2d96463d64851f51c8e9207395e20e95
                                                                • Instruction ID: 5047cd2628dc1f46873bfcb1f67b792fc52fbe1a7e623b77ca8c068629ff98cb
                                                                • Opcode Fuzzy Hash: fe1dbc02a61d57ea636fbec343a14cca2d96463d64851f51c8e9207395e20e95
                                                                • Instruction Fuzzy Hash: A0616C7220870956DE384B287956BBF23B4BF41703F100959ED43FB281EA369D4ECA55
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                • Instruction ID: 9cce9ebe233b0ec3472373fda7769561f10dfc8d433141a2e550fcdf02ec8258
                                                                • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                • Instruction Fuzzy Hash: 718176726080A34ADB2D473D857467EFFE17A923A371A079DD8F2CA1C1EE34995CD620
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 811eb9dc288c2a78bdc6c52ec64344d3b3bd9064c1c515d2bac478a32243d890
                                                                • Instruction ID: 3b4a600b593bf2056b0a53ab4ca8184405630c55767dd07e8ddb2ce9b4e7bb7c
                                                                • Opcode Fuzzy Hash: 811eb9dc288c2a78bdc6c52ec64344d3b3bd9064c1c515d2bac478a32243d890
                                                                • Instruction Fuzzy Hash: 73418FA244FBC55FEB0B87204C2A694BF70BEA366831846CFC8C05B5EFD7511186C78A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 708ad3dc78c96923eb9e659817394851948578a0a3413da8c5223faf1c8270aa
                                                                • Instruction ID: 9ff82aa1eccb88900ec4e34fee076346bf897a45106d065a45585a80e7eada3e
                                                                • Opcode Fuzzy Hash: 708ad3dc78c96923eb9e659817394851948578a0a3413da8c5223faf1c8270aa
                                                                • Instruction Fuzzy Hash: 6E21A5326206118BD728CF79C92267A73E5AB64310F15862EE4A7C37D1DE7AAD04CB80
                                                                APIs
                                                                • DeleteObject.GDI32(00000000), ref: 00AB2B30
                                                                • DeleteObject.GDI32(00000000), ref: 00AB2B43
                                                                • DestroyWindow.USER32 ref: 00AB2B52
                                                                • GetDesktopWindow.USER32 ref: 00AB2B6D
                                                                • GetWindowRect.USER32(00000000), ref: 00AB2B74
                                                                • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00AB2CA3
                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00AB2CB1
                                                                • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AB2CF8
                                                                • GetClientRect.USER32(00000000,?), ref: 00AB2D04
                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00AB2D40
                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AB2D62
                                                                • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AB2D75
                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AB2D80
                                                                • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AB2D89
                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AB2D98
                                                                • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AB2DA1
                                                                • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AB2DA8
                                                                • GlobalFree.KERNEL32(00000000), ref: 00AB2DB3
                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AB2DC5
                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,00ACFC38,00000000), ref: 00AB2DDB
                                                                • GlobalFree.KERNEL32(00000000), ref: 00AB2DEB
                                                                • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00AB2E11
                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00AB2E30
                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AB2E52
                                                                • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AB303F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                • API String ID: 2211948467-2373415609
                                                                • Opcode ID: c1b1fc753f19df7b3479080e63d1d25904e8daf996eb1f1b389a6d401b98add1
                                                                • Instruction ID: f315398225e6e6985cbb1881f74fcbf7d323084b8f4090a44ceeb1150ae04054
                                                                • Opcode Fuzzy Hash: c1b1fc753f19df7b3479080e63d1d25904e8daf996eb1f1b389a6d401b98add1
                                                                • Instruction Fuzzy Hash: 10026D71900205EFDB14DFA4CD89EAE7BB9FF49320F048559F919AB2A1DB74AD01CB60
                                                                APIs
                                                                • SetTextColor.GDI32(?,00000000), ref: 00AC712F
                                                                • GetSysColorBrush.USER32(0000000F), ref: 00AC7160
                                                                • GetSysColor.USER32(0000000F), ref: 00AC716C
                                                                • SetBkColor.GDI32(?,000000FF), ref: 00AC7186
                                                                • SelectObject.GDI32(?,?), ref: 00AC7195
                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00AC71C0
                                                                • GetSysColor.USER32(00000010), ref: 00AC71C8
                                                                • CreateSolidBrush.GDI32(00000000), ref: 00AC71CF
                                                                • FrameRect.USER32(?,?,00000000), ref: 00AC71DE
                                                                • DeleteObject.GDI32(00000000), ref: 00AC71E5
                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 00AC7230
                                                                • FillRect.USER32(?,?,?), ref: 00AC7262
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AC7284
                                                                  • Part of subcall function 00AC73E8: GetSysColor.USER32(00000012), ref: 00AC7421
                                                                  • Part of subcall function 00AC73E8: SetTextColor.GDI32(?,?), ref: 00AC7425
                                                                  • Part of subcall function 00AC73E8: GetSysColorBrush.USER32(0000000F), ref: 00AC743B
                                                                  • Part of subcall function 00AC73E8: GetSysColor.USER32(0000000F), ref: 00AC7446
                                                                  • Part of subcall function 00AC73E8: GetSysColor.USER32(00000011), ref: 00AC7463
                                                                  • Part of subcall function 00AC73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00AC7471
                                                                  • Part of subcall function 00AC73E8: SelectObject.GDI32(?,00000000), ref: 00AC7482
                                                                  • Part of subcall function 00AC73E8: SetBkColor.GDI32(?,00000000), ref: 00AC748B
                                                                  • Part of subcall function 00AC73E8: SelectObject.GDI32(?,?), ref: 00AC7498
                                                                  • Part of subcall function 00AC73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00AC74B7
                                                                  • Part of subcall function 00AC73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00AC74CE
                                                                  • Part of subcall function 00AC73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00AC74DB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                • String ID:
                                                                • API String ID: 4124339563-0
                                                                • Opcode ID: b19243aa73a92a70d9682586b9b382e2b97ac10954f0f5d7006aaa3d2d0840fa
                                                                • Instruction ID: 4bc5c6aaaf9fb4157d2e080a06772ee0c1a414c8b595df1a4f6ee933f65687a8
                                                                • Opcode Fuzzy Hash: b19243aa73a92a70d9682586b9b382e2b97ac10954f0f5d7006aaa3d2d0840fa
                                                                • Instruction Fuzzy Hash: 65A18B72008305AFDB00DFA4DC48E6EBBA9FB88330F150B19F966961A1D730E9468F51
                                                                APIs
                                                                • DestroyWindow.USER32(?,?), ref: 00A48E14
                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 00A86AC5
                                                                • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00A86AFE
                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00A86F43
                                                                  • Part of subcall function 00A48F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A48BE8,?,00000000,?,?,?,?,00A48BBA,00000000,?), ref: 00A48FC5
                                                                • SendMessageW.USER32(?,00001053), ref: 00A86F7F
                                                                • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00A86F96
                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00A86FAC
                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00A86FB7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                • String ID: 0
                                                                • API String ID: 2760611726-4108050209
                                                                • Opcode ID: b5058f8942a855a179460f29a1c0642b7706f08fea550b1c95377caff2d7b9a8
                                                                • Instruction ID: 90c9f50b8211db677557eec8ebff6c03e83ef4e19710ae47008a2b2f7edd6e05
                                                                • Opcode Fuzzy Hash: b5058f8942a855a179460f29a1c0642b7706f08fea550b1c95377caff2d7b9a8
                                                                • Instruction Fuzzy Hash: B712BE34600201DFEB25EF18D949BAABBF1FB84310F148469F5898B261CB35EC52DF91
                                                                APIs
                                                                • DestroyWindow.USER32(00000000), ref: 00AB273E
                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00AB286A
                                                                • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00AB28A9
                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00AB28B9
                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00AB2900
                                                                • GetClientRect.USER32(00000000,?), ref: 00AB290C
                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00AB2955
                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00AB2964
                                                                • GetStockObject.GDI32(00000011), ref: 00AB2974
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00AB2978
                                                                • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00AB2988
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AB2991
                                                                • DeleteDC.GDI32(00000000), ref: 00AB299A
                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00AB29C6
                                                                • SendMessageW.USER32(00000030,00000000,00000001), ref: 00AB29DD
                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00AB2A1D
                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00AB2A31
                                                                • SendMessageW.USER32(00000404,00000001,00000000), ref: 00AB2A42
                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00AB2A77
                                                                • GetStockObject.GDI32(00000011), ref: 00AB2A82
                                                                • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00AB2A8D
                                                                • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00AB2A97
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                • API String ID: 2910397461-517079104
                                                                • Opcode ID: 7272917da0cbd220a1c27562da50b36f965a86a74c7c21c9e4a8b69e78e469eb
                                                                • Instruction ID: db588b2f883254a45a7f6c44b4754e41e47a8c2d51ba317ca96a053f663f8942
                                                                • Opcode Fuzzy Hash: 7272917da0cbd220a1c27562da50b36f965a86a74c7c21c9e4a8b69e78e469eb
                                                                • Instruction Fuzzy Hash: 7FB16CB1A00219BFEB14DFA9CD49FAE7BB9EB08710F008515F915E7291DB70AD41CBA4
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 00AA4AED
                                                                • GetDriveTypeW.KERNEL32(?,00ACCB68,?,\\.\,00ACCC08), ref: 00AA4BCA
                                                                • SetErrorMode.KERNEL32(00000000,00ACCB68,?,\\.\,00ACCC08), ref: 00AA4D36
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$DriveType
                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                • API String ID: 2907320926-4222207086
                                                                • Opcode ID: a6f09446c66d08c6a6deec940a6b2a8b6368dd5c42b2065c57e902942c1785be
                                                                • Instruction ID: fcb0bdc4b09a50206111565adfcd41ac473a3add6ace3efbb2c04d630f706307
                                                                • Opcode Fuzzy Hash: a6f09446c66d08c6a6deec940a6b2a8b6368dd5c42b2065c57e902942c1785be
                                                                • Instruction Fuzzy Hash: 3261C030705309ABCB04DFA8CA82D7D77B0BB8E354B248815F90AAB6D1DBB5ED41DB51
                                                                APIs
                                                                • GetSysColor.USER32(00000012), ref: 00AC7421
                                                                • SetTextColor.GDI32(?,?), ref: 00AC7425
                                                                • GetSysColorBrush.USER32(0000000F), ref: 00AC743B
                                                                • GetSysColor.USER32(0000000F), ref: 00AC7446
                                                                • CreateSolidBrush.GDI32(?), ref: 00AC744B
                                                                • GetSysColor.USER32(00000011), ref: 00AC7463
                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00AC7471
                                                                • SelectObject.GDI32(?,00000000), ref: 00AC7482
                                                                • SetBkColor.GDI32(?,00000000), ref: 00AC748B
                                                                • SelectObject.GDI32(?,?), ref: 00AC7498
                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00AC74B7
                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00AC74CE
                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 00AC74DB
                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00AC752A
                                                                • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00AC7554
                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00AC7572
                                                                • DrawFocusRect.USER32(?,?), ref: 00AC757D
                                                                • GetSysColor.USER32(00000011), ref: 00AC758E
                                                                • SetTextColor.GDI32(?,00000000), ref: 00AC7596
                                                                • DrawTextW.USER32(?,00AC70F5,000000FF,?,00000000), ref: 00AC75A8
                                                                • SelectObject.GDI32(?,?), ref: 00AC75BF
                                                                • DeleteObject.GDI32(?), ref: 00AC75CA
                                                                • SelectObject.GDI32(?,?), ref: 00AC75D0
                                                                • DeleteObject.GDI32(?), ref: 00AC75D5
                                                                • SetTextColor.GDI32(?,?), ref: 00AC75DB
                                                                • SetBkColor.GDI32(?,?), ref: 00AC75E5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                • String ID:
                                                                • API String ID: 1996641542-0
                                                                • Opcode ID: 59bc41233959ef49ee400fbe4e85f63029877ad74215aa8f81ee1156d2db043a
                                                                • Instruction ID: 6f9166d7ceea9fcdffa61a098f449e271e9d99fba7b76a919fe1bf94495aaa2c
                                                                • Opcode Fuzzy Hash: 59bc41233959ef49ee400fbe4e85f63029877ad74215aa8f81ee1156d2db043a
                                                                • Instruction Fuzzy Hash: 7F614976900218AFDF01DFA4DC49EAEBFB9EB08320F164215F919AB2A1D7759941CF90
                                                                APIs
                                                                • GetCursorPos.USER32(?), ref: 00AC1128
                                                                • GetDesktopWindow.USER32 ref: 00AC113D
                                                                • GetWindowRect.USER32(00000000), ref: 00AC1144
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AC1199
                                                                • DestroyWindow.USER32(?), ref: 00AC11B9
                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00AC11ED
                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AC120B
                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00AC121D
                                                                • SendMessageW.USER32(00000000,00000421,?,?), ref: 00AC1232
                                                                • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00AC1245
                                                                • IsWindowVisible.USER32(00000000), ref: 00AC12A1
                                                                • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00AC12BC
                                                                • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00AC12D0
                                                                • GetWindowRect.USER32(00000000,?), ref: 00AC12E8
                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 00AC130E
                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 00AC1328
                                                                • CopyRect.USER32(?,?), ref: 00AC133F
                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 00AC13AA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                • String ID: ($0$tooltips_class32
                                                                • API String ID: 698492251-4156429822
                                                                • Opcode ID: 873af843a820bb7e494213aeec92de30e9cd03683085f899771c631525a27553
                                                                • Instruction ID: c3eebaab684ed7a031d7971b957cb65d0b8bd32fc4ea09ed4e95836ef4d5fb2c
                                                                • Opcode Fuzzy Hash: 873af843a820bb7e494213aeec92de30e9cd03683085f899771c631525a27553
                                                                • Instruction Fuzzy Hash: DBB1AC71604340AFDB00DF64C985F6ABBE4FF85314F01891CF9999B2A2C771E845CBA2
                                                                APIs
                                                                • CharUpperBuffW.USER32(?,?), ref: 00AC02E5
                                                                • _wcslen.LIBCMT ref: 00AC031F
                                                                • _wcslen.LIBCMT ref: 00AC0389
                                                                • _wcslen.LIBCMT ref: 00AC03F1
                                                                • _wcslen.LIBCMT ref: 00AC0475
                                                                • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00AC04C5
                                                                • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00AC0504
                                                                  • Part of subcall function 00A4F9F2: _wcslen.LIBCMT ref: 00A4F9FD
                                                                  • Part of subcall function 00A9223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00A92258
                                                                  • Part of subcall function 00A9223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00A9228A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                • API String ID: 1103490817-719923060
                                                                • Opcode ID: 2e6695dea30857179f6482bc4a6cd926bea2d3091115c8c5de78f44f3886d057
                                                                • Instruction ID: df4438c8be14d92c1895af96ce4b10cf565e70ccf8830f0c500278ac8b3e484a
                                                                • Opcode Fuzzy Hash: 2e6695dea30857179f6482bc4a6cd926bea2d3091115c8c5de78f44f3886d057
                                                                • Instruction Fuzzy Hash: D4E18B31218201DFCB18DF24CA51E2EB7E6BF88714F16495CF9969B2A2DB30ED46CB51
                                                                APIs
                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A48968
                                                                • GetSystemMetrics.USER32(00000007), ref: 00A48970
                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A4899B
                                                                • GetSystemMetrics.USER32(00000008), ref: 00A489A3
                                                                • GetSystemMetrics.USER32(00000004), ref: 00A489C8
                                                                • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00A489E5
                                                                • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00A489F5
                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00A48A28
                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00A48A3C
                                                                • GetClientRect.USER32(00000000,000000FF), ref: 00A48A5A
                                                                • GetStockObject.GDI32(00000011), ref: 00A48A76
                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00A48A81
                                                                  • Part of subcall function 00A4912D: GetCursorPos.USER32(?), ref: 00A49141
                                                                  • Part of subcall function 00A4912D: ScreenToClient.USER32(00000000,?), ref: 00A4915E
                                                                  • Part of subcall function 00A4912D: GetAsyncKeyState.USER32(00000001), ref: 00A49183
                                                                  • Part of subcall function 00A4912D: GetAsyncKeyState.USER32(00000002), ref: 00A4919D
                                                                • SetTimer.USER32(00000000,00000000,00000028,00A490FC), ref: 00A48AA8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                • String ID: AutoIt v3 GUI
                                                                • API String ID: 1458621304-248962490
                                                                • Opcode ID: cfccb155228ca1f2fd4b0fabca417cc4682390c54cd83bab32c4938ab5acef20
                                                                • Instruction ID: 9483650c40214ac72e4b317597f112ea302d75c7b63276f93d228d69c9243a2c
                                                                • Opcode Fuzzy Hash: cfccb155228ca1f2fd4b0fabca417cc4682390c54cd83bab32c4938ab5acef20
                                                                • Instruction Fuzzy Hash: 8FB18C35A00209AFDB14DFA8DD45FAE3BB5FB48314F114229FA19A7290DB74E941CB50
                                                                APIs
                                                                  • Part of subcall function 00A910F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A91114
                                                                  • Part of subcall function 00A910F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00A90B9B,?,?,?), ref: 00A91120
                                                                  • Part of subcall function 00A910F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A90B9B,?,?,?), ref: 00A9112F
                                                                  • Part of subcall function 00A910F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A90B9B,?,?,?), ref: 00A91136
                                                                  • Part of subcall function 00A910F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A9114D
                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00A90DF5
                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00A90E29
                                                                • GetLengthSid.ADVAPI32(?), ref: 00A90E40
                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00A90E7A
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00A90E96
                                                                • GetLengthSid.ADVAPI32(?), ref: 00A90EAD
                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00A90EB5
                                                                • HeapAlloc.KERNEL32(00000000), ref: 00A90EBC
                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00A90EDD
                                                                • CopySid.ADVAPI32(00000000), ref: 00A90EE4
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00A90F13
                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00A90F35
                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00A90F47
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A90F6E
                                                                • HeapFree.KERNEL32(00000000), ref: 00A90F75
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A90F7E
                                                                • HeapFree.KERNEL32(00000000), ref: 00A90F85
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A90F8E
                                                                • HeapFree.KERNEL32(00000000), ref: 00A90F95
                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00A90FA1
                                                                • HeapFree.KERNEL32(00000000), ref: 00A90FA8
                                                                  • Part of subcall function 00A91193: GetProcessHeap.KERNEL32(00000008,00A90BB1,?,00000000,?,00A90BB1,?), ref: 00A911A1
                                                                  • Part of subcall function 00A91193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00A90BB1,?), ref: 00A911A8
                                                                  • Part of subcall function 00A91193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00A90BB1,?), ref: 00A911B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                • String ID:
                                                                • API String ID: 4175595110-0
                                                                • Opcode ID: ad58868e6b7e51d663a328223256bab4e13fc5e6985783122666a00d43e87528
                                                                • Instruction ID: ce3f6d4f7f56015f70320bc7c87adcfccfdc0987f0ba75852d935eeb628461a6
                                                                • Opcode Fuzzy Hash: ad58868e6b7e51d663a328223256bab4e13fc5e6985783122666a00d43e87528
                                                                • Instruction Fuzzy Hash: 02715872A0021AEFDF20DFA5DD48FAEBBB8FF04351F154215E919E6191D7319A06CB60
                                                                APIs
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00ABC4BD
                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,00ACCC08,00000000,?,00000000,?,?), ref: 00ABC544
                                                                • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00ABC5A4
                                                                • _wcslen.LIBCMT ref: 00ABC5F4
                                                                • _wcslen.LIBCMT ref: 00ABC66F
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00ABC6B2
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00ABC7C1
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00ABC84D
                                                                • RegCloseKey.ADVAPI32(?), ref: 00ABC881
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00ABC88E
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00ABC960
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                • API String ID: 9721498-966354055
                                                                • Opcode ID: da5455d8210485cc55ec953d03d32cc1b5779565ae835a245ec02dd51e2e38c2
                                                                • Instruction ID: 74cf4ea52ca122f167e0b368d8de96472429667a662738b782146b82cd0a8337
                                                                • Opcode Fuzzy Hash: da5455d8210485cc55ec953d03d32cc1b5779565ae835a245ec02dd51e2e38c2
                                                                • Instruction Fuzzy Hash: 9E125A75604201AFDB24DF14C981E6AB7E5FF88724F04885DF99A9B3A2DB31ED41CB81
                                                                APIs
                                                                • CharUpperBuffW.USER32(?,?), ref: 00AC09C6
                                                                • _wcslen.LIBCMT ref: 00AC0A01
                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00AC0A54
                                                                • _wcslen.LIBCMT ref: 00AC0A8A
                                                                • _wcslen.LIBCMT ref: 00AC0B06
                                                                • _wcslen.LIBCMT ref: 00AC0B81
                                                                  • Part of subcall function 00A4F9F2: _wcslen.LIBCMT ref: 00A4F9FD
                                                                  • Part of subcall function 00A92BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A92BFA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                • API String ID: 1103490817-4258414348
                                                                • Opcode ID: 3b6bdb60789a0f0e371d84df987138e888178e8478abb861841fbc71d9e400f1
                                                                • Instruction ID: 0e49094503377bd14af40a31e8ca54be677ad878ea5071976e17af986c0fd64d
                                                                • Opcode Fuzzy Hash: 3b6bdb60789a0f0e371d84df987138e888178e8478abb861841fbc71d9e400f1
                                                                • Instruction Fuzzy Hash: B4E16735208301DFCB14DF68C550E2AB7E1BF98754F16895CF89AAB2A2DB31ED45CB81
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharUpper
                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                • API String ID: 1256254125-909552448
                                                                • Opcode ID: 3fd57216ac3c71678ccabcb43d981a1662de99894249b5a4933be440b37d56eb
                                                                • Instruction ID: a7bf0025a890554c50d2f0bc4b79c6e6c518b4b064d0d954650fec8874e11c7e
                                                                • Opcode Fuzzy Hash: 3fd57216ac3c71678ccabcb43d981a1662de99894249b5a4933be440b37d56eb
                                                                • Instruction Fuzzy Hash: EC71D73261012A8BCB10DF7CCD51DFF37AAAB657B4F250528FC5597286E631CD4593A0
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 00AC835A
                                                                • _wcslen.LIBCMT ref: 00AC836E
                                                                • _wcslen.LIBCMT ref: 00AC8391
                                                                • _wcslen.LIBCMT ref: 00AC83B4
                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00AC83F2
                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00AC5BF2), ref: 00AC844E
                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00AC8487
                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00AC84CA
                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00AC8501
                                                                • FreeLibrary.KERNEL32(?), ref: 00AC850D
                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00AC851D
                                                                • DestroyIcon.USER32(?,?,?,?,?,00AC5BF2), ref: 00AC852C
                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00AC8549
                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00AC8555
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                • String ID: .dll$.exe$.icl
                                                                • API String ID: 799131459-1154884017
                                                                • Opcode ID: 791e988c663a7991f0bc67da7452798556305dfc674260e154d6b6bc50c7e59a
                                                                • Instruction ID: 601cdb6aa560fb05c0da100decd0774dd9ee3c440d3574c5791d47bc9b1783d0
                                                                • Opcode Fuzzy Hash: 791e988c663a7991f0bc67da7452798556305dfc674260e154d6b6bc50c7e59a
                                                                • Instruction Fuzzy Hash: 9E61D271540219FAEB18DF64CD41FBE77A8BB08B21F11450AF915EA1D1DFB8A981CBA0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                • API String ID: 0-1645009161
                                                                • Opcode ID: d96cc07a57c4399c222cdec738462dc3e88bdc8269b023e11df75520c1aeee27
                                                                • Instruction ID: 17dbab304ad09a83811b240eaa6d259659164b313f866259f11daec7def34514
                                                                • Opcode Fuzzy Hash: d96cc07a57c4399c222cdec738462dc3e88bdc8269b023e11df75520c1aeee27
                                                                • Instruction Fuzzy Hash: B781C2B1A04605BFDB20AF60CD42FAE77B9BF55301F048424FD09AA292EBB4D955C791
                                                                APIs
                                                                • CharLowerBuffW.USER32(?,?), ref: 00AA3EF8
                                                                • _wcslen.LIBCMT ref: 00AA3F03
                                                                • _wcslen.LIBCMT ref: 00AA3F5A
                                                                • _wcslen.LIBCMT ref: 00AA3F98
                                                                • GetDriveTypeW.KERNEL32(?), ref: 00AA3FD6
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AA401E
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AA4059
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AA4087
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                • API String ID: 1839972693-4113822522
                                                                • Opcode ID: c1b47f186997f0394048a22dbfd88f491feca556d16bec65f4036c04814ae0c7
                                                                • Instruction ID: 5ecf0b94c623ba78c5bddaa2ddf3d229f2f26ffe70ad46af3ffd9680c86e9f6d
                                                                • Opcode Fuzzy Hash: c1b47f186997f0394048a22dbfd88f491feca556d16bec65f4036c04814ae0c7
                                                                • Instruction Fuzzy Hash: 3071EF326042019FC710EF24C98196EB7F4FF99768F10892DF99697291EB31ED46CB91
                                                                APIs
                                                                • LoadIconW.USER32(00000063), ref: 00A95A2E
                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00A95A40
                                                                • SetWindowTextW.USER32(?,?), ref: 00A95A57
                                                                • GetDlgItem.USER32(?,000003EA), ref: 00A95A6C
                                                                • SetWindowTextW.USER32(00000000,?), ref: 00A95A72
                                                                • GetDlgItem.USER32(?,000003E9), ref: 00A95A82
                                                                • SetWindowTextW.USER32(00000000,?), ref: 00A95A88
                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00A95AA9
                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00A95AC3
                                                                • GetWindowRect.USER32(?,?), ref: 00A95ACC
                                                                • _wcslen.LIBCMT ref: 00A95B33
                                                                • SetWindowTextW.USER32(?,?), ref: 00A95B6F
                                                                • GetDesktopWindow.USER32 ref: 00A95B75
                                                                • GetWindowRect.USER32(00000000), ref: 00A95B7C
                                                                • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00A95BD3
                                                                • GetClientRect.USER32(?,?), ref: 00A95BE0
                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 00A95C05
                                                                • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00A95C2F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                • String ID:
                                                                • API String ID: 895679908-0
                                                                • Opcode ID: 20a188b7b9a671f8370a3033e0fc2e6014c2e5696955003cab23096de89ce86a
                                                                • Instruction ID: a1c7788368d5766414ca5739594b9ec3434d1c5317fd6f6165eae64b757991f3
                                                                • Opcode Fuzzy Hash: 20a188b7b9a671f8370a3033e0fc2e6014c2e5696955003cab23096de89ce86a
                                                                • Instruction Fuzzy Hash: 80716B31A00A09AFDF21DFB8CE86E6EBBF5FF48714F104518E586A25A0D775E941CB10
                                                                APIs
                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 00AAFE27
                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 00AAFE32
                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00AAFE3D
                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 00AAFE48
                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 00AAFE53
                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 00AAFE5E
                                                                • LoadCursorW.USER32(00000000,00007F81), ref: 00AAFE69
                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 00AAFE74
                                                                • LoadCursorW.USER32(00000000,00007F80), ref: 00AAFE7F
                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 00AAFE8A
                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 00AAFE95
                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 00AAFEA0
                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 00AAFEAB
                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 00AAFEB6
                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 00AAFEC1
                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00AAFECC
                                                                • GetCursorInfo.USER32(?), ref: 00AAFEDC
                                                                • GetLastError.KERNEL32 ref: 00AAFF1E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Cursor$Load$ErrorInfoLast
                                                                • String ID:
                                                                • API String ID: 3215588206-0
                                                                • Opcode ID: 9dbfa202188252f64e6d6d4bc96d3e189301b06eab7f022760d78bac0b1b5c7c
                                                                • Instruction ID: 794368fe03c4cc614e48c823a7c3e23cb2fc751ed68c8dbd3b8b1c0e8b4def5f
                                                                • Opcode Fuzzy Hash: 9dbfa202188252f64e6d6d4bc96d3e189301b06eab7f022760d78bac0b1b5c7c
                                                                • Instruction Fuzzy Hash: 004132B0D043196EDB10DFBA8C8585EBFA8FF05754B54452AF11DEB281DB7899018E91
                                                                APIs
                                                                • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00A500C6
                                                                  • Part of subcall function 00A500ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00B0070C,00000FA0,0FA94221,?,?,?,?,00A723B3,000000FF), ref: 00A5011C
                                                                  • Part of subcall function 00A500ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00A723B3,000000FF), ref: 00A50127
                                                                  • Part of subcall function 00A500ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00A723B3,000000FF), ref: 00A50138
                                                                  • Part of subcall function 00A500ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00A5014E
                                                                  • Part of subcall function 00A500ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00A5015C
                                                                  • Part of subcall function 00A500ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00A5016A
                                                                  • Part of subcall function 00A500ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A50195
                                                                  • Part of subcall function 00A500ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A501A0
                                                                • ___scrt_fastfail.LIBCMT ref: 00A500E7
                                                                  • Part of subcall function 00A500A3: __onexit.LIBCMT ref: 00A500A9
                                                                Strings
                                                                • kernel32.dll, xrefs: 00A50133
                                                                • WakeAllConditionVariable, xrefs: 00A50162
                                                                • SleepConditionVariableCS, xrefs: 00A50154
                                                                • InitializeConditionVariable, xrefs: 00A50148
                                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00A50122
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                • API String ID: 66158676-1714406822
                                                                • Opcode ID: 583078eceac618ceab11c2e2e9b71ed877bed70f3464f096871ae92eea9754fd
                                                                • Instruction ID: 5041f37ddfc358c52b951295d106d0477f10ffddc657f0e2478e1be476c22fdc
                                                                • Opcode Fuzzy Hash: 583078eceac618ceab11c2e2e9b71ed877bed70f3464f096871ae92eea9754fd
                                                                • Instruction Fuzzy Hash: DC210B326447107FE711ABA4AD06F6A37D4FB44F62F050639FC05A72D1DF749C058A91
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                • API String ID: 176396367-1603158881
                                                                • Opcode ID: 5bcc88230409a3818fed56a1e08182b85057ee9af44d4aa6d56f714b93db51bd
                                                                • Instruction ID: e50c39415e9a44c66f0ed5a8d71d00c927ba3c5d285c8fc8fb5fb72fd2d160f8
                                                                • Opcode Fuzzy Hash: 5bcc88230409a3818fed56a1e08182b85057ee9af44d4aa6d56f714b93db51bd
                                                                • Instruction Fuzzy Hash: 2BE19333B00526AFCF189FB8C8516FEBBF4BF58710F658119E556A7250DB30AE858790
                                                                APIs
                                                                • CharLowerBuffW.USER32(00000000,00000000,00ACCC08), ref: 00AA4527
                                                                • _wcslen.LIBCMT ref: 00AA453B
                                                                • _wcslen.LIBCMT ref: 00AA4599
                                                                • _wcslen.LIBCMT ref: 00AA45F4
                                                                • _wcslen.LIBCMT ref: 00AA463F
                                                                • _wcslen.LIBCMT ref: 00AA46A7
                                                                  • Part of subcall function 00A4F9F2: _wcslen.LIBCMT ref: 00A4F9FD
                                                                • GetDriveTypeW.KERNEL32(?,00AF6BF0,00000061), ref: 00AA4743
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharDriveLowerType
                                                                • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                • API String ID: 2055661098-1000479233
                                                                • Opcode ID: 8aa18f13cf8524f2104134d9eb843cfdc3644b687d4b3bdb5db1334c37f7773a
                                                                • Instruction ID: 089b1b7c9e55243e3b3022d714e7ea6663f279d8190ec9924ea1f4f5c868b6e2
                                                                • Opcode Fuzzy Hash: 8aa18f13cf8524f2104134d9eb843cfdc3644b687d4b3bdb5db1334c37f7773a
                                                                • Instruction Fuzzy Hash: 49B1DB71A083029FC710DF28C991A6AB7E5AFEA720F50491DF496C72D1E7B0D845CBA2
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 00ABB198
                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00ABB1B0
                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00ABB1D4
                                                                • _wcslen.LIBCMT ref: 00ABB200
                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00ABB214
                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00ABB236
                                                                • _wcslen.LIBCMT ref: 00ABB332
                                                                  • Part of subcall function 00AA05A7: GetStdHandle.KERNEL32(000000F6), ref: 00AA05C6
                                                                • _wcslen.LIBCMT ref: 00ABB34B
                                                                • _wcslen.LIBCMT ref: 00ABB366
                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00ABB3B6
                                                                • GetLastError.KERNEL32(00000000), ref: 00ABB407
                                                                • CloseHandle.KERNEL32(?), ref: 00ABB439
                                                                • CloseHandle.KERNEL32(00000000), ref: 00ABB44A
                                                                • CloseHandle.KERNEL32(00000000), ref: 00ABB45C
                                                                • CloseHandle.KERNEL32(00000000), ref: 00ABB46E
                                                                • CloseHandle.KERNEL32(?), ref: 00ABB4E3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 2178637699-0
                                                                • Opcode ID: 6a792ba2d8331c785ca058cad2506f67084c08636346239c116f4b430f4755ac
                                                                • Instruction ID: a10104ddb8a34cd10b3f153741147cbc428f64103b1a7bc0eeba098386e3b7de
                                                                • Opcode Fuzzy Hash: 6a792ba2d8331c785ca058cad2506f67084c08636346239c116f4b430f4755ac
                                                                • Instruction Fuzzy Hash: 87F1BF715143009FC724EF24C991BAEBBE5BF85314F14855DF8998B2A2CB71EC44CB62
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,00ACCC08), ref: 00AB40BB
                                                                • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00AB40CD
                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00ACCC08), ref: 00AB40F2
                                                                • FreeLibrary.KERNEL32(00000000,?,00ACCC08), ref: 00AB413E
                                                                • StringFromGUID2.OLE32(?,?,00000028,?,00ACCC08), ref: 00AB41A8
                                                                • SysFreeString.OLEAUT32(00000009), ref: 00AB4262
                                                                • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00AB42C8
                                                                • SysFreeString.OLEAUT32(?), ref: 00AB42F2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                • String ID: GetModuleHandleExW$kernel32.dll
                                                                • API String ID: 354098117-199464113
                                                                • Opcode ID: f7f3032b240118854941609bec46e852eaadb074a9b1be3dfeac3482769d2efd
                                                                • Instruction ID: e93dcd9f93f396c71f20d7001256a5c28844e335272b0a9edd89478a915605f7
                                                                • Opcode Fuzzy Hash: f7f3032b240118854941609bec46e852eaadb074a9b1be3dfeac3482769d2efd
                                                                • Instruction Fuzzy Hash: CB123A75A00119EFDB14DF94C884EAEBBB9FF49314F248098F9099B252D731ED46CBA0
                                                                APIs
                                                                • GetMenuItemCount.USER32(00B01990), ref: 00A72F8D
                                                                • GetMenuItemCount.USER32(00B01990), ref: 00A7303D
                                                                • GetCursorPos.USER32(?), ref: 00A73081
                                                                • SetForegroundWindow.USER32(00000000), ref: 00A7308A
                                                                • TrackPopupMenuEx.USER32(00B01990,00000000,?,00000000,00000000,00000000), ref: 00A7309D
                                                                • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00A730A9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                • String ID: 0
                                                                • API String ID: 36266755-4108050209
                                                                • Opcode ID: 18ea364bc7eb710e048c92cfc1d077f1625cf59a64a81d81fcd9161c438ed4d5
                                                                • Instruction ID: 74c4b1ed8e1628f5ab87b301b91a88f6bb9855caa931b6c9d2c1846b5242802b
                                                                • Opcode Fuzzy Hash: 18ea364bc7eb710e048c92cfc1d077f1625cf59a64a81d81fcd9161c438ed4d5
                                                                • Instruction Fuzzy Hash: AA71D471644205BFEF258F64DD49FAABF68FF05364F20C216F5286A1E1C7B1A920DB90
                                                                APIs
                                                                • DestroyWindow.USER32(00000000,?), ref: 00AC6DEB
                                                                  • Part of subcall function 00A36B57: _wcslen.LIBCMT ref: 00A36B6A
                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00AC6E5F
                                                                • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00AC6E81
                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AC6E94
                                                                • DestroyWindow.USER32(?), ref: 00AC6EB5
                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00A30000,00000000), ref: 00AC6EE4
                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AC6EFD
                                                                • GetDesktopWindow.USER32 ref: 00AC6F16
                                                                • GetWindowRect.USER32(00000000), ref: 00AC6F1D
                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00AC6F35
                                                                • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00AC6F4D
                                                                  • Part of subcall function 00A49944: GetWindowLongW.USER32(?,000000EB), ref: 00A49952
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                • String ID: 0$tooltips_class32
                                                                • API String ID: 2429346358-3619404913
                                                                • Opcode ID: 7e712aaa30653a43430c76d91eee7f33b7870dc05d007fff8027887b41c16cdf
                                                                • Instruction ID: ae791519d1c051d857dcd368a2e2b9da175b0a5495eb63860ddd05675b4469dd
                                                                • Opcode Fuzzy Hash: 7e712aaa30653a43430c76d91eee7f33b7870dc05d007fff8027887b41c16cdf
                                                                • Instruction Fuzzy Hash: 97715374104244AFDB21CF28DD48FAABBE9FF89314F05081EF98997261DB74E906DB52
                                                                APIs
                                                                  • Part of subcall function 00A49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A49BB2
                                                                • DragQueryPoint.SHELL32(?,?), ref: 00AC9147
                                                                  • Part of subcall function 00AC7674: ClientToScreen.USER32(?,?), ref: 00AC769A
                                                                  • Part of subcall function 00AC7674: GetWindowRect.USER32(?,?), ref: 00AC7710
                                                                  • Part of subcall function 00AC7674: PtInRect.USER32(?,?,00AC8B89), ref: 00AC7720
                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00AC91B0
                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00AC91BB
                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00AC91DE
                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00AC9225
                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00AC923E
                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00AC9255
                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00AC9277
                                                                • DragFinish.SHELL32(?), ref: 00AC927E
                                                                • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00AC9371
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                • API String ID: 221274066-3440237614
                                                                • Opcode ID: be75d647484f5953243c67a27127f4f5fbc283af8523d590a4da6467fe789aa8
                                                                • Instruction ID: ebe3d902a55a2a766de162c6d4fe867987bca43a5e153a9103fec4d462fe48c2
                                                                • Opcode Fuzzy Hash: be75d647484f5953243c67a27127f4f5fbc283af8523d590a4da6467fe789aa8
                                                                • Instruction Fuzzy Hash: B7616971108301AFC705DFA4DD89EAFBBE8EF98750F00491EF596962A0DB709A49CB52
                                                                APIs
                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00AAC4B0
                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00AAC4C3
                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00AAC4D7
                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00AAC4F0
                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00AAC533
                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00AAC549
                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00AAC554
                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00AAC584
                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00AAC5DC
                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00AAC5F0
                                                                • InternetCloseHandle.WININET(00000000), ref: 00AAC5FB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                • String ID:
                                                                • API String ID: 3800310941-3916222277
                                                                • Opcode ID: c7a76df246a90e29ba07c0788e50db0bbf8536f7edecec9da3ff4871706830af
                                                                • Instruction ID: bd0e2118308d85ce80ee4afd465464612b6ec2b352aec4f98715afdd82e74a5e
                                                                • Opcode Fuzzy Hash: c7a76df246a90e29ba07c0788e50db0bbf8536f7edecec9da3ff4871706830af
                                                                • Instruction Fuzzy Hash: 1C514BB0940305BFEB21DFA4C948AAA7BFCFF09764F00441AF94A97690DB34E945DB60
                                                                APIs
                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00AC8592
                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AC85A2
                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AC85AD
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AC85BA
                                                                • GlobalLock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AC85C8
                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AC85D7
                                                                • GlobalUnlock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AC85E0
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AC85E7
                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AC85F8
                                                                • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00ACFC38,?), ref: 00AC8611
                                                                • GlobalFree.KERNEL32(00000000), ref: 00AC8621
                                                                • GetObjectW.GDI32(?,00000018,?), ref: 00AC8641
                                                                • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00AC8671
                                                                • DeleteObject.GDI32(?), ref: 00AC8699
                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00AC86AF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                • String ID:
                                                                • API String ID: 3840717409-0
                                                                • Opcode ID: 39db77610f7564a9fb67a73c7e7133a4ccddb57d2690b2c29855d98c6100a502
                                                                • Instruction ID: 884b6d6bbf4a0d8935fc91878c1a7875c881fdb8ad38ed68a8a4528b734d812e
                                                                • Opcode Fuzzy Hash: 39db77610f7564a9fb67a73c7e7133a4ccddb57d2690b2c29855d98c6100a502
                                                                • Instruction Fuzzy Hash: 39412B75600208AFDB11DFA5DC48EAABBBCFF89721F164058F919E7260DB749902CB20
                                                                APIs
                                                                • VariantInit.OLEAUT32(00000000), ref: 00AA1502
                                                                • VariantCopy.OLEAUT32(?,?), ref: 00AA150B
                                                                • VariantClear.OLEAUT32(?), ref: 00AA1517
                                                                • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00AA15FB
                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 00AA1657
                                                                • VariantInit.OLEAUT32(?), ref: 00AA1708
                                                                • SysFreeString.OLEAUT32(?), ref: 00AA178C
                                                                • VariantClear.OLEAUT32(?), ref: 00AA17D8
                                                                • VariantClear.OLEAUT32(?), ref: 00AA17E7
                                                                • VariantInit.OLEAUT32(00000000), ref: 00AA1823
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                • API String ID: 1234038744-3931177956
                                                                • Opcode ID: 11eed04afc336e3326b31ba5571c36643fd627d7dc86c3f3ed46c25a8b100449
                                                                • Instruction ID: 5dccc04450d062457926f17bf386138675b562a35689d362a44ad07c200ac9d9
                                                                • Opcode Fuzzy Hash: 11eed04afc336e3326b31ba5571c36643fd627d7dc86c3f3ed46c25a8b100449
                                                                • Instruction Fuzzy Hash: F1D1CC31A00616EBDB04AFA5D999B79B7B5BF46700F14845AF44AAB1C0DB30EC41DBA2
                                                                APIs
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                  • Part of subcall function 00ABC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00ABB6AE,?,?), ref: 00ABC9B5
                                                                  • Part of subcall function 00ABC998: _wcslen.LIBCMT ref: 00ABC9F1
                                                                  • Part of subcall function 00ABC998: _wcslen.LIBCMT ref: 00ABCA68
                                                                  • Part of subcall function 00ABC998: _wcslen.LIBCMT ref: 00ABCA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00ABB6F4
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00ABB772
                                                                • RegDeleteValueW.ADVAPI32(?,?), ref: 00ABB80A
                                                                • RegCloseKey.ADVAPI32(?), ref: 00ABB87E
                                                                • RegCloseKey.ADVAPI32(?), ref: 00ABB89C
                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00ABB8F2
                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00ABB904
                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00ABB922
                                                                • FreeLibrary.KERNEL32(00000000), ref: 00ABB983
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00ABB994
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                • API String ID: 146587525-4033151799
                                                                • Opcode ID: 5aaadb2247ab2d4ac7511c06ab54d5991026fc68c1339dc3114b85b34ec25877
                                                                • Instruction ID: 889bd60b8af700e606e35e5a70e0d4ecf2bf4810b7ddc657695ea835bb2424e9
                                                                • Opcode Fuzzy Hash: 5aaadb2247ab2d4ac7511c06ab54d5991026fc68c1339dc3114b85b34ec25877
                                                                • Instruction Fuzzy Hash: 66C18C34218201AFD714DF54C494F6ABBE9BF84318F14855CF49A9B2A3CBB1EC46CBA1
                                                                APIs
                                                                • GetDC.USER32(00000000), ref: 00AB25D8
                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00AB25E8
                                                                • CreateCompatibleDC.GDI32(?), ref: 00AB25F4
                                                                • SelectObject.GDI32(00000000,?), ref: 00AB2601
                                                                • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00AB266D
                                                                • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00AB26AC
                                                                • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00AB26D0
                                                                • SelectObject.GDI32(?,?), ref: 00AB26D8
                                                                • DeleteObject.GDI32(?), ref: 00AB26E1
                                                                • DeleteDC.GDI32(?), ref: 00AB26E8
                                                                • ReleaseDC.USER32(00000000,?), ref: 00AB26F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                • String ID: (
                                                                • API String ID: 2598888154-3887548279
                                                                • Opcode ID: 0888a780e509d452b4bf98ea52cd707fade4dd7495e942421f8b980c940b52c2
                                                                • Instruction ID: aea815c7803c8916c1510ed08edde7681754ff1a32f08e3f2461602fe559e277
                                                                • Opcode Fuzzy Hash: 0888a780e509d452b4bf98ea52cd707fade4dd7495e942421f8b980c940b52c2
                                                                • Instruction Fuzzy Hash: 3961E175D00219EFCF14CFE8D984EAEBBB9FF48310F24852AE959A7251E770A9418F50
                                                                APIs
                                                                • ___free_lconv_mon.LIBCMT ref: 00A6DAA1
                                                                  • Part of subcall function 00A6D63C: _free.LIBCMT ref: 00A6D659
                                                                  • Part of subcall function 00A6D63C: _free.LIBCMT ref: 00A6D66B
                                                                  • Part of subcall function 00A6D63C: _free.LIBCMT ref: 00A6D67D
                                                                  • Part of subcall function 00A6D63C: _free.LIBCMT ref: 00A6D68F
                                                                  • Part of subcall function 00A6D63C: _free.LIBCMT ref: 00A6D6A1
                                                                  • Part of subcall function 00A6D63C: _free.LIBCMT ref: 00A6D6B3
                                                                  • Part of subcall function 00A6D63C: _free.LIBCMT ref: 00A6D6C5
                                                                  • Part of subcall function 00A6D63C: _free.LIBCMT ref: 00A6D6D7
                                                                  • Part of subcall function 00A6D63C: _free.LIBCMT ref: 00A6D6E9
                                                                  • Part of subcall function 00A6D63C: _free.LIBCMT ref: 00A6D6FB
                                                                  • Part of subcall function 00A6D63C: _free.LIBCMT ref: 00A6D70D
                                                                  • Part of subcall function 00A6D63C: _free.LIBCMT ref: 00A6D71F
                                                                  • Part of subcall function 00A6D63C: _free.LIBCMT ref: 00A6D731
                                                                • _free.LIBCMT ref: 00A6DA96
                                                                  • Part of subcall function 00A629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A6D7D1,00000000,00000000,00000000,00000000,?,00A6D7F8,00000000,00000007,00000000,?,00A6DBF5,00000000), ref: 00A629DE
                                                                  • Part of subcall function 00A629C8: GetLastError.KERNEL32(00000000,?,00A6D7D1,00000000,00000000,00000000,00000000,?,00A6D7F8,00000000,00000007,00000000,?,00A6DBF5,00000000,00000000), ref: 00A629F0
                                                                • _free.LIBCMT ref: 00A6DAB8
                                                                • _free.LIBCMT ref: 00A6DACD
                                                                • _free.LIBCMT ref: 00A6DAD8
                                                                • _free.LIBCMT ref: 00A6DAFA
                                                                • _free.LIBCMT ref: 00A6DB0D
                                                                • _free.LIBCMT ref: 00A6DB1B
                                                                • _free.LIBCMT ref: 00A6DB26
                                                                • _free.LIBCMT ref: 00A6DB5E
                                                                • _free.LIBCMT ref: 00A6DB65
                                                                • _free.LIBCMT ref: 00A6DB82
                                                                • _free.LIBCMT ref: 00A6DB9A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                • String ID:
                                                                • API String ID: 161543041-0
                                                                • Opcode ID: 9db3ba5dbf89d52e90be0857aa22687eeb7c165e4303580914063e480c38dad0
                                                                • Instruction ID: 385263050b5693f0523638d71c493e5363f5c9237c7721f38530787da7df208c
                                                                • Opcode Fuzzy Hash: 9db3ba5dbf89d52e90be0857aa22687eeb7c165e4303580914063e480c38dad0
                                                                • Instruction Fuzzy Hash: A6314832B046059FEB25AB79E945B6AB7F9FF903A0F154429E449D7191DA31AC808B20
                                                                APIs
                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00A9369C
                                                                • _wcslen.LIBCMT ref: 00A936A7
                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00A93797
                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00A9380C
                                                                • GetDlgCtrlID.USER32(?), ref: 00A9385D
                                                                • GetWindowRect.USER32(?,?), ref: 00A93882
                                                                • GetParent.USER32(?), ref: 00A938A0
                                                                • ScreenToClient.USER32(00000000), ref: 00A938A7
                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00A93921
                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00A9395D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                • String ID: %s%u
                                                                • API String ID: 4010501982-679674701
                                                                • Opcode ID: b0703a0df167b49feeacbf887ca95b94f82eceb5954f44267ab701b8e3c9df99
                                                                • Instruction ID: 1a213f9edd759f781967a7773b96ed033fa9a5e30198e38e3367f051e5abd59a
                                                                • Opcode Fuzzy Hash: b0703a0df167b49feeacbf887ca95b94f82eceb5954f44267ab701b8e3c9df99
                                                                • Instruction Fuzzy Hash: 2691AE72304606AFDF19DF64C995FAAB7F8FF44350F008629F999C6190DB30AA46CB91
                                                                APIs
                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00A94994
                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00A949DA
                                                                • _wcslen.LIBCMT ref: 00A949EB
                                                                • CharUpperBuffW.USER32(?,00000000), ref: 00A949F7
                                                                • _wcsstr.LIBVCRUNTIME ref: 00A94A2C
                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00A94A64
                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00A94A9D
                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00A94AE6
                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00A94B20
                                                                • GetWindowRect.USER32(?,?), ref: 00A94B8B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                • String ID: ThumbnailClass
                                                                • API String ID: 1311036022-1241985126
                                                                • Opcode ID: f364ca37972090b64569069987aba521fd9ae70dfd71ac8dcecf4d0dacecddeb
                                                                • Instruction ID: 61e58b67718ea8a5878501e21f346efa1da9ebae671ad168a655712f3c93c2c5
                                                                • Opcode Fuzzy Hash: f364ca37972090b64569069987aba521fd9ae70dfd71ac8dcecf4d0dacecddeb
                                                                • Instruction Fuzzy Hash: E991AF712082059FDF04DF54CA85FAA77E8FF88354F048469FD899A196EB30ED46CBA1
                                                                APIs
                                                                  • Part of subcall function 00A49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A49BB2
                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00AC8D5A
                                                                • GetFocus.USER32 ref: 00AC8D6A
                                                                • GetDlgCtrlID.USER32(00000000), ref: 00AC8D75
                                                                • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00AC8E1D
                                                                • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00AC8ECF
                                                                • GetMenuItemCount.USER32(?), ref: 00AC8EEC
                                                                • GetMenuItemID.USER32(?,00000000), ref: 00AC8EFC
                                                                • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00AC8F2E
                                                                • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00AC8F70
                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00AC8FA1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                • String ID: 0
                                                                • API String ID: 1026556194-4108050209
                                                                • Opcode ID: 5193819ee7b0d6a6d4849135f33a8df2f1ea53a8ab84bc3643d37f9a678dea5f
                                                                • Instruction ID: 2a88cc121dd48858c5eb5cd573d27a78e269bf533af25f6fb644b033b6474346
                                                                • Opcode Fuzzy Hash: 5193819ee7b0d6a6d4849135f33a8df2f1ea53a8ab84bc3643d37f9a678dea5f
                                                                • Instruction Fuzzy Hash: 7681AD71508301AFDB10CF24C984FABBBE9FB88724F16091DF99997291DB38D901CBA1
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(00B01990,000000FF,00000000,00000030), ref: 00A9BFAC
                                                                • SetMenuItemInfoW.USER32(00B01990,00000004,00000000,00000030), ref: 00A9BFE1
                                                                • Sleep.KERNEL32(000001F4), ref: 00A9BFF3
                                                                • GetMenuItemCount.USER32(?), ref: 00A9C039
                                                                • GetMenuItemID.USER32(?,00000000), ref: 00A9C056
                                                                • GetMenuItemID.USER32(?,-00000001), ref: 00A9C082
                                                                • GetMenuItemID.USER32(?,?), ref: 00A9C0C9
                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00A9C10F
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A9C124
                                                                • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A9C145
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                • String ID: 0
                                                                • API String ID: 1460738036-4108050209
                                                                • Opcode ID: c9a80a8fa2f2f4995b6ba758fb07b4384f692b6c935bb63fdb0e3a32a5986f7d
                                                                • Instruction ID: 284dafd8be9c8bf5381c8fe91df33e5bb21f910672cebee9404fbf225fb0453f
                                                                • Opcode Fuzzy Hash: c9a80a8fa2f2f4995b6ba758fb07b4384f692b6c935bb63fdb0e3a32a5986f7d
                                                                • Instruction Fuzzy Hash: 40619FB0A0064AAFDF15CFA8DE88EEE7BF8EB05364F104155F815A7292C735AD45CB60
                                                                APIs
                                                                • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00A9DC20
                                                                • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00A9DC46
                                                                • _wcslen.LIBCMT ref: 00A9DC50
                                                                • _wcsstr.LIBVCRUNTIME ref: 00A9DCA0
                                                                • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00A9DCBC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                • API String ID: 1939486746-1459072770
                                                                • Opcode ID: 03b104708cdd33ffaee35e5a20e4baa94ca4b82d6011383f6f5373080ae5e45a
                                                                • Instruction ID: 05bbfd6d716eff4f6338f8f4a906e6cdac437c6b702ebb6c78890133ce65d5ab
                                                                • Opcode Fuzzy Hash: 03b104708cdd33ffaee35e5a20e4baa94ca4b82d6011383f6f5373080ae5e45a
                                                                • Instruction Fuzzy Hash: C3412132A40204BEEB14ABB4DD47EBF77BCFF42761F100469F904A6182EB749A0587A4
                                                                APIs
                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00ABCC64
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00ABCC8D
                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00ABCD48
                                                                  • Part of subcall function 00ABCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00ABCCAA
                                                                  • Part of subcall function 00ABCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00ABCCBD
                                                                  • Part of subcall function 00ABCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00ABCCCF
                                                                  • Part of subcall function 00ABCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00ABCD05
                                                                  • Part of subcall function 00ABCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00ABCD28
                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00ABCCF3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                • API String ID: 2734957052-4033151799
                                                                • Opcode ID: 49cad26a5080f9c520bc89acead4e30f36fcd1e0b5a5e216389d5fa2dd3124d5
                                                                • Instruction ID: d15d10a468772f238707f58827cbf2dda0a4a581cad2df665684a88b5cbf1392
                                                                • Opcode Fuzzy Hash: 49cad26a5080f9c520bc89acead4e30f36fcd1e0b5a5e216389d5fa2dd3124d5
                                                                • Instruction Fuzzy Hash: C3316075901129BBD720CB95DC88EFFBB7CEF56760F010165F909E3141D7349A469AA0
                                                                APIs
                                                                • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00AA3D40
                                                                • _wcslen.LIBCMT ref: 00AA3D6D
                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00AA3D9D
                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00AA3DBE
                                                                • RemoveDirectoryW.KERNEL32(?), ref: 00AA3DCE
                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00AA3E55
                                                                • CloseHandle.KERNEL32(00000000), ref: 00AA3E60
                                                                • CloseHandle.KERNEL32(00000000), ref: 00AA3E6B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                • String ID: :$\$\??\%s
                                                                • API String ID: 1149970189-3457252023
                                                                • Opcode ID: b2ceb90e3df63902d055369a8e95aca9b030b2096263409dcf7e0ffaa4679865
                                                                • Instruction ID: 8e6d033678110d05981940a63d78ca4cedc31e22e71faac1c2ce3028841f451e
                                                                • Opcode Fuzzy Hash: b2ceb90e3df63902d055369a8e95aca9b030b2096263409dcf7e0ffaa4679865
                                                                • Instruction Fuzzy Hash: 9831CF76900209ABDB21DBA0DC49FEF37BCEF89750F1040B6FA09D61A0EB7497458B24
                                                                APIs
                                                                • timeGetTime.WINMM ref: 00A9E6B4
                                                                  • Part of subcall function 00A4E551: timeGetTime.WINMM(?,?,00A9E6D4), ref: 00A4E555
                                                                • Sleep.KERNEL32(0000000A), ref: 00A9E6E1
                                                                • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00A9E705
                                                                • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00A9E727
                                                                • SetActiveWindow.USER32 ref: 00A9E746
                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00A9E754
                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00A9E773
                                                                • Sleep.KERNEL32(000000FA), ref: 00A9E77E
                                                                • IsWindow.USER32 ref: 00A9E78A
                                                                • EndDialog.USER32(00000000), ref: 00A9E79B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                • String ID: BUTTON
                                                                • API String ID: 1194449130-3405671355
                                                                • Opcode ID: 5510dd64523bcf34d280fc27eae1c7ec219f604320588831b1bab890dc9ce406
                                                                • Instruction ID: 2012eca50242185ab48fd865ebb3717b1dff20381dc52e52d0ba49bc16ab5fee
                                                                • Opcode Fuzzy Hash: 5510dd64523bcf34d280fc27eae1c7ec219f604320588831b1bab890dc9ce406
                                                                • Instruction Fuzzy Hash: 14218CB0300205BFEF00EFA4ED8DE263BA9FB64758B151824F509825B2DF72AC558B25
                                                                APIs
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00A9EA5D
                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00A9EA73
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A9EA84
                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00A9EA96
                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00A9EAA7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: SendString$_wcslen
                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                • API String ID: 2420728520-1007645807
                                                                • Opcode ID: 4057da5bc445ad8e095287f18ac2b20575fa02e931095d8d9f7ffebb23d9a3a8
                                                                • Instruction ID: 7361cdc2725cff95ba365290a26858030acd703e9df9df81503a1a5f72ed22e2
                                                                • Opcode Fuzzy Hash: 4057da5bc445ad8e095287f18ac2b20575fa02e931095d8d9f7ffebb23d9a3a8
                                                                • Instruction Fuzzy Hash: 99112131A9025D79DB20E7A2DD8AEFF6ABCFBD5B40F400829B511A60D1EAB05945C6B0
                                                                APIs
                                                                • GetKeyboardState.USER32(?), ref: 00A9A012
                                                                • SetKeyboardState.USER32(?), ref: 00A9A07D
                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00A9A09D
                                                                • GetKeyState.USER32(000000A0), ref: 00A9A0B4
                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00A9A0E3
                                                                • GetKeyState.USER32(000000A1), ref: 00A9A0F4
                                                                • GetAsyncKeyState.USER32(00000011), ref: 00A9A120
                                                                • GetKeyState.USER32(00000011), ref: 00A9A12E
                                                                • GetAsyncKeyState.USER32(00000012), ref: 00A9A157
                                                                • GetKeyState.USER32(00000012), ref: 00A9A165
                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00A9A18E
                                                                • GetKeyState.USER32(0000005B), ref: 00A9A19C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: State$Async$Keyboard
                                                                • String ID:
                                                                • API String ID: 541375521-0
                                                                • Opcode ID: 0ac5cc81bcafe2f01b41936818ac37c93f708d5d3f25ef14aaecbdef649e046a
                                                                • Instruction ID: 4dc656e18ed6c21edf65590ed11768bde3aad7018f2501c91d60d66fdeab777c
                                                                • Opcode Fuzzy Hash: 0ac5cc81bcafe2f01b41936818ac37c93f708d5d3f25ef14aaecbdef649e046a
                                                                • Instruction Fuzzy Hash: DD51B920B0478829FF35DBA489117EBFFF49F21384F08859ED5C6571C2DA549A4CC7A2
                                                                APIs
                                                                • GetDlgItem.USER32(?,00000001), ref: 00A95CE2
                                                                • GetWindowRect.USER32(00000000,?), ref: 00A95CFB
                                                                • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00A95D59
                                                                • GetDlgItem.USER32(?,00000002), ref: 00A95D69
                                                                • GetWindowRect.USER32(00000000,?), ref: 00A95D7B
                                                                • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00A95DCF
                                                                • GetDlgItem.USER32(?,000003E9), ref: 00A95DDD
                                                                • GetWindowRect.USER32(00000000,?), ref: 00A95DEF
                                                                • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00A95E31
                                                                • GetDlgItem.USER32(?,000003EA), ref: 00A95E44
                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00A95E5A
                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00A95E67
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                • String ID:
                                                                • API String ID: 3096461208-0
                                                                • Opcode ID: 7336dc9fe1278275a99f978122e030e2cd533930f56f913b4ea3fc40a90b9516
                                                                • Instruction ID: 9e9df1251d4eb0614f6e992e2e38c213085709ae9657521a4b3c4173d5824458
                                                                • Opcode Fuzzy Hash: 7336dc9fe1278275a99f978122e030e2cd533930f56f913b4ea3fc40a90b9516
                                                                • Instruction Fuzzy Hash: F751FCB1F00605AFDF19CFA8DD8AAAEBBF5EB48310F158129F519E6290D7709E05CB50
                                                                APIs
                                                                  • Part of subcall function 00A48F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A48BE8,?,00000000,?,?,?,?,00A48BBA,00000000,?), ref: 00A48FC5
                                                                • DestroyWindow.USER32(?), ref: 00A48C81
                                                                • KillTimer.USER32(00000000,?,?,?,?,00A48BBA,00000000,?), ref: 00A48D1B
                                                                • DestroyAcceleratorTable.USER32(00000000), ref: 00A86973
                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00A48BBA,00000000,?), ref: 00A869A1
                                                                • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00A48BBA,00000000,?), ref: 00A869B8
                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00A48BBA,00000000), ref: 00A869D4
                                                                • DeleteObject.GDI32(00000000), ref: 00A869E6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                • String ID:
                                                                • API String ID: 641708696-0
                                                                • Opcode ID: 5a83ffb2f15a4f7a0be20947f8b002c738a6c07faea445e68daa194b3e75338f
                                                                • Instruction ID: 1d94cc2c014f2570bd1d12eb89826c2b1ab85fbfa19e9f5ddc0a97b59a1f1514
                                                                • Opcode Fuzzy Hash: 5a83ffb2f15a4f7a0be20947f8b002c738a6c07faea445e68daa194b3e75338f
                                                                • Instruction Fuzzy Hash: 21616E35502710DFDB29DF18EA88B29B7F1FB90316F14491CE0469B5A0CB79A992DF90
                                                                APIs
                                                                  • Part of subcall function 00A49944: GetWindowLongW.USER32(?,000000EB), ref: 00A49952
                                                                • GetSysColor.USER32(0000000F), ref: 00A49862
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ColorLongWindow
                                                                • String ID:
                                                                • API String ID: 259745315-0
                                                                • Opcode ID: 301869799cfe57846c8a94b8b6eeebf218c699c2355ed1ec453949d79a0f21c6
                                                                • Instruction ID: 8b7225886c81104dd22ee331de3820b87d487448f50e1c1e0de89693330e2c01
                                                                • Opcode Fuzzy Hash: 301869799cfe57846c8a94b8b6eeebf218c699c2355ed1ec453949d79a0f21c6
                                                                • Instruction Fuzzy Hash: 8341A035104644AFDB209F7C9C88FBB3BA5AB86331F294615FAA6871E2D731DC52DB10
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00A7F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00A99717
                                                                • LoadStringW.USER32(00000000,?,00A7F7F8,00000001), ref: 00A99720
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00A7F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00A99742
                                                                • LoadStringW.USER32(00000000,?,00A7F7F8,00000001), ref: 00A99745
                                                                • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00A99866
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: HandleLoadModuleString$Message_wcslen
                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                • API String ID: 747408836-2268648507
                                                                • Opcode ID: 9b24a8f3b4e7168ea3db2952566e44c3d6aeba02c81baab47549f76a51a1cc43
                                                                • Instruction ID: 220c32a751cf676bd61428b1eaa060341063ce3d51be21993004d3b58769c81e
                                                                • Opcode Fuzzy Hash: 9b24a8f3b4e7168ea3db2952566e44c3d6aeba02c81baab47549f76a51a1cc43
                                                                • Instruction Fuzzy Hash: A4413872904209BACF04EBE4CF86EEFB7B8AF55340F104429F60576092EB656F49CB61
                                                                APIs
                                                                  • Part of subcall function 00A36B57: _wcslen.LIBCMT ref: 00A36B6A
                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00A907A2
                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00A907BE
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00A907DA
                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00A90804
                                                                • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00A9082C
                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00A90837
                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00A9083C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                • API String ID: 323675364-22481851
                                                                • Opcode ID: 70b5020873bad62e022f1236e3ebe0fc53add84e8e21004cd77c21c1ee7a4c85
                                                                • Instruction ID: d149678c219d6df8389a6e96b11c553a5461a599a59f0a0d0a043b763da2cdf3
                                                                • Opcode Fuzzy Hash: 70b5020873bad62e022f1236e3ebe0fc53add84e8e21004cd77c21c1ee7a4c85
                                                                • Instruction Fuzzy Hash: 34411572D10229AFCF15EBA4DD85DEEB7B8BF44350F058129F905A7160EB709E04CBA0
                                                                APIs
                                                                • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00AC403B
                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00AC4042
                                                                • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00AC4055
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00AC405D
                                                                • GetPixel.GDI32(00000000,00000000,00000000), ref: 00AC4068
                                                                • DeleteDC.GDI32(00000000), ref: 00AC4072
                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00AC407C
                                                                • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00AC4092
                                                                • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00AC409E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                • String ID: static
                                                                • API String ID: 2559357485-2160076837
                                                                • Opcode ID: 7c1e16aca52a064bacd355a25d9f35f8c0ff3929d749f7b3e3b2284888b8bf9f
                                                                • Instruction ID: b84f99c9471700b0c0867b5a606d13bb666c196be317d705547f3fa2e58d69bd
                                                                • Opcode Fuzzy Hash: 7c1e16aca52a064bacd355a25d9f35f8c0ff3929d749f7b3e3b2284888b8bf9f
                                                                • Instruction Fuzzy Hash: ED315C32541219BBDF219FA4CC49FDA3BA8FF0D320F120215FA19A61A0C775D811DB94
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 00AB3C5C
                                                                • CoInitialize.OLE32(00000000), ref: 00AB3C8A
                                                                • CoUninitialize.OLE32 ref: 00AB3C94
                                                                • _wcslen.LIBCMT ref: 00AB3D2D
                                                                • GetRunningObjectTable.OLE32(00000000,?), ref: 00AB3DB1
                                                                • SetErrorMode.KERNEL32(00000001,00000029), ref: 00AB3ED5
                                                                • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00AB3F0E
                                                                • CoGetObject.OLE32(?,00000000,00ACFB98,?), ref: 00AB3F2D
                                                                • SetErrorMode.KERNEL32(00000000), ref: 00AB3F40
                                                                • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00AB3FC4
                                                                • VariantClear.OLEAUT32(?), ref: 00AB3FD8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                • String ID:
                                                                • API String ID: 429561992-0
                                                                • Opcode ID: 60c49094e5c93133fdb9cfa33cd76424e9411c3e24a4c77691f844ec15f7197e
                                                                • Instruction ID: 3c4671c112d1b3e4883d38c75061d409a1b435d4f2bdd817de792a7c7eb6f575
                                                                • Opcode Fuzzy Hash: 60c49094e5c93133fdb9cfa33cd76424e9411c3e24a4c77691f844ec15f7197e
                                                                • Instruction Fuzzy Hash: 0CC147726083059FCB00DF68C98496BBBE9FF89744F14491DF98A9B212DB31EE05CB52
                                                                APIs
                                                                • CoInitialize.OLE32(00000000), ref: 00AA7AF3
                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00AA7B8F
                                                                • SHGetDesktopFolder.SHELL32(?), ref: 00AA7BA3
                                                                • CoCreateInstance.OLE32(00ACFD08,00000000,00000001,00AF6E6C,?), ref: 00AA7BEF
                                                                • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00AA7C74
                                                                • CoTaskMemFree.OLE32(?,?), ref: 00AA7CCC
                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00AA7D57
                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00AA7D7A
                                                                • CoTaskMemFree.OLE32(00000000), ref: 00AA7D81
                                                                • CoTaskMemFree.OLE32(00000000), ref: 00AA7DD6
                                                                • CoUninitialize.OLE32 ref: 00AA7DDC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                • String ID:
                                                                • API String ID: 2762341140-0
                                                                • Opcode ID: 3cf34af62ee61f74eb29465316dd5f440c31c16e48d5e77c23868085e20ff1a3
                                                                • Instruction ID: 32de1eac0a4fec0c861bd6cfaa1f93f0c3211dad0ccbf56c3691445751e261ec
                                                                • Opcode Fuzzy Hash: 3cf34af62ee61f74eb29465316dd5f440c31c16e48d5e77c23868085e20ff1a3
                                                                • Instruction Fuzzy Hash: 8AC11B75A04209AFCB14DFA4C984DAEBBF9FF49314F148499F81A9B261D730ED45CB90
                                                                APIs
                                                                • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00AC5504
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00AC5515
                                                                • CharNextW.USER32(00000158), ref: 00AC5544
                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00AC5585
                                                                • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00AC559B
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00AC55AC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CharNext
                                                                • String ID:
                                                                • API String ID: 1350042424-0
                                                                • Opcode ID: 80830d40721e3dbadbe7204db1846fdf39c2d09b2bf4cec4e9ee7141dafe9c87
                                                                • Instruction ID: 390708842b042ec51289c1a5a087760735ed08d66adba1cfacd083105bf29cc1
                                                                • Opcode Fuzzy Hash: 80830d40721e3dbadbe7204db1846fdf39c2d09b2bf4cec4e9ee7141dafe9c87
                                                                • Instruction Fuzzy Hash: 96617E30D00608AFDF14CFA4CD84EFE7BB9EB05720F128549F525AA291D774AAC1DB60
                                                                APIs
                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00A8FAAF
                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 00A8FB08
                                                                • VariantInit.OLEAUT32(?), ref: 00A8FB1A
                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 00A8FB3A
                                                                • VariantCopy.OLEAUT32(?,?), ref: 00A8FB8D
                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 00A8FBA1
                                                                • VariantClear.OLEAUT32(?), ref: 00A8FBB6
                                                                • SafeArrayDestroyData.OLEAUT32(?), ref: 00A8FBC3
                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A8FBCC
                                                                • VariantClear.OLEAUT32(?), ref: 00A8FBDE
                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A8FBE9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                • String ID:
                                                                • API String ID: 2706829360-0
                                                                • Opcode ID: 3c8ed0bc1b3d1118b2084cb8cb1d344789b2f3422870c7f3bb964fd9820ea0eb
                                                                • Instruction ID: 2f800c84fd1dde3444496dde0ba770c588461bc664afe06968f45dcfac4b5041
                                                                • Opcode Fuzzy Hash: 3c8ed0bc1b3d1118b2084cb8cb1d344789b2f3422870c7f3bb964fd9820ea0eb
                                                                • Instruction Fuzzy Hash: AF413235A0021ADFCF04EFA8D958DADBBB9FF48354F018065F956A7261DB30A946CF90
                                                                APIs
                                                                • GetKeyboardState.USER32(?), ref: 00A99CA1
                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00A99D22
                                                                • GetKeyState.USER32(000000A0), ref: 00A99D3D
                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00A99D57
                                                                • GetKeyState.USER32(000000A1), ref: 00A99D6C
                                                                • GetAsyncKeyState.USER32(00000011), ref: 00A99D84
                                                                • GetKeyState.USER32(00000011), ref: 00A99D96
                                                                • GetAsyncKeyState.USER32(00000012), ref: 00A99DAE
                                                                • GetKeyState.USER32(00000012), ref: 00A99DC0
                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00A99DD8
                                                                • GetKeyState.USER32(0000005B), ref: 00A99DEA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: State$Async$Keyboard
                                                                • String ID:
                                                                • API String ID: 541375521-0
                                                                • Opcode ID: cee675aa4a0a4211ae95f6800b1daca8711cb0b35280d0d3c53f36ff543a2326
                                                                • Instruction ID: 21a428a93b53e1c6b019c47abe3e97bc4cc6b0178d27abb81543b8894050804a
                                                                • Opcode Fuzzy Hash: cee675aa4a0a4211ae95f6800b1daca8711cb0b35280d0d3c53f36ff543a2326
                                                                • Instruction Fuzzy Hash: A541A6347047C97DFF3197A888447B7BEE06F12354F08805EDAC65A5C2EBA599C8C7A2
                                                                APIs
                                                                • WSAStartup.WSOCK32(00000101,?), ref: 00AB05BC
                                                                • inet_addr.WSOCK32(?), ref: 00AB061C
                                                                • gethostbyname.WSOCK32(?), ref: 00AB0628
                                                                • IcmpCreateFile.IPHLPAPI ref: 00AB0636
                                                                • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00AB06C6
                                                                • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00AB06E5
                                                                • IcmpCloseHandle.IPHLPAPI(?), ref: 00AB07B9
                                                                • WSACleanup.WSOCK32 ref: 00AB07BF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                • String ID: Ping
                                                                • API String ID: 1028309954-2246546115
                                                                • Opcode ID: 3cfc63377ec18a1d1690b94a229d9a68406ac9f40adb49341a2bcfbec87a773f
                                                                • Instruction ID: 2dbfb28a1fd0b00318501770042fd145e737dfcaff2d79ab144f2fc4276bd9d8
                                                                • Opcode Fuzzy Hash: 3cfc63377ec18a1d1690b94a229d9a68406ac9f40adb49341a2bcfbec87a773f
                                                                • Instruction Fuzzy Hash: 69919D356046019FD720CF15C988F5BBBE8EF84318F1585A9F46A8B6A2CB70EC81CF91
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharLower
                                                                • String ID: cdecl$none$stdcall$winapi
                                                                • API String ID: 707087890-567219261
                                                                • Opcode ID: 1b0601c8073d2535a4e8d16f07b2ad27ab971992b323eac077755cbb57953e4d
                                                                • Instruction ID: 4f4009614954e0686bbb4efd125d38bc12e7386a2810bbd88f5e53da7a1a61fb
                                                                • Opcode Fuzzy Hash: 1b0601c8073d2535a4e8d16f07b2ad27ab971992b323eac077755cbb57953e4d
                                                                • Instruction Fuzzy Hash: F3519131A041169BCF14DF6CC9519FEB7ADBF64724B20422AF926E7286DB39DD40C790
                                                                APIs
                                                                • CoInitialize.OLE32 ref: 00AB3774
                                                                • CoUninitialize.OLE32 ref: 00AB377F
                                                                • CoCreateInstance.OLE32(?,00000000,00000017,00ACFB78,?), ref: 00AB37D9
                                                                • IIDFromString.OLE32(?,?), ref: 00AB384C
                                                                • VariantInit.OLEAUT32(?), ref: 00AB38E4
                                                                • VariantClear.OLEAUT32(?), ref: 00AB3936
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                • API String ID: 636576611-1287834457
                                                                • Opcode ID: 2b2317509830027d59e5f37824d73679ec7f55717115f15e2b82d782406f71b3
                                                                • Instruction ID: 2c06cca4356f4f2fde85dc5e24e2ed7762dfaa988d473cc1df286e6be7408f00
                                                                • Opcode Fuzzy Hash: 2b2317509830027d59e5f37824d73679ec7f55717115f15e2b82d782406f71b3
                                                                • Instruction Fuzzy Hash: E8619372608311AFDB10DF94C949FAAB7E8EF45710F10481DF58597292D770EE49CB92
                                                                APIs
                                                                • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00AA33CF
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00AA33F0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: LoadString$_wcslen
                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                • API String ID: 4099089115-3080491070
                                                                • Opcode ID: ad9018d7228de50431eef3c837fa430e23f3452ffbd3b539e460c48d7814bdc3
                                                                • Instruction ID: 0a001ef06b8eaa8eb7df581583c98f2c5f418ac7335da19ff83f07df971cc0dd
                                                                • Opcode Fuzzy Hash: ad9018d7228de50431eef3c837fa430e23f3452ffbd3b539e460c48d7814bdc3
                                                                • Instruction Fuzzy Hash: CA518D72940209BADF15EBE4CE46EEEB7B8AF14340F108465F505730A2EB712F58DB61
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharUpper
                                                                • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                • API String ID: 1256254125-769500911
                                                                • Opcode ID: b92e8e07ef8314885e787a638ba985278fce98de08eab4a9750abfa735751f24
                                                                • Instruction ID: ffdee7bbd765c0452fe8bf7b0bd62cfb7b25d5809358e18ec22c4bfdcba72a92
                                                                • Opcode Fuzzy Hash: b92e8e07ef8314885e787a638ba985278fce98de08eab4a9750abfa735751f24
                                                                • Instruction Fuzzy Hash: B241E632B110269BCF106FBD9E905BE77F5BFA0754B244629E621DB284E731ED81C7A0
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 00AA53A0
                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00AA5416
                                                                • GetLastError.KERNEL32 ref: 00AA5420
                                                                • SetErrorMode.KERNEL32(00000000,READY), ref: 00AA54A7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                • API String ID: 4194297153-14809454
                                                                • Opcode ID: 692bc799464914acaab98666fa0e614bab054d30d582ebcef52b9b7279fe3f05
                                                                • Instruction ID: 5f3e559fb32434546080149323743ca86eff0a60b06aa2c1deb7e14e1aca8931
                                                                • Opcode Fuzzy Hash: 692bc799464914acaab98666fa0e614bab054d30d582ebcef52b9b7279fe3f05
                                                                • Instruction Fuzzy Hash: FF31B035E006089FDB10DFB8C584EAABBB5EF5A305F188069F506DB292D771DD86CB90
                                                                APIs
                                                                • CreateMenu.USER32 ref: 00AC3C79
                                                                • SetMenu.USER32(?,00000000), ref: 00AC3C88
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AC3D10
                                                                • IsMenu.USER32(?), ref: 00AC3D24
                                                                • CreatePopupMenu.USER32 ref: 00AC3D2E
                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00AC3D5B
                                                                • DrawMenuBar.USER32 ref: 00AC3D63
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                • String ID: 0$F
                                                                • API String ID: 161812096-3044882817
                                                                • Opcode ID: 93b41e838e847ff993d87304c65c8f508e59e7dea9cc004716cb107e255705f9
                                                                • Instruction ID: e4cdf9fe3cea39e5a3772a681bbb638d1a46ed850ca1e35bff3d666d6c8ad3eb
                                                                • Opcode Fuzzy Hash: 93b41e838e847ff993d87304c65c8f508e59e7dea9cc004716cb107e255705f9
                                                                • Instruction Fuzzy Hash: 9041367AA01209EFDF14CFA4D844FAA7BB5FF49350F15442DE94AA7360D730AA11CB94
                                                                APIs
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                  • Part of subcall function 00A93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A93CCA
                                                                • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00A91F64
                                                                • GetDlgCtrlID.USER32 ref: 00A91F6F
                                                                • GetParent.USER32 ref: 00A91F8B
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00A91F8E
                                                                • GetDlgCtrlID.USER32(?), ref: 00A91F97
                                                                • GetParent.USER32(?), ref: 00A91FAB
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00A91FAE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 711023334-1403004172
                                                                • Opcode ID: 841a0e47f5704581dbd0088bfceaf1827ac425ca771e6081ea4489810e613fd0
                                                                • Instruction ID: 8e87ba2ad7146b7410e6599c8dab3e283a2db6ccb37dfbd741ca46583e60bbbb
                                                                • Opcode Fuzzy Hash: 841a0e47f5704581dbd0088bfceaf1827ac425ca771e6081ea4489810e613fd0
                                                                • Instruction Fuzzy Hash: F321BE75A00218BBCF05EFA0CD85DFEBBB8EF05310F001516F965A72A1DB795909DB60
                                                                APIs
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                  • Part of subcall function 00A93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A93CCA
                                                                • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00A92043
                                                                • GetDlgCtrlID.USER32 ref: 00A9204E
                                                                • GetParent.USER32 ref: 00A9206A
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00A9206D
                                                                • GetDlgCtrlID.USER32(?), ref: 00A92076
                                                                • GetParent.USER32(?), ref: 00A9208A
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00A9208D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 711023334-1403004172
                                                                • Opcode ID: 7edecb23c14deca777a3340131f9c21a47bcf79377b0fb8a89e6a4133a2989fb
                                                                • Instruction ID: 2e07370325a448555a225f4af2a3a50cb04e9e3ff8445ab2ccce06dd0b123f34
                                                                • Opcode Fuzzy Hash: 7edecb23c14deca777a3340131f9c21a47bcf79377b0fb8a89e6a4133a2989fb
                                                                • Instruction Fuzzy Hash: 0121A175E40218BBCF10EFA0CD85EFEBBB8EF05350F005415F955A72A1DA794919DB60
                                                                APIs
                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00AC3A9D
                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00AC3AA0
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AC3AC7
                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00AC3AEA
                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00AC3B62
                                                                • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00AC3BAC
                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00AC3BC7
                                                                • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00AC3BE2
                                                                • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00AC3BF6
                                                                • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00AC3C13
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$LongWindow
                                                                • String ID:
                                                                • API String ID: 312131281-0
                                                                • Opcode ID: 1c653302f69f1b3534668667f414bfff7adeee239dec7e4884febafed78213f1
                                                                • Instruction ID: 52e63af85163942b8a0c207f1ea79d7a29df1da9fb5466381fbd27324aa7e414
                                                                • Opcode Fuzzy Hash: 1c653302f69f1b3534668667f414bfff7adeee239dec7e4884febafed78213f1
                                                                • Instruction Fuzzy Hash: 95616875A00208AFDB10DFA8CD81FEE77B8EB09710F114199FA15AB2A1D774AE46DB50
                                                                APIs
                                                                • GetCurrentThreadId.KERNEL32 ref: 00A9B151
                                                                • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00A9A1E1,?,00000001), ref: 00A9B165
                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 00A9B16C
                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00A9A1E1,?,00000001), ref: 00A9B17B
                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00A9B18D
                                                                • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00A9A1E1,?,00000001), ref: 00A9B1A6
                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00A9A1E1,?,00000001), ref: 00A9B1B8
                                                                • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00A9A1E1,?,00000001), ref: 00A9B1FD
                                                                • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00A9A1E1,?,00000001), ref: 00A9B212
                                                                • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00A9A1E1,?,00000001), ref: 00A9B21D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                • String ID:
                                                                • API String ID: 2156557900-0
                                                                • Opcode ID: 6ff4bd46d644ae353e5a5c0e5522bf4e39442de73b7e22574a6c976643151e95
                                                                • Instruction ID: 3795afba72d5d0b3b6d20cefa223ec2cf253ec0b39eceaf92bc8bfbdc82bb881
                                                                • Opcode Fuzzy Hash: 6ff4bd46d644ae353e5a5c0e5522bf4e39442de73b7e22574a6c976643151e95
                                                                • Instruction Fuzzy Hash: E5317C75610204AFDF10DF64EE98FA97BEDEB61721F114105FA05D71A0EBB4AA428F70
                                                                APIs
                                                                • _free.LIBCMT ref: 00A62C94
                                                                  • Part of subcall function 00A629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A6D7D1,00000000,00000000,00000000,00000000,?,00A6D7F8,00000000,00000007,00000000,?,00A6DBF5,00000000), ref: 00A629DE
                                                                  • Part of subcall function 00A629C8: GetLastError.KERNEL32(00000000,?,00A6D7D1,00000000,00000000,00000000,00000000,?,00A6D7F8,00000000,00000007,00000000,?,00A6DBF5,00000000,00000000), ref: 00A629F0
                                                                • _free.LIBCMT ref: 00A62CA0
                                                                • _free.LIBCMT ref: 00A62CAB
                                                                • _free.LIBCMT ref: 00A62CB6
                                                                • _free.LIBCMT ref: 00A62CC1
                                                                • _free.LIBCMT ref: 00A62CCC
                                                                • _free.LIBCMT ref: 00A62CD7
                                                                • _free.LIBCMT ref: 00A62CE2
                                                                • _free.LIBCMT ref: 00A62CED
                                                                • _free.LIBCMT ref: 00A62CFB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: 41d9efa1fb17b2421c681dc2cedb7b1681f1d6de8f23539b18c3c6d09f840700
                                                                • Instruction ID: 770998f282e1d5cd3e4e4c8591b9df1ecef0ee2777e791fbbbb2d1648568833c
                                                                • Opcode Fuzzy Hash: 41d9efa1fb17b2421c681dc2cedb7b1681f1d6de8f23539b18c3c6d09f840700
                                                                • Instruction Fuzzy Hash: 9111A476600508BFCB06EF54DA82EDD3BB5FF85390F4144A5FA489F222DA31EE509B90
                                                                APIs
                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00AA7FAD
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AA7FC1
                                                                • GetFileAttributesW.KERNEL32(?), ref: 00AA7FEB
                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00AA8005
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AA8017
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AA8060
                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00AA80B0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectory$AttributesFile
                                                                • String ID: *.*
                                                                • API String ID: 769691225-438819550
                                                                • Opcode ID: 35b2e889d2144af33ba7dc803968fe9bceec567025b6fd13d4b8561ad204055c
                                                                • Instruction ID: 581361e1921bcdcc613b64ce617d62497e7157a24ace2be0d2e008e4a37bb6ae
                                                                • Opcode Fuzzy Hash: 35b2e889d2144af33ba7dc803968fe9bceec567025b6fd13d4b8561ad204055c
                                                                • Instruction Fuzzy Hash: 83819D725083419BCB30EF14C9449AFB3E8BF8A310F544C6AF889D7291EB35DD498B92
                                                                APIs
                                                                • SetWindowLongW.USER32(?,000000EB), ref: 00A35C7A
                                                                  • Part of subcall function 00A35D0A: GetClientRect.USER32(?,?), ref: 00A35D30
                                                                  • Part of subcall function 00A35D0A: GetWindowRect.USER32(?,?), ref: 00A35D71
                                                                  • Part of subcall function 00A35D0A: ScreenToClient.USER32(?,?), ref: 00A35D99
                                                                • GetDC.USER32 ref: 00A746F5
                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00A74708
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00A74716
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00A7472B
                                                                • ReleaseDC.USER32(?,00000000), ref: 00A74733
                                                                • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00A747C4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                • String ID: U
                                                                • API String ID: 4009187628-3372436214
                                                                • Opcode ID: 43999d9dabfedd73d1c6f194cff73eb8e9bfa169513ee1a123cd613355d3f2c7
                                                                • Instruction ID: aa4bf37a79d9d7d34ade0ec6dc61e8b0fc1be3fec5b94ee97978370657d2b9c6
                                                                • Opcode Fuzzy Hash: 43999d9dabfedd73d1c6f194cff73eb8e9bfa169513ee1a123cd613355d3f2c7
                                                                • Instruction Fuzzy Hash: 0971DF30900205DFCF2ACF68CD85ABA7BB5FF4A364F18C269F9595A166C7319841DF50
                                                                APIs
                                                                • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00AA35E4
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                • LoadStringW.USER32(00B02390,?,00000FFF,?), ref: 00AA360A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: LoadString$_wcslen
                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                • API String ID: 4099089115-2391861430
                                                                • Opcode ID: 2fc6a8a90677a1b7d8b8618cb446906d53d01f0e675df99e50994774a03b789a
                                                                • Instruction ID: ca243f3e0d14a52228dad5474dcf9d344683828c53eb779dda1a56f9b0c11129
                                                                • Opcode Fuzzy Hash: 2fc6a8a90677a1b7d8b8618cb446906d53d01f0e675df99e50994774a03b789a
                                                                • Instruction Fuzzy Hash: BD515972904209BBCF15EBE0CE42EEEBB78AF15300F144129F105771A1EB712A99DFA1
                                                                APIs
                                                                  • Part of subcall function 00A49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A49BB2
                                                                  • Part of subcall function 00A4912D: GetCursorPos.USER32(?), ref: 00A49141
                                                                  • Part of subcall function 00A4912D: ScreenToClient.USER32(00000000,?), ref: 00A4915E
                                                                  • Part of subcall function 00A4912D: GetAsyncKeyState.USER32(00000001), ref: 00A49183
                                                                  • Part of subcall function 00A4912D: GetAsyncKeyState.USER32(00000002), ref: 00A4919D
                                                                • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00AC8B6B
                                                                • ImageList_EndDrag.COMCTL32 ref: 00AC8B71
                                                                • ReleaseCapture.USER32 ref: 00AC8B77
                                                                • SetWindowTextW.USER32(?,00000000), ref: 00AC8C12
                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00AC8C25
                                                                • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00AC8CFF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                • API String ID: 1924731296-2107944366
                                                                • Opcode ID: d9ef481f2273fa4009beb18de465d662358317ee77c0692b5d7402f5418bac8e
                                                                • Instruction ID: e735d40a9164b034ca654166aae4598577001ac30e84b05716d2e83a32215acd
                                                                • Opcode Fuzzy Hash: d9ef481f2273fa4009beb18de465d662358317ee77c0692b5d7402f5418bac8e
                                                                • Instruction Fuzzy Hash: 5C518971108304AFD704EF24DD96FAA77E4FB88714F000A2DF996A72E1CB74A945CB62
                                                                APIs
                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00AAC272
                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00AAC29A
                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00AAC2CA
                                                                • GetLastError.KERNEL32 ref: 00AAC322
                                                                • SetEvent.KERNEL32(?), ref: 00AAC336
                                                                • InternetCloseHandle.WININET(00000000), ref: 00AAC341
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                • String ID:
                                                                • API String ID: 3113390036-3916222277
                                                                • Opcode ID: f8e580db35d733131392856b9653f3ba371c383bbfb45f67c0a5f2124c3ed05b
                                                                • Instruction ID: 8ba1c375dc5d5f0f2fb0dbcfa0d59dd6c1cfd6ba50b160c72d86a470ba979d85
                                                                • Opcode Fuzzy Hash: f8e580db35d733131392856b9653f3ba371c383bbfb45f67c0a5f2124c3ed05b
                                                                • Instruction Fuzzy Hash: D5316F71500304AFEB21DFA48988AABBAFCEB4A764F14851DF44A97280DB34DD059B70
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00A73AAF,?,?,Bad directive syntax error,00ACCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00A998BC
                                                                • LoadStringW.USER32(00000000,?,00A73AAF,?), ref: 00A998C3
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00A99987
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: HandleLoadMessageModuleString_wcslen
                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                • API String ID: 858772685-4153970271
                                                                • Opcode ID: 1c2cb64532e47521a84e7afb0ab747d1383e01ebebf7f1e5fed1739bb8fa55c0
                                                                • Instruction ID: 18408a541649caf8cfd12e65fb30e5fd4dffd78b79e4f7c36615a753b385c1e7
                                                                • Opcode Fuzzy Hash: 1c2cb64532e47521a84e7afb0ab747d1383e01ebebf7f1e5fed1739bb8fa55c0
                                                                • Instruction Fuzzy Hash: 17215A3294421EBBCF15AFD0CD0AEEE7779FF18300F044869F619660A2EB719A18DB51
                                                                APIs
                                                                • GetParent.USER32 ref: 00A920AB
                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 00A920C0
                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00A9214D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameParentSend
                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                • API String ID: 1290815626-3381328864
                                                                • Opcode ID: cab6bda6bfab5d67e1aa82b99f5755a8a1da75f4379ec917483b66679637c08f
                                                                • Instruction ID: 7b333167e82645af323981c3d8774e75de045366a78563b0ad24b056232d8600
                                                                • Opcode Fuzzy Hash: cab6bda6bfab5d67e1aa82b99f5755a8a1da75f4379ec917483b66679637c08f
                                                                • Instruction Fuzzy Hash: 6311E37AB8870ABAFA016374EC0AEB637DCEB08369B300216FB04A50D1FA7168565714
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1df407c20e6cb4052a1751fc4673747c48205a0588d30b4405e90e72423fc97d
                                                                • Instruction ID: c8ce876f4bdb2b7fd44285ad5c367dd924484f25978f8d63c93df05b417e4831
                                                                • Opcode Fuzzy Hash: 1df407c20e6cb4052a1751fc4673747c48205a0588d30b4405e90e72423fc97d
                                                                • Instruction Fuzzy Hash: F1C1F3B4E04249AFDF11DFA8D841BEEBBB8BF19310F054199E915A7392CB349941CB61
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                • String ID:
                                                                • API String ID: 1282221369-0
                                                                • Opcode ID: 948dcd47e6044687e5bb658e7739807bf4b1f6cc5e3b04c791afe5152b3b4c49
                                                                • Instruction ID: 65bf05cc64b66ba2180d436c1fb43f331a9d4da6789c7a0021dd27f832d06232
                                                                • Opcode Fuzzy Hash: 948dcd47e6044687e5bb658e7739807bf4b1f6cc5e3b04c791afe5152b3b4c49
                                                                • Instruction Fuzzy Hash: 20614B71A04701AFDF25AFB89D81B7D7BB5EF05370F05426DF98597281DA329D0187A0
                                                                APIs
                                                                • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00AC5186
                                                                • ShowWindow.USER32(?,00000000), ref: 00AC51C7
                                                                • ShowWindow.USER32(?,00000005,?,00000000), ref: 00AC51CD
                                                                • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00AC51D1
                                                                  • Part of subcall function 00AC6FBA: DeleteObject.GDI32(00000000), ref: 00AC6FE6
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AC520D
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AC521A
                                                                • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00AC524D
                                                                • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00AC5287
                                                                • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00AC5296
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                • String ID:
                                                                • API String ID: 3210457359-0
                                                                • Opcode ID: 953aef6ea0393b35351792d9cc696cbe3af131ea41bfa9ca238a0a3080024878
                                                                • Instruction ID: 9097f1501c915497630a53cdae91c5f968c356a80ac47961d1899b719a499408
                                                                • Opcode Fuzzy Hash: 953aef6ea0393b35351792d9cc696cbe3af131ea41bfa9ca238a0a3080024878
                                                                • Instruction Fuzzy Hash: 2851CE30E40A08BEEF20AF74CC4AFD97BA5EB04320F5A4209F619962E0C775B9D0DB40
                                                                APIs
                                                                • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00A86890
                                                                • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00A868A9
                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00A868B9
                                                                • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00A868D1
                                                                • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00A868F2
                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A48874,00000000,00000000,00000000,000000FF,00000000), ref: 00A86901
                                                                • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00A8691E
                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A48874,00000000,00000000,00000000,000000FF,00000000), ref: 00A8692D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                • String ID:
                                                                • API String ID: 1268354404-0
                                                                • Opcode ID: 9aeedb1398ee469332faa5ead575b16777fed540ec8b25b6b4c8ce50f83c5f8b
                                                                • Instruction ID: 8008f707903a23b78cdf09553638678e316de300b0af05c89275d2bc0d0cbdae
                                                                • Opcode Fuzzy Hash: 9aeedb1398ee469332faa5ead575b16777fed540ec8b25b6b4c8ce50f83c5f8b
                                                                • Instruction Fuzzy Hash: 0A519A74A00209EFEB24DF28DC55FAE7BB5FB98760F104518F906972A0DB74E992DB40
                                                                APIs
                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00AAC182
                                                                • GetLastError.KERNEL32 ref: 00AAC195
                                                                • SetEvent.KERNEL32(?), ref: 00AAC1A9
                                                                  • Part of subcall function 00AAC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00AAC272
                                                                  • Part of subcall function 00AAC253: GetLastError.KERNEL32 ref: 00AAC322
                                                                  • Part of subcall function 00AAC253: SetEvent.KERNEL32(?), ref: 00AAC336
                                                                  • Part of subcall function 00AAC253: InternetCloseHandle.WININET(00000000), ref: 00AAC341
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                • String ID:
                                                                • API String ID: 337547030-0
                                                                • Opcode ID: 0126d408a38e9e06b71e65226a8bb2ac3ec7996073a1b37e60ab1528ffe1cf31
                                                                • Instruction ID: 5afd35219ff8d07e9dbb772af140298f50169a04678bf9ab63ff9828aabd5507
                                                                • Opcode Fuzzy Hash: 0126d408a38e9e06b71e65226a8bb2ac3ec7996073a1b37e60ab1528ffe1cf31
                                                                • Instruction Fuzzy Hash: 1431BE71200705AFEB21AFE5DD04BA6BBF8FF1A320B04451EF95A87650D731E819DBA0
                                                                APIs
                                                                  • Part of subcall function 00A93A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A93A57
                                                                  • Part of subcall function 00A93A3D: GetCurrentThreadId.KERNEL32 ref: 00A93A5E
                                                                  • Part of subcall function 00A93A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A925B3), ref: 00A93A65
                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00A925BD
                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00A925DB
                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00A925DF
                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00A925E9
                                                                • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00A92601
                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00A92605
                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00A9260F
                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00A92623
                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00A92627
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                • String ID:
                                                                • API String ID: 2014098862-0
                                                                • Opcode ID: dae240550391b2f2d60423ed746ba665f756bbd1e3146f2cae4f071f1d076df5
                                                                • Instruction ID: 38a6f740ae77b2b4510e28f12a0bd774d28dc7bc3232a15dc777876cf5d7eb55
                                                                • Opcode Fuzzy Hash: dae240550391b2f2d60423ed746ba665f756bbd1e3146f2cae4f071f1d076df5
                                                                • Instruction Fuzzy Hash: 8501D831790220BBFF10A7A99C8AF593FA9DB4EB61F120011F318AE1D1C9E214458A69
                                                                APIs
                                                                • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00A91449,?,?,00000000), ref: 00A9180C
                                                                • HeapAlloc.KERNEL32(00000000,?,00A91449,?,?,00000000), ref: 00A91813
                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00A91449,?,?,00000000), ref: 00A91828
                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00A91449,?,?,00000000), ref: 00A91830
                                                                • DuplicateHandle.KERNEL32(00000000,?,00A91449,?,?,00000000), ref: 00A91833
                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00A91449,?,?,00000000), ref: 00A91843
                                                                • GetCurrentProcess.KERNEL32(00A91449,00000000,?,00A91449,?,?,00000000), ref: 00A9184B
                                                                • DuplicateHandle.KERNEL32(00000000,?,00A91449,?,?,00000000), ref: 00A9184E
                                                                • CreateThread.KERNEL32(00000000,00000000,00A91874,00000000,00000000,00000000), ref: 00A91868
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                • String ID:
                                                                • API String ID: 1957940570-0
                                                                • Opcode ID: e560842261ee7a2b5a657745e57a3cd3752773dd8bd07978fd0017c4f04230ac
                                                                • Instruction ID: 4612fc91f959eca097b5445d2d3613385ec5e9d0d0625aeba16448002a19dc1c
                                                                • Opcode Fuzzy Hash: e560842261ee7a2b5a657745e57a3cd3752773dd8bd07978fd0017c4f04230ac
                                                                • Instruction Fuzzy Hash: 0501BFB5240344BFE710EBA6DC4DF5B7BACEB89B11F054511FA05DB191C6749801CB20
                                                                APIs
                                                                  • Part of subcall function 00A9D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00A9D501
                                                                  • Part of subcall function 00A9D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00A9D50F
                                                                  • Part of subcall function 00A9D4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 00A9D5DC
                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00ABA16D
                                                                • GetLastError.KERNEL32 ref: 00ABA180
                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00ABA1B3
                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 00ABA268
                                                                • GetLastError.KERNEL32(00000000), ref: 00ABA273
                                                                • CloseHandle.KERNEL32(00000000), ref: 00ABA2C4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                • String ID: SeDebugPrivilege
                                                                • API String ID: 1701285019-2896544425
                                                                • Opcode ID: 7291e1f271caa75d142ed223d95e16cc113692c709234f09b974d1c0a5d179c2
                                                                • Instruction ID: 7b2e2868e0c3023c00fac6f9c0998e3dbe1fa529976ef66a567abca034175754
                                                                • Opcode Fuzzy Hash: 7291e1f271caa75d142ed223d95e16cc113692c709234f09b974d1c0a5d179c2
                                                                • Instruction Fuzzy Hash: 23619F30204242AFD710DF19C894F95BBE5AF54318F18849CE46A4F7A3C772EC45CB92
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00AC3925
                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00AC393A
                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00AC3954
                                                                • _wcslen.LIBCMT ref: 00AC3999
                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 00AC39C6
                                                                • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00AC39F4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Window_wcslen
                                                                • String ID: SysListView32
                                                                • API String ID: 2147712094-78025650
                                                                • Opcode ID: 60a4a31e57c9b25d3e041f2b23a23cbd7a560a7e3cffc8ccb27e635b4755cfe5
                                                                • Instruction ID: 6fbee302325ab696647a62ffb1284c265ca0599de919eb2bc635cae57dbeb2c8
                                                                • Opcode Fuzzy Hash: 60a4a31e57c9b25d3e041f2b23a23cbd7a560a7e3cffc8ccb27e635b4755cfe5
                                                                • Instruction Fuzzy Hash: C341A372A00219BBEF219F64CC45FEA7BA9FF08354F11452AF958E7281D7759A80CB90
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A9BCFD
                                                                • IsMenu.USER32(00000000), ref: 00A9BD1D
                                                                • CreatePopupMenu.USER32 ref: 00A9BD53
                                                                • GetMenuItemCount.USER32(01066648), ref: 00A9BDA4
                                                                • InsertMenuItemW.USER32(01066648,?,00000001,00000030), ref: 00A9BDCC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                • String ID: 0$2
                                                                • API String ID: 93392585-3793063076
                                                                • Opcode ID: 0344ba6d3c50ce47691801d82584d5e305e8e2000df491caf335f7400387dc44
                                                                • Instruction ID: 016445a267bb9093e5cb1881453531c53fbf7c8c5307320294aa3fedb0fe14dd
                                                                • Opcode Fuzzy Hash: 0344ba6d3c50ce47691801d82584d5e305e8e2000df491caf335f7400387dc44
                                                                • Instruction Fuzzy Hash: 7D51BF70B10219DBDF10CFA8EA88BAEBBF4BF45324F144159E415EB291D7709941CB71
                                                                APIs
                                                                • LoadIconW.USER32(00000000,00007F03), ref: 00A9C913
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: IconLoad
                                                                • String ID: blank$info$question$stop$warning
                                                                • API String ID: 2457776203-404129466
                                                                • Opcode ID: 6a409b701785dc6481fba490811b854ff1a1fb298bf457e6d78874fb9575aa85
                                                                • Instruction ID: a5c89b4fde48d3e54aaf14bbeb12b188c1f883b991978867306e042cbaca2d92
                                                                • Opcode Fuzzy Hash: 6a409b701785dc6481fba490811b854ff1a1fb298bf457e6d78874fb9575aa85
                                                                • Instruction Fuzzy Hash: 92110D32789B0ABAEF05AB549C83CAA77ECEF15379B20442AFA04A6282D7705D405364
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                • String ID: 0.0.0.0
                                                                • API String ID: 642191829-3771769585
                                                                • Opcode ID: 0d093a76321153fa5eeb17a10c3a46ef7a597d405d073d0388028a383387b9ea
                                                                • Instruction ID: 6d5ef695b15b4a7f6ef67582c9b3a006f0c7d18f36f7ccf37cc315a18279db20
                                                                • Opcode Fuzzy Hash: 0d093a76321153fa5eeb17a10c3a46ef7a597d405d073d0388028a383387b9ea
                                                                • Instruction Fuzzy Hash: FD110671A04115BFCF20ABA09D4AEEF77FCEF14765F010169F509AA091EF708AC18A60
                                                                APIs
                                                                  • Part of subcall function 00A49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A49BB2
                                                                • GetSystemMetrics.USER32(0000000F), ref: 00AC9FC7
                                                                • GetSystemMetrics.USER32(0000000F), ref: 00AC9FE7
                                                                • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00ACA224
                                                                • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00ACA242
                                                                • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00ACA263
                                                                • ShowWindow.USER32(00000003,00000000), ref: 00ACA282
                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00ACA2A7
                                                                • DefDlgProcW.USER32(?,00000005,?,?), ref: 00ACA2CA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                • String ID:
                                                                • API String ID: 1211466189-0
                                                                • Opcode ID: fe848b39ed9f2a08670866a45ee49f0d70aa25b429ad9cb6122cfcf7279f10fc
                                                                • Instruction ID: ac1b5fb7870884cc017ed42a42de335cafd11a9313a849ea3fe568e806c91b39
                                                                • Opcode Fuzzy Hash: fe848b39ed9f2a08670866a45ee49f0d70aa25b429ad9cb6122cfcf7279f10fc
                                                                • Instruction Fuzzy Hash: CFB1AA31600229DBDF14CF68C985BFA7BF2FF64715F0A8069EC499B295DB31A940CB51
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$LocalTime
                                                                • String ID:
                                                                • API String ID: 952045576-0
                                                                • Opcode ID: e8e4dbf57c6b5c7338cdaa6fc0b325f52c65ca8f29cbce6dca33196eaf9d7aab
                                                                • Instruction ID: 0da912dcdf2b005646c85333f80eac980ac955b59e93de4f51775c5df11fd557
                                                                • Opcode Fuzzy Hash: e8e4dbf57c6b5c7338cdaa6fc0b325f52c65ca8f29cbce6dca33196eaf9d7aab
                                                                • Instruction Fuzzy Hash: F841B265D10218B5DB11EBF5888A9CFB7BCFF45311F508466E918E3122FB34E249C3A5
                                                                APIs
                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A8682C,00000004,00000000,00000000), ref: 00A4F953
                                                                • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00A8682C,00000004,00000000,00000000), ref: 00A8F3D1
                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A8682C,00000004,00000000,00000000), ref: 00A8F454
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ShowWindow
                                                                • String ID:
                                                                • API String ID: 1268545403-0
                                                                • Opcode ID: c9c1a487df8848b05777d3f0a4293b7369358896a67287e328b62fd073909343
                                                                • Instruction ID: c6ced7468b2614d9becb15c49fc3ccd29237a03daa815a24cff160639d81e172
                                                                • Opcode Fuzzy Hash: c9c1a487df8848b05777d3f0a4293b7369358896a67287e328b62fd073909343
                                                                • Instruction Fuzzy Hash: FD413A39208680BED7399F3CCD88B2A7BA1AFD6320F14643DE09B57562D731A881CB11
                                                                APIs
                                                                • DeleteObject.GDI32(00000000), ref: 00AC2D1B
                                                                • GetDC.USER32(00000000), ref: 00AC2D23
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AC2D2E
                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00AC2D3A
                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00AC2D76
                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00AC2D87
                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00AC5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00AC2DC2
                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00AC2DE1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                • String ID:
                                                                • API String ID: 3864802216-0
                                                                • Opcode ID: 41b69b95a32c4a0cc5df480f71e450d43fe25452ce1a8c4cee6800ddce9ca99a
                                                                • Instruction ID: bf90cf81034d4807f9535544cb3d8532fffc4317ebc091d390d6c37cef317ac6
                                                                • Opcode Fuzzy Hash: 41b69b95a32c4a0cc5df480f71e450d43fe25452ce1a8c4cee6800ddce9ca99a
                                                                • Instruction Fuzzy Hash: E231AE72201214BFEB118F54CC8AFEB3FADEF19721F094055FE099A291C6759C41CBA0
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _memcmp
                                                                • String ID:
                                                                • API String ID: 2931989736-0
                                                                • Opcode ID: 443e3be9bcc3f3c36dc90a41a3066eeae9926e2ef06b67046493914bdbb1c614
                                                                • Instruction ID: e8a3c1f0c57d39f73528b783342952236c6dbb01d0318ec294c102895ccb9348
                                                                • Opcode Fuzzy Hash: 443e3be9bcc3f3c36dc90a41a3066eeae9926e2ef06b67046493914bdbb1c614
                                                                • Instruction Fuzzy Hash: D72195B1F45A097B9A165A319E93FBA33DDBF20395F480424FE049A581F730EE1483A5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                • API String ID: 0-572801152
                                                                • Opcode ID: d69ab3493e8af0b652d39a9c50f7ddfc214515e7bb67f41b340869d5603e5c2d
                                                                • Instruction ID: a173d9e3bdfa1308aa7272089c4b9d59a9dcefc9ec334142debeed58dbeeb3a1
                                                                • Opcode Fuzzy Hash: d69ab3493e8af0b652d39a9c50f7ddfc214515e7bb67f41b340869d5603e5c2d
                                                                • Instruction Fuzzy Hash: 50D1BE71E0060AAFDF14DFA8D880BEEB7B9BF48354F148169E915AB282D771DD41CB90
                                                                APIs
                                                                • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00A717FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00A715CE
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00A717FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00A71651
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00A717FB,?,00A717FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00A716E4
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00A717FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00A716FB
                                                                  • Part of subcall function 00A63820: RtlAllocateHeap.NTDLL(00000000,?,00B01444,?,00A4FDF5,?,?,00A3A976,00000010,00B01440,00A313FC,?,00A313C6,?,00A31129), ref: 00A63852
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00A717FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00A71777
                                                                • __freea.LIBCMT ref: 00A717A2
                                                                • __freea.LIBCMT ref: 00A717AE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                • String ID:
                                                                • API String ID: 2829977744-0
                                                                • Opcode ID: cf3fa6825a6f2a5e37d9caa3bc2cbfd724935f400fc38f8276600b3f5e7d5b7a
                                                                • Instruction ID: 6c0613e018feeecf84fa39cdb71598febd2203c0818f6a4597410d4b86a06f23
                                                                • Opcode Fuzzy Hash: cf3fa6825a6f2a5e37d9caa3bc2cbfd724935f400fc38f8276600b3f5e7d5b7a
                                                                • Instruction Fuzzy Hash: D3919372E002169EDB288FA9CD81EEEBBF5AF45710F18C659E809E7141E735DD41CBA0
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInit
                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                • API String ID: 2610073882-625585964
                                                                • Opcode ID: 56aefee5be0816a25b5d9e2abddd7ea3f361f2a07ba9c136cc742454caaf2dfa
                                                                • Instruction ID: 1bbab3b69818fd54f7d5f65b7a07b71d8bc775017fc0ebe9c86153a0112020e8
                                                                • Opcode Fuzzy Hash: 56aefee5be0816a25b5d9e2abddd7ea3f361f2a07ba9c136cc742454caaf2dfa
                                                                • Instruction Fuzzy Hash: 2A916F71A00219AFDF24CFA5C854FEEBBBCEF4A714F108559F505AB282DB709945CBA0
                                                                APIs
                                                                • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00AA125C
                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00AA1284
                                                                • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00AA12A8
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AA12D8
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AA135F
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AA13C4
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AA1430
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                • String ID:
                                                                • API String ID: 2550207440-0
                                                                • Opcode ID: 25717c1082ed60706ab3807f520b4833799cead39e0e8b3c2fd6808da1e7bdbd
                                                                • Instruction ID: 121778303c362103a1e5f61ba7c817d64e346c4a7fa94ba3f5c823d9a5d3cfe0
                                                                • Opcode Fuzzy Hash: 25717c1082ed60706ab3807f520b4833799cead39e0e8b3c2fd6808da1e7bdbd
                                                                • Instruction Fuzzy Hash: 2591C075A00209AFDB00DFA8C885BBEB7B5FF46325F118029E951EB2D1D774E946CB90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                • String ID:
                                                                • API String ID: 3225163088-0
                                                                • Opcode ID: 093e41d4c88676a11f8bb195d4023c05cfe3873cdf19a0a0726a6e0fbc43f854
                                                                • Instruction ID: 672ed0a978cc8b4636a80e0953a2419bbe3d272f8beeba0f46d87504d22d11ae
                                                                • Opcode Fuzzy Hash: 093e41d4c88676a11f8bb195d4023c05cfe3873cdf19a0a0726a6e0fbc43f854
                                                                • Instruction Fuzzy Hash: F0912475D40219EFCB10CFA9C984AEFBBB8FF89320F248159E515B7251D374AA52CB60
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 00AB396B
                                                                • CharUpperBuffW.USER32(?,?), ref: 00AB3A7A
                                                                • _wcslen.LIBCMT ref: 00AB3A8A
                                                                • VariantClear.OLEAUT32(?), ref: 00AB3C1F
                                                                  • Part of subcall function 00AA0CDF: VariantInit.OLEAUT32(00000000), ref: 00AA0D1F
                                                                  • Part of subcall function 00AA0CDF: VariantCopy.OLEAUT32(?,?), ref: 00AA0D28
                                                                  • Part of subcall function 00AA0CDF: VariantClear.OLEAUT32(?), ref: 00AA0D34
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                • API String ID: 4137639002-1221869570
                                                                • Opcode ID: d0233cef04d9777eb4bed531375b2cbd23874b5ce2fe89c540d79757291a5b01
                                                                • Instruction ID: 63696e8566ddd4afa0ac648712da2962143ec194800563739da508b442dcb177
                                                                • Opcode Fuzzy Hash: d0233cef04d9777eb4bed531375b2cbd23874b5ce2fe89c540d79757291a5b01
                                                                • Instruction Fuzzy Hash: AF918C756083059FCB04DF68C58096AB7E8FF89314F14892DF88A9B352DB31EE45CB92
                                                                APIs
                                                                  • Part of subcall function 00A9000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A8FF41,80070057,?,?,?,00A9035E), ref: 00A9002B
                                                                  • Part of subcall function 00A9000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A8FF41,80070057,?,?), ref: 00A90046
                                                                  • Part of subcall function 00A9000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A8FF41,80070057,?,?), ref: 00A90054
                                                                  • Part of subcall function 00A9000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A8FF41,80070057,?), ref: 00A90064
                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00AB4C51
                                                                • _wcslen.LIBCMT ref: 00AB4D59
                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00AB4DCF
                                                                • CoTaskMemFree.OLE32(?), ref: 00AB4DDA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                • String ID: NULL Pointer assignment
                                                                • API String ID: 614568839-2785691316
                                                                • Opcode ID: 0667d41f83f60b7a591ab037dd6eb51eb1590b7261dd1336fea7d4cfe7e687bf
                                                                • Instruction ID: 85aae337827b3871f8a036e7faf267f5edf9f191361499f2024968844c29fac8
                                                                • Opcode Fuzzy Hash: 0667d41f83f60b7a591ab037dd6eb51eb1590b7261dd1336fea7d4cfe7e687bf
                                                                • Instruction Fuzzy Hash: 2D91F771D00219AFDF14DFA4C891EEEB7B9BF08310F108169F919A7252DB749A45CFA0
                                                                APIs
                                                                • GetMenu.USER32(?), ref: 00AC2183
                                                                • GetMenuItemCount.USER32(00000000), ref: 00AC21B5
                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00AC21DD
                                                                • _wcslen.LIBCMT ref: 00AC2213
                                                                • GetMenuItemID.USER32(?,?), ref: 00AC224D
                                                                • GetSubMenu.USER32(?,?), ref: 00AC225B
                                                                  • Part of subcall function 00A93A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A93A57
                                                                  • Part of subcall function 00A93A3D: GetCurrentThreadId.KERNEL32 ref: 00A93A5E
                                                                  • Part of subcall function 00A93A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A925B3), ref: 00A93A65
                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00AC22E3
                                                                  • Part of subcall function 00A9E97B: Sleep.KERNEL32 ref: 00A9E9F3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                • String ID:
                                                                • API String ID: 4196846111-0
                                                                • Opcode ID: 219bad4ebb9ee1abf151092198880d45c53e505be01c904abe4e7d61b967c21f
                                                                • Instruction ID: d9a4176c6d2fb2bc3de62a868ac0b7104d6e452d91b57b51104de7b0731149ad
                                                                • Opcode Fuzzy Hash: 219bad4ebb9ee1abf151092198880d45c53e505be01c904abe4e7d61b967c21f
                                                                • Instruction Fuzzy Hash: 18716D75A00205AFCB14EFA8C945FAEB7F5EF88320F168459E816EB351DB34ED418B90
                                                                APIs
                                                                • IsWindow.USER32(01066620), ref: 00AC7F37
                                                                • IsWindowEnabled.USER32(01066620), ref: 00AC7F43
                                                                • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00AC801E
                                                                • SendMessageW.USER32(01066620,000000B0,?,?), ref: 00AC8051
                                                                • IsDlgButtonChecked.USER32(?,?), ref: 00AC8089
                                                                • GetWindowLongW.USER32(01066620,000000EC), ref: 00AC80AB
                                                                • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00AC80C3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                • String ID:
                                                                • API String ID: 4072528602-0
                                                                • Opcode ID: 828eb62077c596dc9e07a43662cf1d95f0a0a7ec516eda1659aae6de4961d949
                                                                • Instruction ID: 803af6f568a3d509c382c952331996ef745e87a2afbf49e70c6db30637d2e34f
                                                                • Opcode Fuzzy Hash: 828eb62077c596dc9e07a43662cf1d95f0a0a7ec516eda1659aae6de4961d949
                                                                • Instruction Fuzzy Hash: 3571A634608204AFEB219F64C8D4FAEBBB9FF09340F16045DE995972A1CB31A845DFA0
                                                                APIs
                                                                • GetParent.USER32(?), ref: 00A9AEF9
                                                                • GetKeyboardState.USER32(?), ref: 00A9AF0E
                                                                • SetKeyboardState.USER32(?), ref: 00A9AF6F
                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 00A9AF9D
                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 00A9AFBC
                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 00A9AFFD
                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00A9B020
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                • String ID:
                                                                • API String ID: 87235514-0
                                                                • Opcode ID: eacdcc6213a17428095d195c65bc0259548d87ed14874b123e118aa8a323515f
                                                                • Instruction ID: afba4d518b01876535e3efe34caa44291fe446b47986888ff66e1904c2d0c446
                                                                • Opcode Fuzzy Hash: eacdcc6213a17428095d195c65bc0259548d87ed14874b123e118aa8a323515f
                                                                • Instruction Fuzzy Hash: 2551C3A07147D53DFF3683348D49BBA7EE95B06304F08858AE1D9558C2C7D9ACC4D7A1
                                                                APIs
                                                                • GetParent.USER32(00000000), ref: 00A9AD19
                                                                • GetKeyboardState.USER32(?), ref: 00A9AD2E
                                                                • SetKeyboardState.USER32(?), ref: 00A9AD8F
                                                                • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00A9ADBB
                                                                • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00A9ADD8
                                                                • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00A9AE17
                                                                • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00A9AE38
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                • String ID:
                                                                • API String ID: 87235514-0
                                                                • Opcode ID: 3ea0c7d0c1f468619292f212dd73067d74ce8272314853769c2326894da8a8f6
                                                                • Instruction ID: 826ac0186019f45f5340a029e6421db83b43f31e8f6cea15b65bc58a4dd9c0b9
                                                                • Opcode Fuzzy Hash: 3ea0c7d0c1f468619292f212dd73067d74ce8272314853769c2326894da8a8f6
                                                                • Instruction Fuzzy Hash: 4351D7A1B047E53DFF3783348C55BBA7EE95B56300F08858AE1D9468C2D794EC88D7A2
                                                                APIs
                                                                • GetConsoleCP.KERNEL32(00A73CD6,?,?,?,?,?,?,?,?,00A65BA3,?,?,00A73CD6,?,?), ref: 00A65470
                                                                • __fassign.LIBCMT ref: 00A654EB
                                                                • __fassign.LIBCMT ref: 00A65506
                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00A73CD6,00000005,00000000,00000000), ref: 00A6552C
                                                                • WriteFile.KERNEL32(?,00A73CD6,00000000,00A65BA3,00000000,?,?,?,?,?,?,?,?,?,00A65BA3,?), ref: 00A6554B
                                                                • WriteFile.KERNEL32(?,?,00000001,00A65BA3,00000000,?,?,?,?,?,?,?,?,?,00A65BA3,?), ref: 00A65584
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                • String ID:
                                                                • API String ID: 1324828854-0
                                                                • Opcode ID: a55c992013f1052826b42419419d978e909969f9c565c8e4c88db2bf0358977c
                                                                • Instruction ID: 42b12a9aa66b10e82b42d1185a1b316f4290cc73e2ae3b592becab9b56088cd7
                                                                • Opcode Fuzzy Hash: a55c992013f1052826b42419419d978e909969f9c565c8e4c88db2bf0358977c
                                                                • Instruction Fuzzy Hash: 135190B1E00649AFDB10CFA8D849AEEBBF9EF19310F14415AE956E7291D6309A41CB60
                                                                APIs
                                                                • _ValidateLocalCookies.LIBCMT ref: 00A52D4B
                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00A52D53
                                                                • _ValidateLocalCookies.LIBCMT ref: 00A52DE1
                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00A52E0C
                                                                • _ValidateLocalCookies.LIBCMT ref: 00A52E61
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                • String ID: csm
                                                                • API String ID: 1170836740-1018135373
                                                                • Opcode ID: d060bf97953cef3b262830fab9b80acc1949c058a69a67e5345944d12b324209
                                                                • Instruction ID: 54f52a31fbe537f5b5883ba202e5b6df4a5f65a90794e15f28bc5d1ec4450394
                                                                • Opcode Fuzzy Hash: d060bf97953cef3b262830fab9b80acc1949c058a69a67e5345944d12b324209
                                                                • Instruction Fuzzy Hash: C241B435E00209EBCF14DF68C885B9EBBB5BF46366F148155EC15AB392D731AA09CBD0
                                                                APIs
                                                                  • Part of subcall function 00AB304E: inet_addr.WSOCK32(?), ref: 00AB307A
                                                                  • Part of subcall function 00AB304E: _wcslen.LIBCMT ref: 00AB309B
                                                                • socket.WSOCK32(00000002,00000001,00000006), ref: 00AB1112
                                                                • WSAGetLastError.WSOCK32 ref: 00AB1121
                                                                • WSAGetLastError.WSOCK32 ref: 00AB11C9
                                                                • closesocket.WSOCK32(00000000), ref: 00AB11F9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                • String ID:
                                                                • API String ID: 2675159561-0
                                                                • Opcode ID: 36b8f573bd1b432ca205701eb2ec0a37c438cd5ce8c8a729b109523d0e51b4d9
                                                                • Instruction ID: 405d6e2a37828ec1a1e1a2d4cd52b568c71933872e5288afc2228c3eb0fe56a6
                                                                • Opcode Fuzzy Hash: 36b8f573bd1b432ca205701eb2ec0a37c438cd5ce8c8a729b109523d0e51b4d9
                                                                • Instruction Fuzzy Hash: D341F431600204AFDB10DF58D894BEABBEDEF45324F548159F9199B292D770AD42CBE0
                                                                APIs
                                                                  • Part of subcall function 00A9DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00A9CF22,?), ref: 00A9DDFD
                                                                  • Part of subcall function 00A9DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00A9CF22,?), ref: 00A9DE16
                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00A9CF45
                                                                • MoveFileW.KERNEL32(?,?), ref: 00A9CF7F
                                                                • _wcslen.LIBCMT ref: 00A9D005
                                                                • _wcslen.LIBCMT ref: 00A9D01B
                                                                • SHFileOperationW.SHELL32(?), ref: 00A9D061
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                • String ID: \*.*
                                                                • API String ID: 3164238972-1173974218
                                                                • Opcode ID: 909d16e29261cc07293a8de179597684c7578389b213566026165d46d187ef0b
                                                                • Instruction ID: 86ed0d40147a92cb7b091e435c3ac6d15e7d8aaee3e6685af57e745be8e85f82
                                                                • Opcode Fuzzy Hash: 909d16e29261cc07293a8de179597684c7578389b213566026165d46d187ef0b
                                                                • Instruction Fuzzy Hash: 65415C719452185FDF12EFA4DA81EDEB7F9AF08790F1000E6E505EB142EB34A789CB50
                                                                APIs
                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00AC2E1C
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AC2E4F
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AC2E84
                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00AC2EB6
                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00AC2EE0
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AC2EF1
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AC2F0B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: LongWindow$MessageSend
                                                                • String ID:
                                                                • API String ID: 2178440468-0
                                                                • Opcode ID: e41c2688fa42e882445831441c539c34bc227995a8cc76bfc2ec01c1d46fcc52
                                                                • Instruction ID: 44bac8a3c5cba74d517cc20bfc8342831195534014b164e923a19abbb1b2a7a9
                                                                • Opcode Fuzzy Hash: e41c2688fa42e882445831441c539c34bc227995a8cc76bfc2ec01c1d46fcc52
                                                                • Instruction Fuzzy Hash: 62310134644254AFEB21DF5CDD84FA53BE1FB9A720F1601A8F904AF2B2CB71A841DB41
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A97769
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A9778F
                                                                • SysAllocString.OLEAUT32(00000000), ref: 00A97792
                                                                • SysAllocString.OLEAUT32(?), ref: 00A977B0
                                                                • SysFreeString.OLEAUT32(?), ref: 00A977B9
                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 00A977DE
                                                                • SysAllocString.OLEAUT32(?), ref: 00A977EC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                • String ID:
                                                                • API String ID: 3761583154-0
                                                                • Opcode ID: 5df0b82eba6177a776fa6d039968ef0d681790c2e779975da32559c96b67899b
                                                                • Instruction ID: 53610b5026779b9a0744b282acab6d9a608323354141985bc37ff82050701ac9
                                                                • Opcode Fuzzy Hash: 5df0b82eba6177a776fa6d039968ef0d681790c2e779975da32559c96b67899b
                                                                • Instruction Fuzzy Hash: D5216B7A614219AFDF10DFE9CD88CBF77ECAB09764B058025FA19DB260D6709C428770
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A97842
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A97868
                                                                • SysAllocString.OLEAUT32(00000000), ref: 00A9786B
                                                                • SysAllocString.OLEAUT32 ref: 00A9788C
                                                                • SysFreeString.OLEAUT32 ref: 00A97895
                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 00A978AF
                                                                • SysAllocString.OLEAUT32(?), ref: 00A978BD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                • String ID:
                                                                • API String ID: 3761583154-0
                                                                • Opcode ID: 71bb4a19703ef97857ae47b36f5e77dae40b128532d093ac12be5c88c713e5b5
                                                                • Instruction ID: 2f15bf3a98a13d264f3ed6032704fdd7c0435716d6188006a0200251ad202894
                                                                • Opcode Fuzzy Hash: 71bb4a19703ef97857ae47b36f5e77dae40b128532d093ac12be5c88c713e5b5
                                                                • Instruction Fuzzy Hash: B5214C36618204AFDF109BA8DC8DDAA77E8EB09760715C125F915CB2A1DA64DC82CB74
                                                                APIs
                                                                • GetStdHandle.KERNEL32(0000000C), ref: 00AA04F2
                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00AA052E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateHandlePipe
                                                                • String ID: nul
                                                                • API String ID: 1424370930-2873401336
                                                                • Opcode ID: c7ed00a9e6456418ec3c88eca407fb0272f449671561a4425b6a3e863e3f1fa5
                                                                • Instruction ID: e00e7a96ad87d897f9676ca6451d55d4ef495d533138e1b0a6458d4cbc6f99ce
                                                                • Opcode Fuzzy Hash: c7ed00a9e6456418ec3c88eca407fb0272f449671561a4425b6a3e863e3f1fa5
                                                                • Instruction Fuzzy Hash: C021AB74900306AFCF209F69DC04E9A7BB4BF46760F208A18F8A1D72E0E7719940CF20
                                                                APIs
                                                                • GetStdHandle.KERNEL32(000000F6), ref: 00AA05C6
                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00AA0601
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateHandlePipe
                                                                • String ID: nul
                                                                • API String ID: 1424370930-2873401336
                                                                • Opcode ID: a2f0020f6bd7af8ea9ad282ab0028d68b0c10a3e0cc03eec940190792b4a85b9
                                                                • Instruction ID: 56a2b994c1417572f70e6c5cc13941ea2cf2597138978f7c4518e4ccf88ad3eb
                                                                • Opcode Fuzzy Hash: a2f0020f6bd7af8ea9ad282ab0028d68b0c10a3e0cc03eec940190792b4a85b9
                                                                • Instruction Fuzzy Hash: 402151755003059BDB209F69DC04E9ABBF4BF96734F204A19F9A1E72E0E7B09961CB20
                                                                APIs
                                                                  • Part of subcall function 00A3600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A3604C
                                                                  • Part of subcall function 00A3600E: GetStockObject.GDI32(00000011), ref: 00A36060
                                                                  • Part of subcall function 00A3600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A3606A
                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00AC4112
                                                                • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00AC411F
                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00AC412A
                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00AC4139
                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00AC4145
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                • String ID: Msctls_Progress32
                                                                • API String ID: 1025951953-3636473452
                                                                • Opcode ID: 8d367919d8adc08686e03690949543dcec6b0450003064b5f88ef55559b51579
                                                                • Instruction ID: 9ead98862af9fb388de814e43350642a506392ead501a49bd389b232f73b9917
                                                                • Opcode Fuzzy Hash: 8d367919d8adc08686e03690949543dcec6b0450003064b5f88ef55559b51579
                                                                • Instruction Fuzzy Hash: D01193B11402197EEF118F64CC85EE77F9DEF08798F018111FA18A2050C6769C219BA4
                                                                APIs
                                                                  • Part of subcall function 00A6D7A3: _free.LIBCMT ref: 00A6D7CC
                                                                • _free.LIBCMT ref: 00A6D82D
                                                                  • Part of subcall function 00A629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A6D7D1,00000000,00000000,00000000,00000000,?,00A6D7F8,00000000,00000007,00000000,?,00A6DBF5,00000000), ref: 00A629DE
                                                                  • Part of subcall function 00A629C8: GetLastError.KERNEL32(00000000,?,00A6D7D1,00000000,00000000,00000000,00000000,?,00A6D7F8,00000000,00000007,00000000,?,00A6DBF5,00000000,00000000), ref: 00A629F0
                                                                • _free.LIBCMT ref: 00A6D838
                                                                • _free.LIBCMT ref: 00A6D843
                                                                • _free.LIBCMT ref: 00A6D897
                                                                • _free.LIBCMT ref: 00A6D8A2
                                                                • _free.LIBCMT ref: 00A6D8AD
                                                                • _free.LIBCMT ref: 00A6D8B8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                • Instruction ID: 460f6728d6410ae031f8b45db90be890dbebb3b1cdcb29d6489c1345cac030d2
                                                                • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                • Instruction Fuzzy Hash: 16113372B40B04BAD521BFF0CD47FCB7BFCAF84780F444825B299AA492DA75B5054751
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00A9DA74
                                                                • LoadStringW.USER32(00000000), ref: 00A9DA7B
                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00A9DA91
                                                                • LoadStringW.USER32(00000000), ref: 00A9DA98
                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00A9DADC
                                                                Strings
                                                                • %s (%d) : ==> %s: %s %s, xrefs: 00A9DAB9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: HandleLoadModuleString$Message
                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                • API String ID: 4072794657-3128320259
                                                                • Opcode ID: 6264d93619cf6443ebd17b1ed7e092ab02e79e8580d5f5739abf8c675ea78345
                                                                • Instruction ID: 3ebec059dfddba25a7689c5c46184a40c1513c1505e09d101c1b201912d1c4cd
                                                                • Opcode Fuzzy Hash: 6264d93619cf6443ebd17b1ed7e092ab02e79e8580d5f5739abf8c675ea78345
                                                                • Instruction Fuzzy Hash: 4B0162F25002087FEB10EBE49D89EE7326CE708311F400595F74AE2041EA749E854F74
                                                                APIs
                                                                • InterlockedExchange.KERNEL32(0105F418,0105F418), ref: 00AA097B
                                                                • EnterCriticalSection.KERNEL32(0105F3F8,00000000), ref: 00AA098D
                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 00AA099B
                                                                • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00AA09A9
                                                                • CloseHandle.KERNEL32(?), ref: 00AA09B8
                                                                • InterlockedExchange.KERNEL32(0105F418,000001F6), ref: 00AA09C8
                                                                • LeaveCriticalSection.KERNEL32(0105F3F8), ref: 00AA09CF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                • String ID:
                                                                • API String ID: 3495660284-0
                                                                • Opcode ID: 81400910e67ee8ef73bb9478390c569e701c1563cf07a73c766da5af0ef31c3e
                                                                • Instruction ID: aeb2eba6c7e7b7b0aa2595d2246d73d25ab0c5f2ae8c6760eb0aa59c0572a8e1
                                                                • Opcode Fuzzy Hash: 81400910e67ee8ef73bb9478390c569e701c1563cf07a73c766da5af0ef31c3e
                                                                • Instruction Fuzzy Hash: 94F01972442A12EBD741ABA4EE88ED6BB29FF01712F412026F206918A0C7749466CF90
                                                                APIs
                                                                • __WSAFDIsSet.WSOCK32(00000000,?), ref: 00AB1DC0
                                                                • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00AB1DE1
                                                                • WSAGetLastError.WSOCK32 ref: 00AB1DF2
                                                                • htons.WSOCK32(?), ref: 00AB1EDB
                                                                • inet_ntoa.WSOCK32(?), ref: 00AB1E8C
                                                                  • Part of subcall function 00A939E8: _strlen.LIBCMT ref: 00A939F2
                                                                  • Part of subcall function 00AB3224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00AAEC0C), ref: 00AB3240
                                                                • _strlen.LIBCMT ref: 00AB1F35
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                • String ID:
                                                                • API String ID: 3203458085-0
                                                                • Opcode ID: 52c19e2bd3119f4853791950faf5af0da8deda3b388b64b1549ee0bfcfb483f1
                                                                • Instruction ID: 145ad1441f5bbd996f0d7d10b666b650c6b5acc0b5c2911f1431e90c25491bd7
                                                                • Opcode Fuzzy Hash: 52c19e2bd3119f4853791950faf5af0da8deda3b388b64b1549ee0bfcfb483f1
                                                                • Instruction Fuzzy Hash: 49B1EF31604300AFC724DF24C8A5E6A7BE9AF85318F94894CF55A5B2E3DB31ED42CB91
                                                                APIs
                                                                • GetClientRect.USER32(?,?), ref: 00A35D30
                                                                • GetWindowRect.USER32(?,?), ref: 00A35D71
                                                                • ScreenToClient.USER32(?,?), ref: 00A35D99
                                                                • GetClientRect.USER32(?,?), ref: 00A35ED7
                                                                • GetWindowRect.USER32(?,?), ref: 00A35EF8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Rect$Client$Window$Screen
                                                                • String ID:
                                                                • API String ID: 1296646539-0
                                                                • Opcode ID: 3c190329860aed62669ff47eff18042ef641d8b9de652d995792d92117748fa8
                                                                • Instruction ID: 1fa3f9f259376b5e6f79baac902ed74b575e02c9a2bf5c9c09f7af2d550a169b
                                                                • Opcode Fuzzy Hash: 3c190329860aed62669ff47eff18042ef641d8b9de652d995792d92117748fa8
                                                                • Instruction Fuzzy Hash: EAB15735A00A4ADBDB14CFB9C8807EAB7F1FF58310F24D41AE8A9D7250DB34AA51DB54
                                                                APIs
                                                                • __allrem.LIBCMT ref: 00A600BA
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A600D6
                                                                • __allrem.LIBCMT ref: 00A600ED
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A6010B
                                                                • __allrem.LIBCMT ref: 00A60122
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A60140
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                • String ID:
                                                                • API String ID: 1992179935-0
                                                                • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                • Instruction ID: b439b86183ab481539a938bc0c50e7f62f10495d472cecdca9125a329fedadcd
                                                                • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                • Instruction Fuzzy Hash: A281D472A00706AFE7249F68CD41F6B73F9EF41724F24463AF951DA681E770D9848B90
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00A582D9,00A582D9,?,?,?,00A6644F,00000001,00000001,8BE85006), ref: 00A66258
                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00A6644F,00000001,00000001,8BE85006,?,?,?), ref: 00A662DE
                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00A663D8
                                                                • __freea.LIBCMT ref: 00A663E5
                                                                  • Part of subcall function 00A63820: RtlAllocateHeap.NTDLL(00000000,?,00B01444,?,00A4FDF5,?,?,00A3A976,00000010,00B01440,00A313FC,?,00A313C6,?,00A31129), ref: 00A63852
                                                                • __freea.LIBCMT ref: 00A663EE
                                                                • __freea.LIBCMT ref: 00A66413
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1414292761-0
                                                                • Opcode ID: efddfc11d0eba9a2cd88325f5460bdcee2310521588b27eb421bcf20cd5d5e15
                                                                • Instruction ID: ce513fb1db27f8769051a68146c7d6cf67003ab59c16200ff4f152e055f7d0fc
                                                                • Opcode Fuzzy Hash: efddfc11d0eba9a2cd88325f5460bdcee2310521588b27eb421bcf20cd5d5e15
                                                                • Instruction Fuzzy Hash: D051A072A00216ABEB258F64DD81EAF7BB9EF45750F154629FD05DB240EB34DC41C6A0
                                                                APIs
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                  • Part of subcall function 00ABC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00ABB6AE,?,?), ref: 00ABC9B5
                                                                  • Part of subcall function 00ABC998: _wcslen.LIBCMT ref: 00ABC9F1
                                                                  • Part of subcall function 00ABC998: _wcslen.LIBCMT ref: 00ABCA68
                                                                  • Part of subcall function 00ABC998: _wcslen.LIBCMT ref: 00ABCA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00ABBCCA
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00ABBD25
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00ABBD6A
                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00ABBD99
                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00ABBDF3
                                                                • RegCloseKey.ADVAPI32(?), ref: 00ABBDFF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                • String ID:
                                                                • API String ID: 1120388591-0
                                                                • Opcode ID: f28a1fe3fbacee25a7a1de421bf56540c04d154eee15da0bf1b0130e88f94131
                                                                • Instruction ID: c1488c330a5eef1ba3e720700a62ee3445ef59cc93fa191ce2ed0dce4d21fc92
                                                                • Opcode Fuzzy Hash: f28a1fe3fbacee25a7a1de421bf56540c04d154eee15da0bf1b0130e88f94131
                                                                • Instruction Fuzzy Hash: 8581A030218241EFD714DF24C991E6ABBE9FF84318F14895CF4994B2A2DB71ED45CBA2
                                                                APIs
                                                                • VariantInit.OLEAUT32(00000035), ref: 00A8F7B9
                                                                • SysAllocString.OLEAUT32(00000001), ref: 00A8F860
                                                                • VariantCopy.OLEAUT32(00A8FA64,00000000), ref: 00A8F889
                                                                • VariantClear.OLEAUT32(00A8FA64), ref: 00A8F8AD
                                                                • VariantCopy.OLEAUT32(00A8FA64,00000000), ref: 00A8F8B1
                                                                • VariantClear.OLEAUT32(?), ref: 00A8F8BB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearCopy$AllocInitString
                                                                • String ID:
                                                                • API String ID: 3859894641-0
                                                                • Opcode ID: 25573c1c039b98baec5b918cfeeaff91670197390f143d319809d8842195b920
                                                                • Instruction ID: 1aa0dba034282e2a274ef8802c0811e8f0a373297a378f0198809bdf7044cd9a
                                                                • Opcode Fuzzy Hash: 25573c1c039b98baec5b918cfeeaff91670197390f143d319809d8842195b920
                                                                • Instruction Fuzzy Hash: E451B335A00312BECF24BF65D995B29B3A9EF45310F249467F906DF292DB708C40CBA6
                                                                APIs
                                                                  • Part of subcall function 00A37620: _wcslen.LIBCMT ref: 00A37625
                                                                  • Part of subcall function 00A36B57: _wcslen.LIBCMT ref: 00A36B6A
                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 00AA94E5
                                                                • _wcslen.LIBCMT ref: 00AA9506
                                                                • _wcslen.LIBCMT ref: 00AA952D
                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 00AA9585
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$FileName$OpenSave
                                                                • String ID: X
                                                                • API String ID: 83654149-3081909835
                                                                • Opcode ID: d4a942e8bba0ae51ac65bddf541aba6ec40ad6622cf0800a8a01fc307cccd989
                                                                • Instruction ID: 39259b731e92a1fe73c1a974a71d75e6e43d4cb7fde5ac96a4757b0f254034a4
                                                                • Opcode Fuzzy Hash: d4a942e8bba0ae51ac65bddf541aba6ec40ad6622cf0800a8a01fc307cccd989
                                                                • Instruction Fuzzy Hash: DAE19F319083019FDB24DF24C981B6BB7E4BF85314F04896DF89A9B2A2DB31DD05CB92
                                                                APIs
                                                                  • Part of subcall function 00A49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A49BB2
                                                                • BeginPaint.USER32(?,?,?), ref: 00A49241
                                                                • GetWindowRect.USER32(?,?), ref: 00A492A5
                                                                • ScreenToClient.USER32(?,?), ref: 00A492C2
                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00A492D3
                                                                • EndPaint.USER32(?,?,?,?,?), ref: 00A49321
                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00A871EA
                                                                  • Part of subcall function 00A49339: BeginPath.GDI32(00000000), ref: 00A49357
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                • String ID:
                                                                • API String ID: 3050599898-0
                                                                • Opcode ID: 0e5263c22e970f3087d54832d5949a8f60815e220dcde07d2269b2228964be4c
                                                                • Instruction ID: 16fc395deb905993844201f02e1a574b107c8622712cee21b2472815f6c63904
                                                                • Opcode Fuzzy Hash: 0e5263c22e970f3087d54832d5949a8f60815e220dcde07d2269b2228964be4c
                                                                • Instruction Fuzzy Hash: 23419D34104200AFD721DF68CC88FAB7BB8EB96720F140669F9948B2B1CB719856DB61
                                                                APIs
                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 00AA080C
                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00AA0847
                                                                • EnterCriticalSection.KERNEL32(?), ref: 00AA0863
                                                                • LeaveCriticalSection.KERNEL32(?), ref: 00AA08DC
                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00AA08F3
                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 00AA0921
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                • String ID:
                                                                • API String ID: 3368777196-0
                                                                • Opcode ID: 68d1cf85a0a3f3204d5a133ca9cdacce1ba333eee0814f9dea83fb3739ee342d
                                                                • Instruction ID: 0221a169724fd1c0a005dbbc6856bca0aed0f71c264bbcfe47b36a736edcaaee
                                                                • Opcode Fuzzy Hash: 68d1cf85a0a3f3204d5a133ca9cdacce1ba333eee0814f9dea83fb3739ee342d
                                                                • Instruction Fuzzy Hash: 6A419871900205EFDF04EF94DC85AAAB7B8FF44310F1440A9ED049B296DB34DE66CBA4
                                                                APIs
                                                                • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00A8F3AB,00000000,?,?,00000000,?,00A8682C,00000004,00000000,00000000), ref: 00AC824C
                                                                • EnableWindow.USER32(?,00000000), ref: 00AC8272
                                                                • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00AC82D1
                                                                • ShowWindow.USER32(?,00000004), ref: 00AC82E5
                                                                • EnableWindow.USER32(?,00000001), ref: 00AC830B
                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00AC832F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Show$Enable$MessageSend
                                                                • String ID:
                                                                • API String ID: 642888154-0
                                                                • Opcode ID: 23451c88d9354cb19cfaf61cf0ae50862dac62463e8cfb806cd6c1040af7083a
                                                                • Instruction ID: 89641f3896d4a260605bc57fcd64370c0f829785740e555ca01c4681eda0257a
                                                                • Opcode Fuzzy Hash: 23451c88d9354cb19cfaf61cf0ae50862dac62463e8cfb806cd6c1040af7083a
                                                                • Instruction Fuzzy Hash: D841B374601644EFDB25CF19C899FE47BE0FB4A714F1A52ADE5184F2B2CB35A842CB50
                                                                APIs
                                                                • IsWindowVisible.USER32(?), ref: 00A94C95
                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00A94CB2
                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00A94CEA
                                                                • _wcslen.LIBCMT ref: 00A94D08
                                                                • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00A94D10
                                                                • _wcsstr.LIBVCRUNTIME ref: 00A94D1A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                • String ID:
                                                                • API String ID: 72514467-0
                                                                • Opcode ID: f1aecc811aecaf1ed2add9acc286187fe63e289f5f0aba4fdea819d8f0964f06
                                                                • Instruction ID: 895e5ca9a9bc49597561ad800024bcffcb62acc30334672ec4197efac0725df8
                                                                • Opcode Fuzzy Hash: f1aecc811aecaf1ed2add9acc286187fe63e289f5f0aba4fdea819d8f0964f06
                                                                • Instruction Fuzzy Hash: F221F676704200BFEF159B79AD4AE7B7BECDF49760F108029F809CA191EA65DC4297A0
                                                                APIs
                                                                  • Part of subcall function 00A33AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A33A97,?,?,00A32E7F,?,?,?,00000000), ref: 00A33AC2
                                                                • _wcslen.LIBCMT ref: 00AA587B
                                                                • CoInitialize.OLE32(00000000), ref: 00AA5995
                                                                • CoCreateInstance.OLE32(00ACFCF8,00000000,00000001,00ACFB68,?), ref: 00AA59AE
                                                                • CoUninitialize.OLE32 ref: 00AA59CC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                • String ID: .lnk
                                                                • API String ID: 3172280962-24824748
                                                                • Opcode ID: ee053985d91b4e092f832c78d0946a1e1de5f799632e6a57ff0079344f968f59
                                                                • Instruction ID: 2970282a27cf82a8147139ce6d60695e86e01dcf30a4463d0b40fb847935f403
                                                                • Opcode Fuzzy Hash: ee053985d91b4e092f832c78d0946a1e1de5f799632e6a57ff0079344f968f59
                                                                • Instruction Fuzzy Hash: 3ED15475A087019FC714DF25C584A2ABBE1FF8A720F14885DF88A9B3A1D731EC45CB92
                                                                APIs
                                                                  • Part of subcall function 00A90FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00A90FCA
                                                                  • Part of subcall function 00A90FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00A90FD6
                                                                  • Part of subcall function 00A90FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00A90FE5
                                                                  • Part of subcall function 00A90FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00A90FEC
                                                                  • Part of subcall function 00A90FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00A91002
                                                                • GetLengthSid.ADVAPI32(?,00000000,00A91335), ref: 00A917AE
                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00A917BA
                                                                • HeapAlloc.KERNEL32(00000000), ref: 00A917C1
                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 00A917DA
                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00A91335), ref: 00A917EE
                                                                • HeapFree.KERNEL32(00000000), ref: 00A917F5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                • String ID:
                                                                • API String ID: 3008561057-0
                                                                • Opcode ID: cf15c5c50d9c6fe143e6f290b708ca8d8756e6f2ef75f8cdc66da6955c1f0961
                                                                • Instruction ID: 718374c0641629893f9f36cecb9f18077d49898525ad59bb32b8fef0cbdc7051
                                                                • Opcode Fuzzy Hash: cf15c5c50d9c6fe143e6f290b708ca8d8756e6f2ef75f8cdc66da6955c1f0961
                                                                • Instruction Fuzzy Hash: 43115632A00606EFDF10DBE5CC49FAE7BE9EB45365F154118E486A7220D736A945CB60
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00A914FF
                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00A91506
                                                                • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00A91515
                                                                • CloseHandle.KERNEL32(00000004), ref: 00A91520
                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00A9154F
                                                                • DestroyEnvironmentBlock.USERENV(00000000), ref: 00A91563
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                • String ID:
                                                                • API String ID: 1413079979-0
                                                                • Opcode ID: 670677d5fa13959a8dac34758e32c97cac61fceca64f11c7045ba1f58a2ab154
                                                                • Instruction ID: 23f099fa3305a0e4c96ab0d5b2172a797278da7a4a38692e5ebb840bdc3650b4
                                                                • Opcode Fuzzy Hash: 670677d5fa13959a8dac34758e32c97cac61fceca64f11c7045ba1f58a2ab154
                                                                • Instruction Fuzzy Hash: 801117B660024AABDF11CF98ED49FDA7BA9FB48754F064015FA09A2160C3758E619B60
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,00A53379,00A52FE5), ref: 00A53390
                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00A5339E
                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A533B7
                                                                • SetLastError.KERNEL32(00000000,?,00A53379,00A52FE5), ref: 00A53409
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastValue___vcrt_
                                                                • String ID:
                                                                • API String ID: 3852720340-0
                                                                • Opcode ID: 2f4fbe5ee3d530e603e125ff0982f09ffab8abe0395ad9d72790389b153c53f2
                                                                • Instruction ID: ccf13e8eb458c5bb90976c83f12ff1732835f9338f7a9427fadd97cc3f4b1474
                                                                • Opcode Fuzzy Hash: 2f4fbe5ee3d530e603e125ff0982f09ffab8abe0395ad9d72790389b153c53f2
                                                                • Instruction Fuzzy Hash: D4019233609715AAEE1567F57E859672A64FB853BB720022DFC10892F1EE314D0B9548
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,00A65686,00A73CD6,?,00000000,?,00A65B6A,?,?,?,?,?,00A5E6D1,?,00AF8A48), ref: 00A62D78
                                                                • _free.LIBCMT ref: 00A62DAB
                                                                • _free.LIBCMT ref: 00A62DD3
                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,00A5E6D1,?,00AF8A48,00000010,00A34F4A,?,?,00000000,00A73CD6), ref: 00A62DE0
                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,00A5E6D1,?,00AF8A48,00000010,00A34F4A,?,?,00000000,00A73CD6), ref: 00A62DEC
                                                                • _abort.LIBCMT ref: 00A62DF2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_free$_abort
                                                                • String ID:
                                                                • API String ID: 3160817290-0
                                                                • Opcode ID: 476d0b9ea6b63e33056b3db80cce95a323c29b4b1e410e4ed3cf11247cffded6
                                                                • Instruction ID: 2c6d5732e069cb13990b4b8c296ce7a9b62be48a605eb77647d454efec07a3f1
                                                                • Opcode Fuzzy Hash: 476d0b9ea6b63e33056b3db80cce95a323c29b4b1e410e4ed3cf11247cffded6
                                                                • Instruction Fuzzy Hash: 7DF0C832A44E01A7D61277B9BE16F6E2579AFC27B1F250518F828972D2EF2488034360
                                                                APIs
                                                                  • Part of subcall function 00A49639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A49693
                                                                  • Part of subcall function 00A49639: SelectObject.GDI32(?,00000000), ref: 00A496A2
                                                                  • Part of subcall function 00A49639: BeginPath.GDI32(?), ref: 00A496B9
                                                                  • Part of subcall function 00A49639: SelectObject.GDI32(?,00000000), ref: 00A496E2
                                                                • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00AC8A4E
                                                                • LineTo.GDI32(?,00000003,00000000), ref: 00AC8A62
                                                                • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00AC8A70
                                                                • LineTo.GDI32(?,00000000,00000003), ref: 00AC8A80
                                                                • EndPath.GDI32(?), ref: 00AC8A90
                                                                • StrokePath.GDI32(?), ref: 00AC8AA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                • String ID:
                                                                • API String ID: 43455801-0
                                                                • Opcode ID: 672a82e8e918d05a848d10bed10fa49db2e23e00b5c83df18e7d3d631c22d51f
                                                                • Instruction ID: 779d593ec0395d0a31b192eec0048a6cbffa6fd1de9c5a844dfafe9cc374b508
                                                                • Opcode Fuzzy Hash: 672a82e8e918d05a848d10bed10fa49db2e23e00b5c83df18e7d3d631c22d51f
                                                                • Instruction Fuzzy Hash: 41110976400108FFDB129F94EC88EAA7F6CEB083A0F058016FA599A1A1C7719D56DFA0
                                                                APIs
                                                                • GetDC.USER32(00000000), ref: 00A95218
                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 00A95229
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A95230
                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00A95238
                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00A9524F
                                                                • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00A95261
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CapsDevice$Release
                                                                • String ID:
                                                                • API String ID: 1035833867-0
                                                                • Opcode ID: 96acf4b8e59f6515a8a8d5156017c3fda1fa77618a3d4a129975c5ea5568e7c5
                                                                • Instruction ID: c7c62a8eadd596e2ee1744dcd76dd895886d25f991e7e9c5a96189cee3166b16
                                                                • Opcode Fuzzy Hash: 96acf4b8e59f6515a8a8d5156017c3fda1fa77618a3d4a129975c5ea5568e7c5
                                                                • Instruction Fuzzy Hash: F2018475E01704BBEF109BF59D49E4EBFB8EF44361F044065FA08AB280D6709C01CB60
                                                                APIs
                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A31BF4
                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00A31BFC
                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A31C07
                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A31C12
                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 00A31C1A
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A31C22
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Virtual
                                                                • String ID:
                                                                • API String ID: 4278518827-0
                                                                • Opcode ID: eb122ef2283404c6360c62068cdd4ac4557995ea68408d55bda7fdd47d6f13dd
                                                                • Instruction ID: 76be41e147b9fc295e59f1d0bfaf1d2f6da812e47fb623b72890bc4bcffafeba
                                                                • Opcode Fuzzy Hash: eb122ef2283404c6360c62068cdd4ac4557995ea68408d55bda7fdd47d6f13dd
                                                                • Instruction Fuzzy Hash: 980167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BE15C4BA42C7F5A864CBE5
                                                                APIs
                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00A9EB30
                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00A9EB46
                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 00A9EB55
                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A9EB64
                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A9EB6E
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A9EB75
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                • String ID:
                                                                • API String ID: 839392675-0
                                                                • Opcode ID: 03acd30e6a149520be528514770a90e3e4b84e1e1a5e6d7e419c15833a886903
                                                                • Instruction ID: 9a778d462f03ad28f4316ca3bed1fdf6857bcd83737fa1537361a4a6c2f1e820
                                                                • Opcode Fuzzy Hash: 03acd30e6a149520be528514770a90e3e4b84e1e1a5e6d7e419c15833a886903
                                                                • Instruction Fuzzy Hash: 62F0BE72600158BBE7209BA39C0EEEF3E7CEFCAB25F010158F605D1091D7A01A02C6B4
                                                                APIs
                                                                • GetClientRect.USER32(?), ref: 00A87452
                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 00A87469
                                                                • GetWindowDC.USER32(?), ref: 00A87475
                                                                • GetPixel.GDI32(00000000,?,?), ref: 00A87484
                                                                • ReleaseDC.USER32(?,00000000), ref: 00A87496
                                                                • GetSysColor.USER32(00000005), ref: 00A874B0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                • String ID:
                                                                • API String ID: 272304278-0
                                                                • Opcode ID: fb5ebd68847a7f1539f0b4c4667050977e3b9db46480c356e7cd46402b22b55b
                                                                • Instruction ID: efe6c27528009b23af6a6228e7b0f980c4a3be7db6c4b3ab26559f1f3cac3efa
                                                                • Opcode Fuzzy Hash: fb5ebd68847a7f1539f0b4c4667050977e3b9db46480c356e7cd46402b22b55b
                                                                • Instruction Fuzzy Hash: FD014B31400215EFDB51AFA4DD08FAE7BB5FB04321F660164F91AA21A1CF311E52AB50
                                                                APIs
                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A9187F
                                                                • UnloadUserProfile.USERENV(?,?), ref: 00A9188B
                                                                • CloseHandle.KERNEL32(?), ref: 00A91894
                                                                • CloseHandle.KERNEL32(?), ref: 00A9189C
                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00A918A5
                                                                • HeapFree.KERNEL32(00000000), ref: 00A918AC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                • String ID:
                                                                • API String ID: 146765662-0
                                                                • Opcode ID: bded03fc369bedd28d50395dae2fbab03fae0a9fa8370db3981ea95589f21e2f
                                                                • Instruction ID: 61b90f4b0f955f73267e7ed48a522904e58a18b0b13ef6f34d9f69dea9a898ba
                                                                • Opcode Fuzzy Hash: bded03fc369bedd28d50395dae2fbab03fae0a9fa8370db3981ea95589f21e2f
                                                                • Instruction Fuzzy Hash: 1BE0C23A404501BBDB019BE2ED0CD0ABB29FB49B32B128220F22985570CB329422DB50
                                                                APIs
                                                                  • Part of subcall function 00A37620: _wcslen.LIBCMT ref: 00A37625
                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A9C6EE
                                                                • _wcslen.LIBCMT ref: 00A9C735
                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A9C79C
                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00A9C7CA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ItemMenu$Info_wcslen$Default
                                                                • String ID: 0
                                                                • API String ID: 1227352736-4108050209
                                                                • Opcode ID: ece840788989c59c515502a178bba2174b3cb5a659a9088d4b78faebb2ff402e
                                                                • Instruction ID: f8f82f5a05246df5f5bf7b9d41ff9bada574ad6a34205203839040a6b57e0c92
                                                                • Opcode Fuzzy Hash: ece840788989c59c515502a178bba2174b3cb5a659a9088d4b78faebb2ff402e
                                                                • Instruction Fuzzy Hash: 7151CB717047409BDB14DFA8C985B6BBBE8AF89324F041A2DF995E71E0DB70D904CB92
                                                                APIs
                                                                • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00A97206
                                                                • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00A9723C
                                                                • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00A9724D
                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00A972CF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$AddressCreateInstanceProc
                                                                • String ID: DllGetClassObject
                                                                • API String ID: 753597075-1075368562
                                                                • Opcode ID: 785f42a1c37eb56071b57aa3a99d6825b111d08007c82469b1599dde631b85df
                                                                • Instruction ID: 87f882b685e4685f23bc243f0c40a7861b2dedee4db60d174ddd586476f21a0e
                                                                • Opcode Fuzzy Hash: 785f42a1c37eb56071b57aa3a99d6825b111d08007c82469b1599dde631b85df
                                                                • Instruction Fuzzy Hash: D3413B71A24204AFDF15CF94C884A9E7BE9EF84710F2580A9BD099F20AD7B1D945CBB0
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AC3E35
                                                                • IsMenu.USER32(?), ref: 00AC3E4A
                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00AC3E92
                                                                • DrawMenuBar.USER32 ref: 00AC3EA5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                • String ID: 0
                                                                • API String ID: 3076010158-4108050209
                                                                • Opcode ID: 1c6c3591bad08d0d006b16be741284f4b61405a65fac929d99b9d07442da5b28
                                                                • Instruction ID: 92afb2be67fffdb39bfcecaf8c900f336a7bed4910b5fe5d3c5d589440ea55ba
                                                                • Opcode Fuzzy Hash: 1c6c3591bad08d0d006b16be741284f4b61405a65fac929d99b9d07442da5b28
                                                                • Instruction Fuzzy Hash: 6F411876A01209AFDF10DF94D884EAABBF5FF49364F05812DE905A7250D730AE45CB60
                                                                APIs
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                  • Part of subcall function 00A93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A93CCA
                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00A91E66
                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00A91E79
                                                                • SendMessageW.USER32(?,00000189,?,00000000), ref: 00A91EA9
                                                                  • Part of subcall function 00A36B57: _wcslen.LIBCMT ref: 00A36B6A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$_wcslen$ClassName
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 2081771294-1403004172
                                                                • Opcode ID: 5abaeb9d29f00207595f23c168d12e8063dfd6f929d98d1ba18785f52ed85286
                                                                • Instruction ID: abe5ea43a4499476dd5000154992286556485d07fce75689e2341702ea477059
                                                                • Opcode Fuzzy Hash: 5abaeb9d29f00207595f23c168d12e8063dfd6f929d98d1ba18785f52ed85286
                                                                • Instruction Fuzzy Hash: 6A21F175A00108BFDF14ABA4DE4ACFFB7F8EF45360F104519F925A71E1DB78490A8A20
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00AC2F8D
                                                                • LoadLibraryW.KERNEL32(?), ref: 00AC2F94
                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00AC2FA9
                                                                • DestroyWindow.USER32(?), ref: 00AC2FB1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                • String ID: SysAnimate32
                                                                • API String ID: 3529120543-1011021900
                                                                • Opcode ID: 912722e4a86a6dd2b34872293819eb7964cf48700e3849cd91b1d851094b2276
                                                                • Instruction ID: 0dba8262b8ad499f1cff7c8afcd19067e74bb1a162cdf7581be8db340e00790e
                                                                • Opcode Fuzzy Hash: 912722e4a86a6dd2b34872293819eb7964cf48700e3849cd91b1d851094b2276
                                                                • Instruction Fuzzy Hash: AE21CD71200209ABEF218FA4DC80FBB77BDEB59364F12561CFA50D6190DB71DC6197A0
                                                                APIs
                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00A54D1E,00A628E9,?,00A54CBE,00A628E9,00AF88B8,0000000C,00A54E15,00A628E9,00000002), ref: 00A54D8D
                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A54DA0
                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00A54D1E,00A628E9,?,00A54CBE,00A628E9,00AF88B8,0000000C,00A54E15,00A628E9,00000002,00000000), ref: 00A54DC3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                • String ID: CorExitProcess$mscoree.dll
                                                                • API String ID: 4061214504-1276376045
                                                                • Opcode ID: f1c722b1989755280ab58dc7e23c8cdc183a64b213db36a318e164d09c8d0bf1
                                                                • Instruction ID: 4ce248ada902170b640ec7ae2c5ed18066875d71617de39cb5040105c99500bf
                                                                • Opcode Fuzzy Hash: f1c722b1989755280ab58dc7e23c8cdc183a64b213db36a318e164d09c8d0bf1
                                                                • Instruction Fuzzy Hash: 59F04F35A40208BBEB119FD1DC49FAEBFB5FF48766F0501A5FD0AA6260CB345985CB90
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A34EDD,?,00B01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A34E9C
                                                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A34EAE
                                                                • FreeLibrary.KERNEL32(00000000,?,?,00A34EDD,?,00B01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A34EC0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$AddressFreeLoadProc
                                                                • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                • API String ID: 145871493-3689287502
                                                                • Opcode ID: d736b95037030f4c3d8c075876fcc6f180a9ba5c4a2101eef75662fa6d804c8c
                                                                • Instruction ID: 4cab6196224e02b86b9e1467d58962e8709fa975e5ffb557116916a36fb0e6aa
                                                                • Opcode Fuzzy Hash: d736b95037030f4c3d8c075876fcc6f180a9ba5c4a2101eef75662fa6d804c8c
                                                                • Instruction Fuzzy Hash: 8EE0CD36E055226FD33157666C18FAF6554BFC5F72F1A0215FD08E2110DB64DD0340A0
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A73CDE,?,00B01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A34E62
                                                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A34E74
                                                                • FreeLibrary.KERNEL32(00000000,?,?,00A73CDE,?,00B01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A34E87
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$AddressFreeLoadProc
                                                                • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                • API String ID: 145871493-1355242751
                                                                • Opcode ID: e103a71ec66532c85dd7aa6746c61d31c555a18a8f4413c38b0f45ce729f9ce9
                                                                • Instruction ID: 99f64784b8abf688b9e2da61fcad41a4dac437ee3b3948bf220876930cbb3b38
                                                                • Opcode Fuzzy Hash: e103a71ec66532c85dd7aa6746c61d31c555a18a8f4413c38b0f45ce729f9ce9
                                                                • Instruction Fuzzy Hash: 21D012369026216BDA225BA6AC18EDB6A18BF89F7171A0615F909A2114CF64DD0385D0
                                                                APIs
                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AA2C05
                                                                • DeleteFileW.KERNEL32(?), ref: 00AA2C87
                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00AA2C9D
                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AA2CAE
                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AA2CC0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: File$Delete$Copy
                                                                • String ID:
                                                                • API String ID: 3226157194-0
                                                                • Opcode ID: 1d3492bdbe544a4261eef391e39717f54ac0189898c4e138af10d7bc76e837af
                                                                • Instruction ID: 1d9629f00c70b1540246c52d38dea04893e35b13651a731c8975f753496ad196
                                                                • Opcode Fuzzy Hash: 1d3492bdbe544a4261eef391e39717f54ac0189898c4e138af10d7bc76e837af
                                                                • Instruction Fuzzy Hash: D5B16D71D00119ABDF25EFA8CD85EDEB7BDEF49350F1040A6FA09E7181EB319A548B60
                                                                APIs
                                                                • GetCurrentProcessId.KERNEL32 ref: 00ABA427
                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00ABA435
                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00ABA468
                                                                • CloseHandle.KERNEL32(?), ref: 00ABA63D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                • String ID:
                                                                • API String ID: 3488606520-0
                                                                • Opcode ID: 96870803bcbf6ef2de6142a0f2e8e1a36a3365dbbbcf6336fdf31f251460d7bb
                                                                • Instruction ID: 72a981571ff6ed04351bd06f39ed8c47971aeed39f0a9e270f5d114321bc4213
                                                                • Opcode Fuzzy Hash: 96870803bcbf6ef2de6142a0f2e8e1a36a3365dbbbcf6336fdf31f251460d7bb
                                                                • Instruction Fuzzy Hash: 75A1A175604300AFD720DF24C986F2AB7E5AF94714F14881DF69A9B392DB70EC41CB92
                                                                APIs
                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00AD3700), ref: 00A6BB91
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00B0121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00A6BC09
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00B01270,000000FF,?,0000003F,00000000,?), ref: 00A6BC36
                                                                • _free.LIBCMT ref: 00A6BB7F
                                                                  • Part of subcall function 00A629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A6D7D1,00000000,00000000,00000000,00000000,?,00A6D7F8,00000000,00000007,00000000,?,00A6DBF5,00000000), ref: 00A629DE
                                                                  • Part of subcall function 00A629C8: GetLastError.KERNEL32(00000000,?,00A6D7D1,00000000,00000000,00000000,00000000,?,00A6D7F8,00000000,00000007,00000000,?,00A6DBF5,00000000,00000000), ref: 00A629F0
                                                                • _free.LIBCMT ref: 00A6BD4B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                • String ID:
                                                                • API String ID: 1286116820-0
                                                                • Opcode ID: 7c9b1eb07857f9c8d1f47826f935b429cc0c1b948a299f7cbba6b2400bf3d3cf
                                                                • Instruction ID: 326c907852f84f3aece0539876569a830186290b3dac7242bb2ee0047c84277d
                                                                • Opcode Fuzzy Hash: 7c9b1eb07857f9c8d1f47826f935b429cc0c1b948a299f7cbba6b2400bf3d3cf
                                                                • Instruction Fuzzy Hash: 39512A72910209EFCB14EF69DD819BEB7BCEF54760B10466AE514D72A1EB309E81CB70
                                                                APIs
                                                                  • Part of subcall function 00A9DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00A9CF22,?), ref: 00A9DDFD
                                                                  • Part of subcall function 00A9DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00A9CF22,?), ref: 00A9DE16
                                                                  • Part of subcall function 00A9E199: GetFileAttributesW.KERNEL32(?,00A9CF95), ref: 00A9E19A
                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00A9E473
                                                                • MoveFileW.KERNEL32(?,?), ref: 00A9E4AC
                                                                • _wcslen.LIBCMT ref: 00A9E5EB
                                                                • _wcslen.LIBCMT ref: 00A9E603
                                                                • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00A9E650
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                • String ID:
                                                                • API String ID: 3183298772-0
                                                                • Opcode ID: 22e2e386e2aa28e8aaa93b7429454246be75c87bcf554532eb2f6b5029c96eaa
                                                                • Instruction ID: b1bddb0f08931cd946bd1ffca22bf36811239fb0badc2bc2f04500e6429b61f0
                                                                • Opcode Fuzzy Hash: 22e2e386e2aa28e8aaa93b7429454246be75c87bcf554532eb2f6b5029c96eaa
                                                                • Instruction Fuzzy Hash: 3F5163B25083459BCB24EB90DD819DFB3ECAF84350F00491EF689D3192EF75A688C766
                                                                APIs
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                  • Part of subcall function 00ABC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00ABB6AE,?,?), ref: 00ABC9B5
                                                                  • Part of subcall function 00ABC998: _wcslen.LIBCMT ref: 00ABC9F1
                                                                  • Part of subcall function 00ABC998: _wcslen.LIBCMT ref: 00ABCA68
                                                                  • Part of subcall function 00ABC998: _wcslen.LIBCMT ref: 00ABCA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00ABBAA5
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00ABBB00
                                                                • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00ABBB63
                                                                • RegCloseKey.ADVAPI32(?,?), ref: 00ABBBA6
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00ABBBB3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                • String ID:
                                                                • API String ID: 826366716-0
                                                                • Opcode ID: 87f376e64fc093ad885fe8ed2f768affcecddf9bca85b89cd0d4cb8c23b0e9c2
                                                                • Instruction ID: ab5920ae00381872ec5ff120df2baee62d16abc218fa278888bb136a898c20c8
                                                                • Opcode Fuzzy Hash: 87f376e64fc093ad885fe8ed2f768affcecddf9bca85b89cd0d4cb8c23b0e9c2
                                                                • Instruction Fuzzy Hash: 6461A031218241EFD714DF14C890E6ABBE9FF84358F14895CF4998B2A2DB71ED45CBA2
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 00A98BCD
                                                                • VariantClear.OLEAUT32 ref: 00A98C3E
                                                                • VariantClear.OLEAUT32 ref: 00A98C9D
                                                                • VariantClear.OLEAUT32(?), ref: 00A98D10
                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00A98D3B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$Clear$ChangeInitType
                                                                • String ID:
                                                                • API String ID: 4136290138-0
                                                                • Opcode ID: 4af9ba1c117ae016301a119ec7dfddeaae8b36409bca2daba70c4d023b346c42
                                                                • Instruction ID: 08e6a251d9d13f97c0ef5c817b4e775d448cf4dfdacea55c0611bd0e32ad57fb
                                                                • Opcode Fuzzy Hash: 4af9ba1c117ae016301a119ec7dfddeaae8b36409bca2daba70c4d023b346c42
                                                                • Instruction Fuzzy Hash: 7F5156B5A00219EFCB14CF68C894EAAB7F8FF89310B158559E909DB350E734E912CB90
                                                                APIs
                                                                • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00AA8BAE
                                                                • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00AA8BDA
                                                                • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00AA8C32
                                                                • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00AA8C57
                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00AA8C5F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                • String ID:
                                                                • API String ID: 2832842796-0
                                                                • Opcode ID: 47bf7d957b8568d282ecc8c1bb340a36eb3262183e139fcd12e434258c71e6f6
                                                                • Instruction ID: 50ffe6ef30beaa1539ee11e0b56f9da549ffbd01584e8a2884ac7dc8e11193b1
                                                                • Opcode Fuzzy Hash: 47bf7d957b8568d282ecc8c1bb340a36eb3262183e139fcd12e434258c71e6f6
                                                                • Instruction Fuzzy Hash: 36513A75A002189FCB14DF65C981A6DBBF5FF49314F088458E84AAB3A2CB35ED51CF90
                                                                APIs
                                                                • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00AB8F40
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00AB8FD0
                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 00AB8FEC
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00AB9032
                                                                • FreeLibrary.KERNEL32(00000000), ref: 00AB9052
                                                                  • Part of subcall function 00A4F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00AA1043,?,7735E610), ref: 00A4F6E6
                                                                  • Part of subcall function 00A4F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00A8FA64,00000000,00000000,?,?,00AA1043,?,7735E610,?,00A8FA64), ref: 00A4F70D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                • String ID:
                                                                • API String ID: 666041331-0
                                                                • Opcode ID: 7a7452aa316e15b8c5887fcbb943ac88c95b783d08aad2731bcfb914c4cead7d
                                                                • Instruction ID: 4f62ed1c7eea04880da692cb31d8e548993797d7ee546383e01fad80e64844b7
                                                                • Opcode Fuzzy Hash: 7a7452aa316e15b8c5887fcbb943ac88c95b783d08aad2731bcfb914c4cead7d
                                                                • Instruction Fuzzy Hash: 35514C35604205DFCB10EF68C4848ADBBB5FF49324F098098E90A9B362DB31ED86CB91
                                                                APIs
                                                                • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00AC6C33
                                                                • SetWindowLongW.USER32(?,000000EC,?), ref: 00AC6C4A
                                                                • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00AC6C73
                                                                • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00AAAB79,00000000,00000000), ref: 00AC6C98
                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00AC6CC7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long$MessageSendShow
                                                                • String ID:
                                                                • API String ID: 3688381893-0
                                                                • Opcode ID: 20e982a4c3e09169a9076d78eded46a7ac7903c8fb0bd7ad109a874122fe39dd
                                                                • Instruction ID: fa1883f47e9b25a92311de3326360299c3fddc105a9099b49a4494d73e4bcf34
                                                                • Opcode Fuzzy Hash: 20e982a4c3e09169a9076d78eded46a7ac7903c8fb0bd7ad109a874122fe39dd
                                                                • Instruction Fuzzy Hash: B741C435A08104AFDB24CF68CD58FA97BB5EB09360F16026CF999E72E1C771ED41DA90
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _free
                                                                • String ID:
                                                                • API String ID: 269201875-0
                                                                • Opcode ID: aa4243dd16d1a7820a4e23186d88f5c508591f43e03d4c49d445990b57e6f7c6
                                                                • Instruction ID: 2504ceb1a4bd144f641a1be47e48e8b595fa8c76e9b836bf51954fe07e73d015
                                                                • Opcode Fuzzy Hash: aa4243dd16d1a7820a4e23186d88f5c508591f43e03d4c49d445990b57e6f7c6
                                                                • Instruction Fuzzy Hash: 2241E472A006049FCB24DFB8C981B6DB7F5EF89714F164569E915EB391DB31AD01CB80
                                                                APIs
                                                                • GetCursorPos.USER32(?), ref: 00A49141
                                                                • ScreenToClient.USER32(00000000,?), ref: 00A4915E
                                                                • GetAsyncKeyState.USER32(00000001), ref: 00A49183
                                                                • GetAsyncKeyState.USER32(00000002), ref: 00A4919D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: AsyncState$ClientCursorScreen
                                                                • String ID:
                                                                • API String ID: 4210589936-0
                                                                • Opcode ID: b0c48250561b000f1429cff1aa18a21ec365fdc645680bedaeadfb2c9531eb7f
                                                                • Instruction ID: 6c90c2c33c8ae93ff73ad09b376f4e6ac914c3d0fb07d47f5bb8a093d5fabdec
                                                                • Opcode Fuzzy Hash: b0c48250561b000f1429cff1aa18a21ec365fdc645680bedaeadfb2c9531eb7f
                                                                • Instruction Fuzzy Hash: 9941403590851AFBDF15EF68C848BEEB774FB45320F204319E429A72E0C730A950CB51
                                                                APIs
                                                                • GetInputState.USER32 ref: 00AA38CB
                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00AA3922
                                                                • TranslateMessage.USER32(?), ref: 00AA394B
                                                                • DispatchMessageW.USER32(?), ref: 00AA3955
                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AA3966
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                • String ID:
                                                                • API String ID: 2256411358-0
                                                                • Opcode ID: 8893c57e600eac55c478eeb6974a4b86e4533cc950401479d3e28bf20a3178ef
                                                                • Instruction ID: 79749f0170cf4e76f664c0e960872b051bab1c8fece4f8baa8310dfa2d924f35
                                                                • Opcode Fuzzy Hash: 8893c57e600eac55c478eeb6974a4b86e4533cc950401479d3e28bf20a3178ef
                                                                • Instruction Fuzzy Hash: 19318472904345AFEF29CB749868BB737E8EB17304F04496DF466831E0E7B49A85CB11
                                                                APIs
                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 00AACF38
                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 00AACF6F
                                                                • GetLastError.KERNEL32(?,00000000,?,?,?,00AAC21E,00000000), ref: 00AACFB4
                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,00AAC21E,00000000), ref: 00AACFC8
                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,00AAC21E,00000000), ref: 00AACFF2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                • String ID:
                                                                • API String ID: 3191363074-0
                                                                • Opcode ID: cbf0ccd78197035dd3b46d62b9435a63e8b39ea55040875c04a84a8da95ff268
                                                                • Instruction ID: 87be0c86c514e0f23059e6a86411784a0f8f3051f37b6d89c94cffa2679a1018
                                                                • Opcode Fuzzy Hash: cbf0ccd78197035dd3b46d62b9435a63e8b39ea55040875c04a84a8da95ff268
                                                                • Instruction Fuzzy Hash: A8314B71904305EFEB20DFA5C984AAEBBF9EB15365B10442EF51AD7181DB30AE41DB60
                                                                APIs
                                                                • GetWindowRect.USER32(?,?), ref: 00A91915
                                                                • PostMessageW.USER32(00000001,00000201,00000001), ref: 00A919C1
                                                                • Sleep.KERNEL32(00000000,?,?,?), ref: 00A919C9
                                                                • PostMessageW.USER32(00000001,00000202,00000000), ref: 00A919DA
                                                                • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00A919E2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePostSleep$RectWindow
                                                                • String ID:
                                                                • API String ID: 3382505437-0
                                                                • Opcode ID: a4eeceb508c78dc645560cc7ad5a34bda42b7e8633cdb38be6a77fa293afc625
                                                                • Instruction ID: f4f7b07740925f239eecf88554c3403357c156980b537ba5850d4b04d5d42739
                                                                • Opcode Fuzzy Hash: a4eeceb508c78dc645560cc7ad5a34bda42b7e8633cdb38be6a77fa293afc625
                                                                • Instruction Fuzzy Hash: D431C071A0021AEFDF00CFA8CD99ADE3BB5EB04325F104229F925AB2D1C7709D45CB90
                                                                APIs
                                                                • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00AC5745
                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 00AC579D
                                                                • _wcslen.LIBCMT ref: 00AC57AF
                                                                • _wcslen.LIBCMT ref: 00AC57BA
                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AC5816
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$_wcslen
                                                                • String ID:
                                                                • API String ID: 763830540-0
                                                                • Opcode ID: 18c24ad6ecca93a6bc60a70181b06529d1fde5ca8206959115101006f7a3373d
                                                                • Instruction ID: 354c120857d3f2a003d802d5e451cb946ae5bc17c551c7f76ebd437751dff53b
                                                                • Opcode Fuzzy Hash: 18c24ad6ecca93a6bc60a70181b06529d1fde5ca8206959115101006f7a3373d
                                                                • Instruction Fuzzy Hash: 3D218D31D046189ADB208FB4CD85FEE7BB8FF04324F11865AF929AA180D774AAC5CF50
                                                                APIs
                                                                • IsWindow.USER32(00000000), ref: 00AB0951
                                                                • GetForegroundWindow.USER32 ref: 00AB0968
                                                                • GetDC.USER32(00000000), ref: 00AB09A4
                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 00AB09B0
                                                                • ReleaseDC.USER32(00000000,00000003), ref: 00AB09E8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ForegroundPixelRelease
                                                                • String ID:
                                                                • API String ID: 4156661090-0
                                                                • Opcode ID: 6ff5744200746dc17f3c20c0254ea44276b2344acacccb421da8398c03e217ca
                                                                • Instruction ID: 0d13cea10d7d829ed54bb71a28c532a34f9284289fefeb9e9efc5800274afe92
                                                                • Opcode Fuzzy Hash: 6ff5744200746dc17f3c20c0254ea44276b2344acacccb421da8398c03e217ca
                                                                • Instruction Fuzzy Hash: A5219335600204AFD714EFA9C984EAEBBF9EF49750F058068F85AD7752CB30AC05CB50
                                                                APIs
                                                                • GetEnvironmentStringsW.KERNEL32 ref: 00A6CDC6
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A6CDE9
                                                                  • Part of subcall function 00A63820: RtlAllocateHeap.NTDLL(00000000,?,00B01444,?,00A4FDF5,?,?,00A3A976,00000010,00B01440,00A313FC,?,00A313C6,?,00A31129), ref: 00A63852
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00A6CE0F
                                                                • _free.LIBCMT ref: 00A6CE22
                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00A6CE31
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                • String ID:
                                                                • API String ID: 336800556-0
                                                                • Opcode ID: 22fc4b0ee4cbacc9ad60e63a19bd7a56f8827da127df625858122e1543865436
                                                                • Instruction ID: 93e9f47f67a0b464a24db314b6ffcb66637dbc0540c1a7b72ce3bb1c7d33b8af
                                                                • Opcode Fuzzy Hash: 22fc4b0ee4cbacc9ad60e63a19bd7a56f8827da127df625858122e1543865436
                                                                • Instruction Fuzzy Hash: 2101F772A026157FA32157B66C8CD7F797DDEC6FB13150129FD09D7200EA6A8D0281F0
                                                                APIs
                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A49693
                                                                • SelectObject.GDI32(?,00000000), ref: 00A496A2
                                                                • BeginPath.GDI32(?), ref: 00A496B9
                                                                • SelectObject.GDI32(?,00000000), ref: 00A496E2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                • String ID:
                                                                • API String ID: 3225163088-0
                                                                • Opcode ID: 0025b138c3118aba75a8578ad02ae48cfb8a5ba5f1687488cc0aa4a8d86e417a
                                                                • Instruction ID: bf4ad930928c04c1d75f30f52aff019842eab5d704580113ed7731a6307a5c66
                                                                • Opcode Fuzzy Hash: 0025b138c3118aba75a8578ad02ae48cfb8a5ba5f1687488cc0aa4a8d86e417a
                                                                • Instruction Fuzzy Hash: 05218034802305EFDB15DF69EC08BAB7BB8BBA0325F114616F414A71B0D77098A3CBA0
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _memcmp
                                                                • String ID:
                                                                • API String ID: 2931989736-0
                                                                • Opcode ID: 141041a7ca9aa1801ed2dafb89b68ba925bb6624c714d07bebf8e142a3bd995d
                                                                • Instruction ID: 565e70d874c41d3e83829a34513c995427b21f907437c030b935853600d9ebed
                                                                • Opcode Fuzzy Hash: 141041a7ca9aa1801ed2dafb89b68ba925bb6624c714d07bebf8e142a3bd995d
                                                                • Instruction Fuzzy Hash: 010196B1B45605BE9A0956609E93FBA639DAB213A5B004825FD04AE241FB70EE1483A1
                                                                APIs
                                                                • GetSysColor.USER32(00000008), ref: 00A498CC
                                                                • SetTextColor.GDI32(?,?), ref: 00A498D6
                                                                • SetBkMode.GDI32(?,00000001), ref: 00A498E9
                                                                • GetStockObject.GDI32(00000005), ref: 00A498F1
                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00A49952
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$LongModeObjectStockTextWindow
                                                                • String ID:
                                                                • API String ID: 1860813098-0
                                                                • Opcode ID: 18ef36530a386955c1f91366c5c78f1ceecf97fb1fd972935b6b05ddbfe57f27
                                                                • Instruction ID: ab2e71cb32f0820e8c5d48c305822b78d1f70440a03157e1890a8728b78f238f
                                                                • Opcode Fuzzy Hash: 18ef36530a386955c1f91366c5c78f1ceecf97fb1fd972935b6b05ddbfe57f27
                                                                • Instruction Fuzzy Hash: 611132361462409FDB128F65EC55EEB3B20AF92325B190159F9829B1B3CB324913CB50
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,?,00A5F2DE,00A63863,00B01444,?,00A4FDF5,?,?,00A3A976,00000010,00B01440,00A313FC,?,00A313C6), ref: 00A62DFD
                                                                • _free.LIBCMT ref: 00A62E32
                                                                • _free.LIBCMT ref: 00A62E59
                                                                • SetLastError.KERNEL32(00000000,00A31129), ref: 00A62E66
                                                                • SetLastError.KERNEL32(00000000,00A31129), ref: 00A62E6F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_free
                                                                • String ID:
                                                                • API String ID: 3170660625-0
                                                                • Opcode ID: 737c068671ffcacc3418c3576a29b90a4f1ccd31470b4929c61ae93e28aeecaf
                                                                • Instruction ID: ff5f0efadc145767f9c2272ea531b3867e0084caa7be4cc594aad47f032974f8
                                                                • Opcode Fuzzy Hash: 737c068671ffcacc3418c3576a29b90a4f1ccd31470b4929c61ae93e28aeecaf
                                                                • Instruction Fuzzy Hash: 5101F936645E0067C71267B56E45F2B1D7DABD13B1B250134F425922D2EB258C024320
                                                                APIs
                                                                • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A8FF41,80070057,?,?,?,00A9035E), ref: 00A9002B
                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A8FF41,80070057,?,?), ref: 00A90046
                                                                • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A8FF41,80070057,?,?), ref: 00A90054
                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A8FF41,80070057,?), ref: 00A90064
                                                                • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A8FF41,80070057,?,?), ref: 00A90070
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                • String ID:
                                                                • API String ID: 3897988419-0
                                                                • Opcode ID: 310b92ca0d0c19a49323ea5e3430ae78aea0e50ac8ba42c3ed42a6b129270cb5
                                                                • Instruction ID: fe934fe27d5d036e9d02b79932ef340c823bcd43968f1eed9a45b37a5bde9199
                                                                • Opcode Fuzzy Hash: 310b92ca0d0c19a49323ea5e3430ae78aea0e50ac8ba42c3ed42a6b129270cb5
                                                                • Instruction Fuzzy Hash: 3C018B72700204BFDF108FA8DC04FAA7AEDEB447A2F154124F909D6210EB71DD418BA0
                                                                APIs
                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00A9E997
                                                                • QueryPerformanceFrequency.KERNEL32(?), ref: 00A9E9A5
                                                                • Sleep.KERNEL32(00000000), ref: 00A9E9AD
                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00A9E9B7
                                                                • Sleep.KERNEL32 ref: 00A9E9F3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                • String ID:
                                                                • API String ID: 2833360925-0
                                                                • Opcode ID: 325dd7292320362c224757b0be58dbfc18ec41062eb9b1eb78290d33f9b9fd1c
                                                                • Instruction ID: bf5d89c6f69b1b9c2eeb4145712041032bcf955a7f2468c996d98eccc5f489c8
                                                                • Opcode Fuzzy Hash: 325dd7292320362c224757b0be58dbfc18ec41062eb9b1eb78290d33f9b9fd1c
                                                                • Instruction Fuzzy Hash: 34015B31D01539DBCF00EBE5DC59ADDFBB8FB08310F050646E506B2142CB30995287A1
                                                                APIs
                                                                • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A91114
                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,?,00A90B9B,?,?,?), ref: 00A91120
                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A90B9B,?,?,?), ref: 00A9112F
                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A90B9B,?,?,?), ref: 00A91136
                                                                • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A9114D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 842720411-0
                                                                • Opcode ID: cefdb16f3f6a2bccfdeb0176752f5348dceca84d51b437407cb1b4f667bfcc80
                                                                • Instruction ID: a64f8703cc3ce30d1f9b76fafafa7e5d8f63f457f75bb0aa5756deecde08d159
                                                                • Opcode Fuzzy Hash: cefdb16f3f6a2bccfdeb0176752f5348dceca84d51b437407cb1b4f667bfcc80
                                                                • Instruction Fuzzy Hash: 0B016979200205BFDB118FA5DC4DE6A3BAEEF893A4B250418FA49C7360DB31DC028A60
                                                                APIs
                                                                • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00A90FCA
                                                                • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00A90FD6
                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00A90FE5
                                                                • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00A90FEC
                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00A91002
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 44706859-0
                                                                • Opcode ID: 768aa6648e7d33c113dd02b325685f504bc506b66b8a2ab578ff824d31e57fcc
                                                                • Instruction ID: af7bb7f20eccb6eb8e5b82488723234150d2b2913c2befa77186bffdd019fb25
                                                                • Opcode Fuzzy Hash: 768aa6648e7d33c113dd02b325685f504bc506b66b8a2ab578ff824d31e57fcc
                                                                • Instruction Fuzzy Hash: 19F04939200312EBDB218FA5AC49F563BADFF89762F164424FA4AC6251CA71DC42CA60
                                                                APIs
                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00A9102A
                                                                • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00A91036
                                                                • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A91045
                                                                • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00A9104C
                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A91062
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 44706859-0
                                                                • Opcode ID: ca5d6f9cafd8a8d0c2bb6879cd06825a2447a3ea3573da0f9eb1f40c27228950
                                                                • Instruction ID: f32b4977c406294599ba761bc0cab0c7cedc02074c33f1cafd26b05c79ee009d
                                                                • Opcode Fuzzy Hash: ca5d6f9cafd8a8d0c2bb6879cd06825a2447a3ea3573da0f9eb1f40c27228950
                                                                • Instruction Fuzzy Hash: E6F06D39200312EBDB219FE5EC49F563BADFF897A1F560524FA49C7250CA71D8428A60
                                                                APIs
                                                                • CloseHandle.KERNEL32(?,?,?,?,00AA017D,?,00AA32FC,?,00000001,00A72592,?), ref: 00AA0324
                                                                • CloseHandle.KERNEL32(?,?,?,?,00AA017D,?,00AA32FC,?,00000001,00A72592,?), ref: 00AA0331
                                                                • CloseHandle.KERNEL32(?,?,?,?,00AA017D,?,00AA32FC,?,00000001,00A72592,?), ref: 00AA033E
                                                                • CloseHandle.KERNEL32(?,?,?,?,00AA017D,?,00AA32FC,?,00000001,00A72592,?), ref: 00AA034B
                                                                • CloseHandle.KERNEL32(?,?,?,?,00AA017D,?,00AA32FC,?,00000001,00A72592,?), ref: 00AA0358
                                                                • CloseHandle.KERNEL32(?,?,?,?,00AA017D,?,00AA32FC,?,00000001,00A72592,?), ref: 00AA0365
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseHandle
                                                                • String ID:
                                                                • API String ID: 2962429428-0
                                                                • Opcode ID: e3690ca0d45d85407201e3293982bd0dbbe3748c24af3ff901eb676f9bbcc16f
                                                                • Instruction ID: c68edd5d55d93f812530a38568b3147a5ee84d1df7617d4f4b005a027cd119a0
                                                                • Opcode Fuzzy Hash: e3690ca0d45d85407201e3293982bd0dbbe3748c24af3ff901eb676f9bbcc16f
                                                                • Instruction Fuzzy Hash: C601AE72800B159FCB30AF66D880812FBF9BF613153158A3FD19696971C3B1A959DF90
                                                                APIs
                                                                • _free.LIBCMT ref: 00A6D752
                                                                  • Part of subcall function 00A629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A6D7D1,00000000,00000000,00000000,00000000,?,00A6D7F8,00000000,00000007,00000000,?,00A6DBF5,00000000), ref: 00A629DE
                                                                  • Part of subcall function 00A629C8: GetLastError.KERNEL32(00000000,?,00A6D7D1,00000000,00000000,00000000,00000000,?,00A6D7F8,00000000,00000007,00000000,?,00A6DBF5,00000000,00000000), ref: 00A629F0
                                                                • _free.LIBCMT ref: 00A6D764
                                                                • _free.LIBCMT ref: 00A6D776
                                                                • _free.LIBCMT ref: 00A6D788
                                                                • _free.LIBCMT ref: 00A6D79A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: e8d01e9e3cd69c95c03f1afb9e7042f56df0c4d5d3df6605257b467526f7c55d
                                                                • Instruction ID: 0114805af4f7e24697d82ed5b1b4b7972734b9656296d3b816f44d5af42df5d9
                                                                • Opcode Fuzzy Hash: e8d01e9e3cd69c95c03f1afb9e7042f56df0c4d5d3df6605257b467526f7c55d
                                                                • Instruction Fuzzy Hash: 3DF0FF33B44608ABC625EBA5FAC5D2677FDBB847A0B940805F048E7501CB20FC80C7A5
                                                                APIs
                                                                • GetDlgItem.USER32(?,000003E9), ref: 00A95C58
                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 00A95C6F
                                                                • MessageBeep.USER32(00000000), ref: 00A95C87
                                                                • KillTimer.USER32(?,0000040A), ref: 00A95CA3
                                                                • EndDialog.USER32(?,00000001), ref: 00A95CBD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                • String ID:
                                                                • API String ID: 3741023627-0
                                                                • Opcode ID: 7f033f7c9a421b0608ae689e4e506c29980b1c17aff4b62f393c8a57f1dee3c2
                                                                • Instruction ID: 60402186f0e1a89d06cb02a727c8a27d41d1c180adcb98fd65db87bf4412b34d
                                                                • Opcode Fuzzy Hash: 7f033f7c9a421b0608ae689e4e506c29980b1c17aff4b62f393c8a57f1dee3c2
                                                                • Instruction Fuzzy Hash: 33018130A00B04ABEF259B60DE4FFA677F8BB00B05F011559F687A15E1DBF0A9858B90
                                                                APIs
                                                                • _free.LIBCMT ref: 00A622BE
                                                                  • Part of subcall function 00A629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A6D7D1,00000000,00000000,00000000,00000000,?,00A6D7F8,00000000,00000007,00000000,?,00A6DBF5,00000000), ref: 00A629DE
                                                                  • Part of subcall function 00A629C8: GetLastError.KERNEL32(00000000,?,00A6D7D1,00000000,00000000,00000000,00000000,?,00A6D7F8,00000000,00000007,00000000,?,00A6DBF5,00000000,00000000), ref: 00A629F0
                                                                • _free.LIBCMT ref: 00A622D0
                                                                • _free.LIBCMT ref: 00A622E3
                                                                • _free.LIBCMT ref: 00A622F4
                                                                • _free.LIBCMT ref: 00A62305
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: 3ecff1d922aeb6c944bf011c69979867aa863c5b67e8845a9eb1ff4fc3accf4b
                                                                • Instruction ID: 79db7531eaee045423f59212411228bd7eb269cd2c2b2ae0a47d9394c1db1188
                                                                • Opcode Fuzzy Hash: 3ecff1d922aeb6c944bf011c69979867aa863c5b67e8845a9eb1ff4fc3accf4b
                                                                • Instruction Fuzzy Hash: F1F030715109158BC71AFFE8BD01A583BB4B7B87A1B00054AF411D3271CF300411ABE5
                                                                APIs
                                                                • EndPath.GDI32(?), ref: 00A495D4
                                                                • StrokeAndFillPath.GDI32(?,?,00A871F7,00000000,?,?,?), ref: 00A495F0
                                                                • SelectObject.GDI32(?,00000000), ref: 00A49603
                                                                • DeleteObject.GDI32 ref: 00A49616
                                                                • StrokePath.GDI32(?), ref: 00A49631
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                • String ID:
                                                                • API String ID: 2625713937-0
                                                                • Opcode ID: b7a38b8f1b9e1a8e1ad385cc63d929f78c693744b92b1c99375ef9444cf31d6c
                                                                • Instruction ID: 78bb2e179d0ab216447d58a7c37f6a3d9dd1f28cf3ba63e442975a815a7ecfff
                                                                • Opcode Fuzzy Hash: b7a38b8f1b9e1a8e1ad385cc63d929f78c693744b92b1c99375ef9444cf31d6c
                                                                • Instruction Fuzzy Hash: DFF04935006208EFDB2A9FA9ED1CB667F61BB60332F158214F469560F0CB3089A7DF21
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: __freea$_free
                                                                • String ID: a/p$am/pm
                                                                • API String ID: 3432400110-3206640213
                                                                • Opcode ID: a4ca9279f6ef78131a3609e83410e3e7433fde5603f8b6b7465e3d7b5f381716
                                                                • Instruction ID: bfa78b959b1421f537d0bec803e2f5ee32e7148acb80cad4600835a62b97b2de
                                                                • Opcode Fuzzy Hash: a4ca9279f6ef78131a3609e83410e3e7433fde5603f8b6b7465e3d7b5f381716
                                                                • Instruction Fuzzy Hash: 07D1F171900206DADB659F68C895BFABFB1FF06700F2C4269EA069F750E3359D81CB91
                                                                APIs
                                                                  • Part of subcall function 00A50242: EnterCriticalSection.KERNEL32(00B0070C,00B01884,?,?,00A4198B,00B02518,?,?,?,00A312F9,00000000), ref: 00A5024D
                                                                  • Part of subcall function 00A50242: LeaveCriticalSection.KERNEL32(00B0070C,?,00A4198B,00B02518,?,?,?,00A312F9,00000000), ref: 00A5028A
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                  • Part of subcall function 00A500A3: __onexit.LIBCMT ref: 00A500A9
                                                                • __Init_thread_footer.LIBCMT ref: 00AB7BFB
                                                                  • Part of subcall function 00A501F8: EnterCriticalSection.KERNEL32(00B0070C,?,?,00A48747,00B02514), ref: 00A50202
                                                                  • Part of subcall function 00A501F8: LeaveCriticalSection.KERNEL32(00B0070C,?,00A48747,00B02514), ref: 00A50235
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                • String ID: 5$G$Variable must be of type 'Object'.
                                                                • API String ID: 535116098-3733170431
                                                                • Opcode ID: b8b318f3e3c281f2ec0b7c61f29f2b4ac26174a9c7efbcb14ff846c0da20590e
                                                                • Instruction ID: be95785bd92a2605257c000d8a8dbd998175f3dc7eae08eee3afca31e6d0ef23
                                                                • Opcode Fuzzy Hash: b8b318f3e3c281f2ec0b7c61f29f2b4ac26174a9c7efbcb14ff846c0da20590e
                                                                • Instruction Fuzzy Hash: 4E918D74A04209AFCB14EF94D991DFDBBB9FF85340F108059F8069B292DBB1AE45CB51
                                                                APIs
                                                                  • Part of subcall function 00A9B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00A921D0,?,?,00000034,00000800,?,00000034), ref: 00A9B42D
                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00A92760
                                                                  • Part of subcall function 00A9B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00A921FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00A9B3F8
                                                                  • Part of subcall function 00A9B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00A9B355
                                                                  • Part of subcall function 00A9B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00A92194,00000034,?,?,00001004,00000000,00000000), ref: 00A9B365
                                                                  • Part of subcall function 00A9B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00A92194,00000034,?,?,00001004,00000000,00000000), ref: 00A9B37B
                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00A927CD
                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00A9281A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                • String ID: @
                                                                • API String ID: 4150878124-2766056989
                                                                • Opcode ID: 9ccef6f10ed5a7675ff84e0d6fa8cb11a24e7fd10427770afd33fbd246c95d00
                                                                • Instruction ID: b072a8e31f8319917145c89368e3befe4f3d69abd8845d3728cfdc8fd9f087aa
                                                                • Opcode Fuzzy Hash: 9ccef6f10ed5a7675ff84e0d6fa8cb11a24e7fd10427770afd33fbd246c95d00
                                                                • Instruction Fuzzy Hash: FA410976A00218BEDF10DFA4DA45FEEBBB8AF09700F108095FA55B7181DA706E45DBA1
                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00A61769
                                                                • _free.LIBCMT ref: 00A61834
                                                                • _free.LIBCMT ref: 00A6183E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$FileModuleName
                                                                • String ID: C:\Users\user\Desktop\file.exe
                                                                • API String ID: 2506810119-3587028468
                                                                • Opcode ID: 8b51b4ccc08235651e7fa54a5db9b99984582b80ec427dfea2b3e5fe031b66fd
                                                                • Instruction ID: 4f0537adf5dee5299fdf6b962def88970dbcf10ab8b0d48cb08345fd8315e264
                                                                • Opcode Fuzzy Hash: 8b51b4ccc08235651e7fa54a5db9b99984582b80ec427dfea2b3e5fe031b66fd
                                                                • Instruction Fuzzy Hash: 65317CB1A00218AFDB25DF99DD85D9EBFFCEB95310F1841AAF805D7211DA708E40CBA0
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00A9C306
                                                                • DeleteMenu.USER32(?,00000007,00000000), ref: 00A9C34C
                                                                • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00B01990,01066648), ref: 00A9C395
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Delete$InfoItem
                                                                • String ID: 0
                                                                • API String ID: 135850232-4108050209
                                                                • Opcode ID: 13d247ca316afba7f8ff2ff579a5640e97efebfeec7b4439cc68cb5b49e59ea9
                                                                • Instruction ID: 923dba3aeaf8f47d9080e84273c144777c0c9e0626d0da48d50dc5150070af17
                                                                • Opcode Fuzzy Hash: 13d247ca316afba7f8ff2ff579a5640e97efebfeec7b4439cc68cb5b49e59ea9
                                                                • Instruction Fuzzy Hash: FC41BE712447019FDB20DF28D884B5BBBE8AF89320F108A1DF8A59B2D1D770E904CB62
                                                                APIs
                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00ACCC08,00000000,?,?,?,?), ref: 00AC44AA
                                                                • GetWindowLongW.USER32 ref: 00AC44C7
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AC44D7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long
                                                                • String ID: SysTreeView32
                                                                • API String ID: 847901565-1698111956
                                                                • Opcode ID: e1818ae691cbb0cd14a79067965b5c87d2bcb35f170e7fed9a3d746856508f18
                                                                • Instruction ID: f718c50cf4f72da90dd1db89bc21a1858a632434bf5cc1fef7d945c58af94051
                                                                • Opcode Fuzzy Hash: e1818ae691cbb0cd14a79067965b5c87d2bcb35f170e7fed9a3d746856508f18
                                                                • Instruction Fuzzy Hash: 5E31AB31210609AFDB248F78DD45FEA7BA9EB48334F228719F979921E0DB70EC519B50
                                                                APIs
                                                                  • Part of subcall function 00AB335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00AB3077,?,?), ref: 00AB3378
                                                                • inet_addr.WSOCK32(?), ref: 00AB307A
                                                                • _wcslen.LIBCMT ref: 00AB309B
                                                                • htons.WSOCK32(00000000), ref: 00AB3106
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                • String ID: 255.255.255.255
                                                                • API String ID: 946324512-2422070025
                                                                • Opcode ID: 2974e1c53af392b93547a7fd5271dbbdb65390cd944814b9e8d21e70b62db7b9
                                                                • Instruction ID: ce245f57f195c7899247e0ca3b8805b7701853ab8d3d053b918349e131918e82
                                                                • Opcode Fuzzy Hash: 2974e1c53af392b93547a7fd5271dbbdb65390cd944814b9e8d21e70b62db7b9
                                                                • Instruction Fuzzy Hash: D131E13A6002019FCF10DF68D985EAA77F8EF14318F248159E9158B393DB72EE45CB60
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00AC3F40
                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00AC3F54
                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AC3F78
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Window
                                                                • String ID: SysMonthCal32
                                                                • API String ID: 2326795674-1439706946
                                                                • Opcode ID: 0c2570df6e227a4428db97fe1a1d17e7d1a71f05152e4ed5d4af1c1802b677ff
                                                                • Instruction ID: 52676cc5453a3ce88900b4bc84193d13a5268fc5d9653a886db41526fa3f163c
                                                                • Opcode Fuzzy Hash: 0c2570df6e227a4428db97fe1a1d17e7d1a71f05152e4ed5d4af1c1802b677ff
                                                                • Instruction Fuzzy Hash: 5F21BF33600219BFDF15CF94CC46FEA3BB9EF48724F124218FA156B1D0D6B5A9508B90
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00AC4705
                                                                • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00AC4713
                                                                • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00AC471A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$DestroyWindow
                                                                • String ID: msctls_updown32
                                                                • API String ID: 4014797782-2298589950
                                                                • Opcode ID: 8c5a52b22112f4a2e37097f63b5c0106dbb793f132205bc1b29e6fc8790ca535
                                                                • Instruction ID: d0eaab7669f790e1451602cd05e00677797458badf507447c9419f602906ccc8
                                                                • Opcode Fuzzy Hash: 8c5a52b22112f4a2e37097f63b5c0106dbb793f132205bc1b29e6fc8790ca535
                                                                • Instruction Fuzzy Hash: 092160B5600208AFEB10DF68DCD1EB737ADEB5A3A4B050459FA049B351DB30EC52CB60
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                • API String ID: 176396367-2734436370
                                                                • Opcode ID: a13e743b30f71ae6a22812b8d1f1fb6db6b3fbd646388d11c269c6fd55c86ca2
                                                                • Instruction ID: 0e82d3b1573a277e4e2c3ae50035ee09d6ee8bc25fe2f168880c55b6a529a475
                                                                • Opcode Fuzzy Hash: a13e743b30f71ae6a22812b8d1f1fb6db6b3fbd646388d11c269c6fd55c86ca2
                                                                • Instruction Fuzzy Hash: CF213872304510BAEB31AB2C9D03FBBB3E8AF91310F11442EFE49A7041EB65AD49C2D5
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00AC3840
                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00AC3850
                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00AC3876
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$MoveWindow
                                                                • String ID: Listbox
                                                                • API String ID: 3315199576-2633736733
                                                                • Opcode ID: 2327177bd5c86118211f2e1d6d53fbfd2c4971b050bc6c0ab591a5dee8776df9
                                                                • Instruction ID: e5440b9a44a295ef6e1db89696c81e753429c45bf0b33762e1acd1cd95cffa8d
                                                                • Opcode Fuzzy Hash: 2327177bd5c86118211f2e1d6d53fbfd2c4971b050bc6c0ab591a5dee8776df9
                                                                • Instruction Fuzzy Hash: 80217F72610218BBEF11DF94DC85FBB376AEF89760F12C118F9159B190CA759C5287A0
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 00AA4A08
                                                                • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00AA4A5C
                                                                • SetErrorMode.KERNEL32(00000000,?,?,00ACCC08), ref: 00AA4AD0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$InformationVolume
                                                                • String ID: %lu
                                                                • API String ID: 2507767853-685833217
                                                                • Opcode ID: 69b797c2a69085ba6676d0903867384e07a00119b852c66c1a481620a8ade9fd
                                                                • Instruction ID: 83087ae0321a17be64c4b6dbe49eb92a7defc6ccf1de3a4260cbe15e759aa33a
                                                                • Opcode Fuzzy Hash: 69b797c2a69085ba6676d0903867384e07a00119b852c66c1a481620a8ade9fd
                                                                • Instruction Fuzzy Hash: 5C317175A00108AFDB10DF94C985EAA7BF8EF49318F1480A9F909DB252D771ED46CB61
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00AC424F
                                                                • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00AC4264
                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00AC4271
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID: msctls_trackbar32
                                                                • API String ID: 3850602802-1010561917
                                                                • Opcode ID: 824890d112250e49ff4b254daf7d206bf0a9917b56b261a8345642957186718f
                                                                • Instruction ID: c7eb44d4e6b5bf1bf9f377387eda2b89c81b72b66754c12a05b98ebbd971091c
                                                                • Opcode Fuzzy Hash: 824890d112250e49ff4b254daf7d206bf0a9917b56b261a8345642957186718f
                                                                • Instruction Fuzzy Hash: 82110631240208BEEF205F68CC06FEB3BACEF99B64F024518FA55E2090D671DC519B14
                                                                APIs
                                                                  • Part of subcall function 00A36B57: _wcslen.LIBCMT ref: 00A36B6A
                                                                  • Part of subcall function 00A92DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A92DC5
                                                                  • Part of subcall function 00A92DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A92DD6
                                                                  • Part of subcall function 00A92DA7: GetCurrentThreadId.KERNEL32 ref: 00A92DDD
                                                                  • Part of subcall function 00A92DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00A92DE4
                                                                • GetFocus.USER32 ref: 00A92F78
                                                                  • Part of subcall function 00A92DEE: GetParent.USER32(00000000), ref: 00A92DF9
                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00A92FC3
                                                                • EnumChildWindows.USER32(?,00A9303B), ref: 00A92FEB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                • String ID: %s%d
                                                                • API String ID: 1272988791-1110647743
                                                                • Opcode ID: 249769d1ebd2c0ee0528e66c0a8bc7eadadfe4923eb658830027b5bf117ad4e5
                                                                • Instruction ID: 859c17253886d5f8ece41d46be08d638b2049bf843fe05815af56d3e3020cc69
                                                                • Opcode Fuzzy Hash: 249769d1ebd2c0ee0528e66c0a8bc7eadadfe4923eb658830027b5bf117ad4e5
                                                                • Instruction Fuzzy Hash: 3E11B4717002057BCF14BFB08D89FED77AAAF84314F048075FA099B252DE309A468B60
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00AC58C1
                                                                • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00AC58EE
                                                                • DrawMenuBar.USER32(?), ref: 00AC58FD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$InfoItem$Draw
                                                                • String ID: 0
                                                                • API String ID: 3227129158-4108050209
                                                                • Opcode ID: a4c1ba3a8b0c5318a3055a7ff93e7df2f229d1ce33f7718fb6769fe45078d390
                                                                • Instruction ID: 11a71a4f60bda5f5487884890232617ff401a49736cbeb14a17f28eafe4e87e4
                                                                • Opcode Fuzzy Hash: a4c1ba3a8b0c5318a3055a7ff93e7df2f229d1ce33f7718fb6769fe45078d390
                                                                • Instruction Fuzzy Hash: 63018B31900218EEDB209F61DC45FAEBBB8FB85361F008099F848D6151DB309A81DF20
                                                                APIs
                                                                • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00A8D3BF
                                                                • FreeLibrary.KERNEL32 ref: 00A8D3E5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeLibraryProc
                                                                • String ID: GetSystemWow64DirectoryW$X64
                                                                • API String ID: 3013587201-2590602151
                                                                • Opcode ID: 3028696f9b4bace98d81978fd99d42d1060ec853207447401ddb716d90097047
                                                                • Instruction ID: 506280d00c9c25be97e728fd58c0cda6f04656c102d8e37b4b542de66f8ab1f1
                                                                • Opcode Fuzzy Hash: 3028696f9b4bace98d81978fd99d42d1060ec853207447401ddb716d90097047
                                                                • Instruction Fuzzy Hash: 3DF05536801621BBC33273104C14EA9B334EF00B01B5A8658F806EA1C4EB20CD418382
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cda342615173d2454b0161ca2151f578a6206e61966c8a27a961a4690513daa2
                                                                • Instruction ID: 0aa773fdaaa8c1919182a968691fdd2e3f9aaab567556bdaad5ef5ee86eaf4b1
                                                                • Opcode Fuzzy Hash: cda342615173d2454b0161ca2151f578a6206e61966c8a27a961a4690513daa2
                                                                • Instruction Fuzzy Hash: 68C14875A0021AAFCB14CFA8C898EAEB7F5FF48744F218598E905EB251D731ED41DB90
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: __alldvrm$_strrchr
                                                                • String ID:
                                                                • API String ID: 1036877536-0
                                                                • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                • Instruction ID: bfac8d70ae33fa63f554a16c7b0741bfb54e7b415460bf49d02ae9e845587811
                                                                • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                • Instruction Fuzzy Hash: C6A17E72E003569FEB25CF18C8917AEBFF4EF6A350F15426DE5559B282C2388D82C750
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInitInitializeUninitialize
                                                                • String ID:
                                                                • API String ID: 1998397398-0
                                                                • Opcode ID: d0be83d13c4c490d67e97b12c2680c2f0a9d74c2ebea2da57afbe6dc6c7b10e1
                                                                • Instruction ID: dc7eb835262ca73a64482a85fbdce09a4da6d6afb6ac7be709c5c950c6d9d707
                                                                • Opcode Fuzzy Hash: d0be83d13c4c490d67e97b12c2680c2f0a9d74c2ebea2da57afbe6dc6c7b10e1
                                                                • Instruction Fuzzy Hash: 36A16D766043009FCB14DF29C595A6EB7E9FF88714F048959F98A9B362DB30EE01CB91
                                                                APIs
                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00ACFC08,?), ref: 00A905F0
                                                                • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00ACFC08,?), ref: 00A90608
                                                                • CLSIDFromProgID.OLE32(?,?,00000000,00ACCC40,000000FF,?,00000000,00000800,00000000,?,00ACFC08,?), ref: 00A9062D
                                                                • _memcmp.LIBVCRUNTIME ref: 00A9064E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: FromProg$FreeTask_memcmp
                                                                • String ID:
                                                                • API String ID: 314563124-0
                                                                • Opcode ID: 19163008b7ab3c0e3547a25e8015e046cee6af0123ef336170702edc9ad99b3c
                                                                • Instruction ID: 48a2acfc4735d566e5ea5af706ac8112a2208a8e351b9095bca51f9121d859b0
                                                                • Opcode Fuzzy Hash: 19163008b7ab3c0e3547a25e8015e046cee6af0123ef336170702edc9ad99b3c
                                                                • Instruction Fuzzy Hash: A081D675A00109AFCF04DF98C984EEEB7B9FF89355F208558E516AB250DB71AE06CB60
                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00ABA6AC
                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00ABA6BA
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00ABA79C
                                                                • CloseHandle.KERNEL32(00000000), ref: 00ABA7AB
                                                                  • Part of subcall function 00A4CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00A73303,?), ref: 00A4CE8A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                • String ID:
                                                                • API String ID: 1991900642-0
                                                                • Opcode ID: 0f38ccbd9e1d2558db5fda898721eace64c987d13bcdd3b46ea748a63ee7aed5
                                                                • Instruction ID: 86a256b0c6708af4b1a77678dda7e2a17f3dc02c3d933410dc87dcdc05bc4b82
                                                                • Opcode Fuzzy Hash: 0f38ccbd9e1d2558db5fda898721eace64c987d13bcdd3b46ea748a63ee7aed5
                                                                • Instruction Fuzzy Hash: 39517D75508300AFD710EF64C986E6BBBE8FF89754F00891DF58A97252EB70D904CB92
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _free
                                                                • String ID:
                                                                • API String ID: 269201875-0
                                                                • Opcode ID: c5ea65f4c20a47f9c95eecd352824a508bbd60fea2efffc7affe79efeaa491a3
                                                                • Instruction ID: efc86c980f91208037da9d198ecce37fde6733e6e4b0105a5ccab6517b19eff2
                                                                • Opcode Fuzzy Hash: c5ea65f4c20a47f9c95eecd352824a508bbd60fea2efffc7affe79efeaa491a3
                                                                • Instruction Fuzzy Hash: 4E415DB6A00600ABDB256BFD8D46ABE3AF5FF41770F14C625F81ED7292E63488425361
                                                                APIs
                                                                • GetWindowRect.USER32(?,?), ref: 00AC62E2
                                                                • ScreenToClient.USER32(?,?), ref: 00AC6315
                                                                • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00AC6382
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ClientMoveRectScreen
                                                                • String ID:
                                                                • API String ID: 3880355969-0
                                                                • Opcode ID: 023d86156b7d697f78b573a51246e5342b9f22969e9877d6c46cef8d3e40fa1d
                                                                • Instruction ID: 7c19342b4f75e8e24346ef909788c43039f194a4db1c32a14102caed4f9f0082
                                                                • Opcode Fuzzy Hash: 023d86156b7d697f78b573a51246e5342b9f22969e9877d6c46cef8d3e40fa1d
                                                                • Instruction Fuzzy Hash: 23511874A00649EFCB14DF68D980EAE7BB5FB95360F11856DF8259B2A0D730AD81CB50
                                                                APIs
                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 00AB1AFD
                                                                • WSAGetLastError.WSOCK32 ref: 00AB1B0B
                                                                • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00AB1B8A
                                                                • WSAGetLastError.WSOCK32 ref: 00AB1B94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$socket
                                                                • String ID:
                                                                • API String ID: 1881357543-0
                                                                • Opcode ID: c91809e44c6acb49f91ef3ec4f1f70d29a39e4965ec1d234370c21c6d4fb44cb
                                                                • Instruction ID: ed61c4da37f03dbd109c01ab58a15b7a8879b46a9fb30ca2a616aeb978e613f2
                                                                • Opcode Fuzzy Hash: c91809e44c6acb49f91ef3ec4f1f70d29a39e4965ec1d234370c21c6d4fb44cb
                                                                • Instruction Fuzzy Hash: E741BF78600200AFE720AF24C986F6A77E5AB44718F548448FA1A9F3D3D772ED428B90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bc7c4cc19b2ce528714b3d8ff5f476000234fbb02da0ef15a2637486cc85c1f9
                                                                • Instruction ID: ac9bedb4699f9d8d8ab72fc1161b5ac6f48000497992d1f6569acafb218c755d
                                                                • Opcode Fuzzy Hash: bc7c4cc19b2ce528714b3d8ff5f476000234fbb02da0ef15a2637486cc85c1f9
                                                                • Instruction Fuzzy Hash: 63415B71A10314BFD724AF38CD45BAEBBF9EB84710F10852EF556DB281D771998187A0
                                                                APIs
                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00AA5783
                                                                • GetLastError.KERNEL32(?,00000000), ref: 00AA57A9
                                                                • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00AA57CE
                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00AA57FA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                • String ID:
                                                                • API String ID: 3321077145-0
                                                                • Opcode ID: 163e93431781c45f0e6d8d2dbb2ed9f8d6866ceae7ff01f7af55d64286fcfbab
                                                                • Instruction ID: e9d8b82360df7e45dcfb13ba4ba27e6d44e352db618a041c9dd2b40e01a27d3a
                                                                • Opcode Fuzzy Hash: 163e93431781c45f0e6d8d2dbb2ed9f8d6866ceae7ff01f7af55d64286fcfbab
                                                                • Instruction Fuzzy Hash: 7D412D3A600610DFCB25EF55C544A5DBBE2EF49720F198888F84A6B362CB34FD01CB91
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00A56D71,00000000,00000000,00A582D9,?,00A582D9,?,00000001,00A56D71,8BE85006,00000001,00A582D9,00A582D9), ref: 00A6D910
                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A6D999
                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00A6D9AB
                                                                • __freea.LIBCMT ref: 00A6D9B4
                                                                  • Part of subcall function 00A63820: RtlAllocateHeap.NTDLL(00000000,?,00B01444,?,00A4FDF5,?,?,00A3A976,00000010,00B01440,00A313FC,?,00A313C6,?,00A31129), ref: 00A63852
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                • String ID:
                                                                • API String ID: 2652629310-0
                                                                • Opcode ID: 24948018812c460a8329e98f926b392e629979ba6c3284a85aa4f6ffbdd57f73
                                                                • Instruction ID: 648a7d7652c799e42f718b86e9c8cfc8f4d3377c4f7a3cefdbb3eea6a6bc9ef7
                                                                • Opcode Fuzzy Hash: 24948018812c460a8329e98f926b392e629979ba6c3284a85aa4f6ffbdd57f73
                                                                • Instruction Fuzzy Hash: CB31BC72A0020AABDF25DFA5DC45EAF7BB5EB41750B054268FC08DB250EB35CD55CBA0
                                                                APIs
                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00AC5352
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AC5375
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AC5382
                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00AC53A8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: LongWindow$InvalidateMessageRectSend
                                                                • String ID:
                                                                • API String ID: 3340791633-0
                                                                • Opcode ID: 0047d5bedd01df69123948f9c222f807a6c3af82c0934d25c8aec0827f3ff6d3
                                                                • Instruction ID: 189c26d52350547b9ac335d6fafcedf7b2b192e80a95328da20b3538b139d050
                                                                • Opcode Fuzzy Hash: 0047d5bedd01df69123948f9c222f807a6c3af82c0934d25c8aec0827f3ff6d3
                                                                • Instruction Fuzzy Hash: EA31C134E55A88AFEB249F64CC25FE83761AB05390F5A410AFA109E3E1C7B0B9C09B41
                                                                APIs
                                                                • GetKeyboardState.USER32(?,76C1C0D0,?,00008000), ref: 00A9ABF1
                                                                • SetKeyboardState.USER32(00000080,?,00008000), ref: 00A9AC0D
                                                                • PostMessageW.USER32(00000000,00000101,00000000), ref: 00A9AC74
                                                                • SendInput.USER32(00000001,?,0000001C,76C1C0D0,?,00008000), ref: 00A9ACC6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                • String ID:
                                                                • API String ID: 432972143-0
                                                                • Opcode ID: 85a95e0a1322c36b3b5c3eadf1dc013cfb7e1ac26a45b22ec1c5cd91331a488f
                                                                • Instruction ID: dda51c768cfe39f5f58e1b6fe38aa0715541b27ce631d1c416744449a03c173d
                                                                • Opcode Fuzzy Hash: 85a95e0a1322c36b3b5c3eadf1dc013cfb7e1ac26a45b22ec1c5cd91331a488f
                                                                • Instruction Fuzzy Hash: E2310530B40718AFEF35CBA98C04BFA7BF5ABA9321F04471BE4859A1D1C375898587D2
                                                                APIs
                                                                • ClientToScreen.USER32(?,?), ref: 00AC769A
                                                                • GetWindowRect.USER32(?,?), ref: 00AC7710
                                                                • PtInRect.USER32(?,?,00AC8B89), ref: 00AC7720
                                                                • MessageBeep.USER32(00000000), ref: 00AC778C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                • String ID:
                                                                • API String ID: 1352109105-0
                                                                • Opcode ID: df6ee7e4c32c3101ed719177a73e9f1c0ffddabf4435f298e55d4bb873efc5a8
                                                                • Instruction ID: 2884de50b50e7490a8278ac02a2902bc3f0eabde28f73b883f9f133734d77b50
                                                                • Opcode Fuzzy Hash: df6ee7e4c32c3101ed719177a73e9f1c0ffddabf4435f298e55d4bb873efc5a8
                                                                • Instruction Fuzzy Hash: 32415A38A052189FCB11CFA8C894FADB7F5BB59314F1A41ADE8149B261C730A942CF90
                                                                APIs
                                                                • GetForegroundWindow.USER32 ref: 00AC16EB
                                                                  • Part of subcall function 00A93A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A93A57
                                                                  • Part of subcall function 00A93A3D: GetCurrentThreadId.KERNEL32 ref: 00A93A5E
                                                                  • Part of subcall function 00A93A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A925B3), ref: 00A93A65
                                                                • GetCaretPos.USER32(?), ref: 00AC16FF
                                                                • ClientToScreen.USER32(00000000,?), ref: 00AC174C
                                                                • GetForegroundWindow.USER32 ref: 00AC1752
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                • String ID:
                                                                • API String ID: 2759813231-0
                                                                • Opcode ID: 5b7d10d8833212e272cd0a71fccb868de195fbb0b04bcea345f0167d3d881419
                                                                • Instruction ID: aeaa7265ff7a7d923e272c82b237e232981af65686c122c7fac7fb5b6ab5ec1f
                                                                • Opcode Fuzzy Hash: 5b7d10d8833212e272cd0a71fccb868de195fbb0b04bcea345f0167d3d881419
                                                                • Instruction Fuzzy Hash: 8F314175E00249AFCB04EFA9C981DAEB7F9EF49314B5180A9E415E7212DB31DE45CFA0
                                                                APIs
                                                                  • Part of subcall function 00A37620: _wcslen.LIBCMT ref: 00A37625
                                                                • _wcslen.LIBCMT ref: 00A9DFCB
                                                                • _wcslen.LIBCMT ref: 00A9DFE2
                                                                • _wcslen.LIBCMT ref: 00A9E00D
                                                                • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00A9E018
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$ExtentPoint32Text
                                                                • String ID:
                                                                • API String ID: 3763101759-0
                                                                • Opcode ID: d7d5633164efddd7f921f20f04bb7ce4244ef7b934c6e348b59e90b2cdc83e7a
                                                                • Instruction ID: 2d996c6e2ac565a9144853da885ea6d4e6e8cfee357dde97254dc6e77efb1e40
                                                                • Opcode Fuzzy Hash: d7d5633164efddd7f921f20f04bb7ce4244ef7b934c6e348b59e90b2cdc83e7a
                                                                • Instruction Fuzzy Hash: 37219F75A40214EFCF20DFA8DA82BAEB7F8EF85750F144065E805BB246D6709E41CBA1
                                                                APIs
                                                                  • Part of subcall function 00A49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A49BB2
                                                                • GetCursorPos.USER32(?), ref: 00AC9001
                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00A87711,?,?,?,?,?), ref: 00AC9016
                                                                • GetCursorPos.USER32(?), ref: 00AC905E
                                                                • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00A87711,?,?,?), ref: 00AC9094
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                • String ID:
                                                                • API String ID: 2864067406-0
                                                                • Opcode ID: 9e8aa0ea033ddf6a899a382988fbbf6a5097bd92c4df32adac2d1ee298c6d088
                                                                • Instruction ID: 7a4eb19d0fbca43c091f6850ad51d95d2224dfa7f8ac0eba2ae5531358e0ac9d
                                                                • Opcode Fuzzy Hash: 9e8aa0ea033ddf6a899a382988fbbf6a5097bd92c4df32adac2d1ee298c6d088
                                                                • Instruction Fuzzy Hash: 49217C35600118EFDB258F98C858FEB7BF9EB89360F154069F9058B2A1C7319991DB61
                                                                APIs
                                                                • GetFileAttributesW.KERNEL32(?,00ACCB68), ref: 00A9D2FB
                                                                • GetLastError.KERNEL32 ref: 00A9D30A
                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00A9D319
                                                                • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00ACCB68), ref: 00A9D376
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                • String ID:
                                                                • API String ID: 2267087916-0
                                                                • Opcode ID: b936265a115fe6e0424ca521248e05e202c166449462ecc9446a8cf555d2e88e
                                                                • Instruction ID: 7ca124fba2a9ef0d8f9b68175b3ff56620e3f45d2f1cde30e555917257ec4626
                                                                • Opcode Fuzzy Hash: b936265a115fe6e0424ca521248e05e202c166449462ecc9446a8cf555d2e88e
                                                                • Instruction Fuzzy Hash: 0A2191746082019FCB00EF68C9818ABB7E4AE55365F104A1DF499DB2A1E730D986CB93
                                                                APIs
                                                                  • Part of subcall function 00A91014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00A9102A
                                                                  • Part of subcall function 00A91014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00A91036
                                                                  • Part of subcall function 00A91014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A91045
                                                                  • Part of subcall function 00A91014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00A9104C
                                                                  • Part of subcall function 00A91014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A91062
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00A915BE
                                                                • _memcmp.LIBVCRUNTIME ref: 00A915E1
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A91617
                                                                • HeapFree.KERNEL32(00000000), ref: 00A9161E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                • String ID:
                                                                • API String ID: 1592001646-0
                                                                • Opcode ID: b29982b145326a733972aff849cf7c15fe6f4ef3265208646b2eb38f67c08259
                                                                • Instruction ID: 19882782de7d8e52c4c36a6a36f6383ddbec3bcc1b2866ce9c8ee8c157d48768
                                                                • Opcode Fuzzy Hash: b29982b145326a733972aff849cf7c15fe6f4ef3265208646b2eb38f67c08259
                                                                • Instruction Fuzzy Hash: 95219A72E4010AEFDF00DFA5C985BEEB7F8EF44354F0A4859E545AB241E730AA05CBA0
                                                                APIs
                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00AC280A
                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00AC2824
                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00AC2832
                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00AC2840
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long$AttributesLayered
                                                                • String ID:
                                                                • API String ID: 2169480361-0
                                                                • Opcode ID: 19f1b06f2dc749ff3e211e4b9732683703182e6079afad015a3416bb47519249
                                                                • Instruction ID: b023d5a238ed6954f338d865566cffb91961404693c51d84e327a7eb4ec483c0
                                                                • Opcode Fuzzy Hash: 19f1b06f2dc749ff3e211e4b9732683703182e6079afad015a3416bb47519249
                                                                • Instruction Fuzzy Hash: D921B035204615AFD714DB24CC95FAA7BA5AF85324F16815CF42ACB6E2CB71FC82CB90
                                                                APIs
                                                                  • Part of subcall function 00A98D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00A9790A,?,000000FF,?,00A98754,00000000,?,0000001C,?,?), ref: 00A98D8C
                                                                  • Part of subcall function 00A98D7D: lstrcpyW.KERNEL32(00000000,?), ref: 00A98DB2
                                                                  • Part of subcall function 00A98D7D: lstrcmpiW.KERNEL32(00000000,?,00A9790A,?,000000FF,?,00A98754,00000000,?,0000001C,?,?), ref: 00A98DE3
                                                                • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00A98754,00000000,?,0000001C,?,?,00000000), ref: 00A97923
                                                                • lstrcpyW.KERNEL32(00000000,?), ref: 00A97949
                                                                • lstrcmpiW.KERNEL32(00000002,cdecl,?,00A98754,00000000,?,0000001C,?,?,00000000), ref: 00A97984
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                • String ID: cdecl
                                                                • API String ID: 4031866154-3896280584
                                                                • Opcode ID: afb509ee69e60ac22e348be105579e23ff5e2099605ddaa2a94b94f87dafa940
                                                                • Instruction ID: 36a0f9abba9636a55a673de86eb6467075ad5eae554286883e070083dd92a99f
                                                                • Opcode Fuzzy Hash: afb509ee69e60ac22e348be105579e23ff5e2099605ddaa2a94b94f87dafa940
                                                                • Instruction Fuzzy Hash: C311033A300202AFCF159F35D845E7A77E9FF85350B10402AF906CB2A4EB319801C7A1
                                                                APIs
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AC7D0B
                                                                • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00AC7D2A
                                                                • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00AC7D42
                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00AAB7AD,00000000), ref: 00AC7D6B
                                                                  • Part of subcall function 00A49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A49BB2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long
                                                                • String ID:
                                                                • API String ID: 847901565-0
                                                                • Opcode ID: dffe46e48f53e5708057b0a18f4d519dcc8cf7e906c36360ac8e3e8c8e5fec96
                                                                • Instruction ID: 506422f681c162471720d9089acc66a9d9e5a8e67e67a131e6f401b87a1945d5
                                                                • Opcode Fuzzy Hash: dffe46e48f53e5708057b0a18f4d519dcc8cf7e906c36360ac8e3e8c8e5fec96
                                                                • Instruction Fuzzy Hash: C6115C32605615AFCB159F68DC04EAA3BA5AF45360F168728F83AD72F0DB309952DF50
                                                                APIs
                                                                • SendMessageW.USER32(?,00001060,?,00000004), ref: 00AC56BB
                                                                • _wcslen.LIBCMT ref: 00AC56CD
                                                                • _wcslen.LIBCMT ref: 00AC56D8
                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AC5816
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend_wcslen
                                                                • String ID:
                                                                • API String ID: 455545452-0
                                                                • Opcode ID: 70efa0914ef39a5e3c1a8a59363181fac0052d9d5dbcfa39779570fd0cbb9629
                                                                • Instruction ID: b83a3601b5af8f6eb399e1ad72290f3e5f5313fdaacda8d153cc224b68ac3ce3
                                                                • Opcode Fuzzy Hash: 70efa0914ef39a5e3c1a8a59363181fac0052d9d5dbcfa39779570fd0cbb9629
                                                                • Instruction Fuzzy Hash: E011BE71E00608A6DB20DFB5CD85FEE77BCAF11764B11846EF915D6081EB74AAC4CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ac7a3c20c9d22cfa552dd504ae25f0d32bd9913eef9ecd20e7d591e23d833eba
                                                                • Instruction ID: 0b42293e64fdbcf74682c05b03c22410d88658d3cf0c1927a212122eacfd0cc4
                                                                • Opcode Fuzzy Hash: ac7a3c20c9d22cfa552dd504ae25f0d32bd9913eef9ecd20e7d591e23d833eba
                                                                • Instruction Fuzzy Hash: B80181B2609A16BEF72227B96CC1F676A7DDF817B8F390325F521A12D2DB618C005270
                                                                APIs
                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00A91A47
                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A91A59
                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A91A6F
                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A91A8A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID:
                                                                • API String ID: 3850602802-0
                                                                • Opcode ID: 2979b3b3f6b5aefea860aa1da66471887f77d6c4017c3824414b06f2c898d2d5
                                                                • Instruction ID: dd03922f001b14ad29723a9c6d25ad8ffe2b52064a92be301e6d9feff4085aa7
                                                                • Opcode Fuzzy Hash: 2979b3b3f6b5aefea860aa1da66471887f77d6c4017c3824414b06f2c898d2d5
                                                                • Instruction Fuzzy Hash: 2011093AE01219FFEF11DBA5CD85FADBBB8EB08750F200091EA04B7290D6716E51DB94
                                                                APIs
                                                                • GetCurrentThreadId.KERNEL32 ref: 00A9E1FD
                                                                • MessageBoxW.USER32(?,?,?,?), ref: 00A9E230
                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00A9E246
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00A9E24D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                • String ID:
                                                                • API String ID: 2880819207-0
                                                                • Opcode ID: 1aa08867f2b546ba5bb08bff662bc7263998ddfaedfbd5f336bba4bba8353368
                                                                • Instruction ID: 2cda3766917dc97daefe07501992fc8145267c21ba08e4814e847e8cc8aa767c
                                                                • Opcode Fuzzy Hash: 1aa08867f2b546ba5bb08bff662bc7263998ddfaedfbd5f336bba4bba8353368
                                                                • Instruction Fuzzy Hash: 1B11C876A04254BBCF05DFEC9C05EDE7FECEB55720F154655F914D3292DA70890487A0
                                                                APIs
                                                                • CreateThread.KERNEL32(00000000,?,00A5CFF9,00000000,00000004,00000000), ref: 00A5D218
                                                                • GetLastError.KERNEL32 ref: 00A5D224
                                                                • __dosmaperr.LIBCMT ref: 00A5D22B
                                                                • ResumeThread.KERNEL32(00000000), ref: 00A5D249
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                • String ID:
                                                                • API String ID: 173952441-0
                                                                • Opcode ID: bd91ea61abec9d476183732cc1000fd02a4b836480b25f5f4b84d891b2c95d57
                                                                • Instruction ID: 9423d5fbb3276f96b17a4b4d1c69f4639dc169c6d1e6af9976eca39c0f105f35
                                                                • Opcode Fuzzy Hash: bd91ea61abec9d476183732cc1000fd02a4b836480b25f5f4b84d891b2c95d57
                                                                • Instruction Fuzzy Hash: 8B01D276805204BBDB219BA6EC09BEE7E69FF81732F100319FD25961D0DB70890AC7A0
                                                                APIs
                                                                  • Part of subcall function 00A49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A49BB2
                                                                • GetClientRect.USER32(?,?), ref: 00AC9F31
                                                                • GetCursorPos.USER32(?), ref: 00AC9F3B
                                                                • ScreenToClient.USER32(?,?), ref: 00AC9F46
                                                                • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00AC9F7A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Client$CursorLongProcRectScreenWindow
                                                                • String ID:
                                                                • API String ID: 4127811313-0
                                                                • Opcode ID: 7156afdefa2149fc31f0faa3c9e9b6b81bfe1e1bca1451c8cdc69353213585f8
                                                                • Instruction ID: 4aacf627f55c3a536aed7289a714c65456783abb9441e4adcf1b45a0ed190440
                                                                • Opcode Fuzzy Hash: 7156afdefa2149fc31f0faa3c9e9b6b81bfe1e1bca1451c8cdc69353213585f8
                                                                • Instruction Fuzzy Hash: 0311153690021AEBDB14DFA8D989EEF77B9FB45311F024459F912E3150D730BA92CBA1
                                                                APIs
                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A3604C
                                                                • GetStockObject.GDI32(00000011), ref: 00A36060
                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00A3606A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                • String ID:
                                                                • API String ID: 3970641297-0
                                                                • Opcode ID: 4e284112e6ab06a2a132b347e11db89ba1314bbe84d9c91707984ab60ebcfe07
                                                                • Instruction ID: 590b27122b67b8011bdd62e98746508eeaea328e941048a566ee60125c0f7003
                                                                • Opcode Fuzzy Hash: 4e284112e6ab06a2a132b347e11db89ba1314bbe84d9c91707984ab60ebcfe07
                                                                • Instruction Fuzzy Hash: F311C072501508BFEF168FA4DC45EEABB6DFF0A3A5F058201FA0852010D732DC60DBA0
                                                                APIs
                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 00A53B56
                                                                  • Part of subcall function 00A53AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00A53AD2
                                                                  • Part of subcall function 00A53AA3: ___AdjustPointer.LIBCMT ref: 00A53AED
                                                                • _UnwindNestedFrames.LIBCMT ref: 00A53B6B
                                                                • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00A53B7C
                                                                • CallCatchBlock.LIBVCRUNTIME ref: 00A53BA4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                • String ID:
                                                                • API String ID: 737400349-0
                                                                • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                • Instruction ID: 1efa26df27e5cb23fcd0b78d95de90d3c97c573741904870ea4149360173b265
                                                                • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                • Instruction Fuzzy Hash: 0D012933100148BBDF126F95CD42EEB3B69FF98799F054014FE4896121C732E965DBA0
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00A313C6,00000000,00000000,?,00A6301A,00A313C6,00000000,00000000,00000000,?,00A6328B,00000006,FlsSetValue), ref: 00A630A5
                                                                • GetLastError.KERNEL32(?,00A6301A,00A313C6,00000000,00000000,00000000,?,00A6328B,00000006,FlsSetValue,00AD2290,FlsSetValue,00000000,00000364,?,00A62E46), ref: 00A630B1
                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00A6301A,00A313C6,00000000,00000000,00000000,?,00A6328B,00000006,FlsSetValue,00AD2290,FlsSetValue,00000000), ref: 00A630BF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: LibraryLoad$ErrorLast
                                                                • String ID:
                                                                • API String ID: 3177248105-0
                                                                • Opcode ID: 0d9da95f6bae83af0480b05ce5973cf2101063c8042398a5043c009cec6bdbc7
                                                                • Instruction ID: d3a9cbefc0f21a6844b8963a8bf4dcc640137421cd0385135cc9b530d021923d
                                                                • Opcode Fuzzy Hash: 0d9da95f6bae83af0480b05ce5973cf2101063c8042398a5043c009cec6bdbc7
                                                                • Instruction Fuzzy Hash: E1018833751222ABCF318BB9AC44D5777B8DF45771B160620F91AD7140D721D907C6D0
                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00A9747F
                                                                • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00A97497
                                                                • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00A974AC
                                                                • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00A974CA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Type$Register$FileLoadModuleNameUser
                                                                • String ID:
                                                                • API String ID: 1352324309-0
                                                                • Opcode ID: b763fc7491b84c5bdba3bb3562c5379e5fb9f999900da41eb3e0c7c646a2d7dd
                                                                • Instruction ID: 3945594566d1767613d50eff0c8d3303646b6b0ed1302ac726f90d81fcbb4adc
                                                                • Opcode Fuzzy Hash: b763fc7491b84c5bdba3bb3562c5379e5fb9f999900da41eb3e0c7c646a2d7dd
                                                                • Instruction Fuzzy Hash: B711ADB5315310ABEB20CF58DD08F9A7BFCEF80B10F108569E61AD6192D7B0E904DBA0
                                                                APIs
                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00A9ACD3,?,00008000), ref: 00A9B0C4
                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A9ACD3,?,00008000), ref: 00A9B0E9
                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00A9ACD3,?,00008000), ref: 00A9B0F3
                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A9ACD3,?,00008000), ref: 00A9B126
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CounterPerformanceQuerySleep
                                                                • String ID:
                                                                • API String ID: 2875609808-0
                                                                • Opcode ID: 3c0a85b39da74ae76fce832f4fdad618ff831db45cfe4af1dfd26e34a8d0ad4b
                                                                • Instruction ID: 5c522c195133da1fdc5a121d6456949b910adabfcfc6a86021850426142c6baf
                                                                • Opcode Fuzzy Hash: 3c0a85b39da74ae76fce832f4fdad618ff831db45cfe4af1dfd26e34a8d0ad4b
                                                                • Instruction Fuzzy Hash: D1115E31E1152CD7CF00DFE5EA68AEEBBB8FF49711F114295D945B2141CB3055518B61
                                                                APIs
                                                                • GetWindowRect.USER32(?,?), ref: 00AC7E33
                                                                • ScreenToClient.USER32(?,?), ref: 00AC7E4B
                                                                • ScreenToClient.USER32(?,?), ref: 00AC7E6F
                                                                • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00AC7E8A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                • String ID:
                                                                • API String ID: 357397906-0
                                                                • Opcode ID: b9b62f4a091d9f641532e784eb322f26fe75381c6fb3635b6789e33bdba2c495
                                                                • Instruction ID: 7b99911ebef857ea0e205499de0637ed11d3cd3a02b3afd8c52ffc5c24939a6c
                                                                • Opcode Fuzzy Hash: b9b62f4a091d9f641532e784eb322f26fe75381c6fb3635b6789e33bdba2c495
                                                                • Instruction Fuzzy Hash: 481114B9D0024AAFDB41DF98C984AEEBBF5FF08310F515056E915E3210D735AA55CF50
                                                                APIs
                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A92DC5
                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00A92DD6
                                                                • GetCurrentThreadId.KERNEL32 ref: 00A92DDD
                                                                • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00A92DE4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                • String ID:
                                                                • API String ID: 2710830443-0
                                                                • Opcode ID: 41fdb66be469080832d383d23222db1eb7a1894024c614f50cbf76853ee08548
                                                                • Instruction ID: b71a69147f610accfb3e3b043bab5d68b9d9e2e4661d67f0c5bdeff4df3ea9e4
                                                                • Opcode Fuzzy Hash: 41fdb66be469080832d383d23222db1eb7a1894024c614f50cbf76853ee08548
                                                                • Instruction Fuzzy Hash: CDE06D71601224BAEB205BA29C0DFEB7EACEF42BB1F021115F10AD1080DAA08942C7B0
                                                                APIs
                                                                  • Part of subcall function 00A49639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A49693
                                                                  • Part of subcall function 00A49639: SelectObject.GDI32(?,00000000), ref: 00A496A2
                                                                  • Part of subcall function 00A49639: BeginPath.GDI32(?), ref: 00A496B9
                                                                  • Part of subcall function 00A49639: SelectObject.GDI32(?,00000000), ref: 00A496E2
                                                                • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00AC8887
                                                                • LineTo.GDI32(?,?,?), ref: 00AC8894
                                                                • EndPath.GDI32(?), ref: 00AC88A4
                                                                • StrokePath.GDI32(?), ref: 00AC88B2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                • String ID:
                                                                • API String ID: 1539411459-0
                                                                • Opcode ID: aea46abd0b2e949968560d6a038915dea33370d3df11be02f7866e3a65c5ebd6
                                                                • Instruction ID: ea46cc11008b13cffb2a435f4890bb3022dd9aa2ae5ba985195cb9d9f98a6065
                                                                • Opcode Fuzzy Hash: aea46abd0b2e949968560d6a038915dea33370d3df11be02f7866e3a65c5ebd6
                                                                • Instruction Fuzzy Hash: C8F05E36041258FADB129F94AC09FDE3F59AF16320F058104FA55650E1CB795522CFE5
                                                                APIs
                                                                • GetSysColor.USER32(00000008), ref: 00A498CC
                                                                • SetTextColor.GDI32(?,?), ref: 00A498D6
                                                                • SetBkMode.GDI32(?,00000001), ref: 00A498E9
                                                                • GetStockObject.GDI32(00000005), ref: 00A498F1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$ModeObjectStockText
                                                                • String ID:
                                                                • API String ID: 4037423528-0
                                                                • Opcode ID: e912993c2a70ad0b64bcab19aad60772001bada8bc50196fa5a9bf9f6aedc3e5
                                                                • Instruction ID: 5bb73fbc72eb9c8f67f10f64794b2f3cab031ea856068e1767982db35e635ca8
                                                                • Opcode Fuzzy Hash: e912993c2a70ad0b64bcab19aad60772001bada8bc50196fa5a9bf9f6aedc3e5
                                                                • Instruction Fuzzy Hash: 6CE06531644244AEDB219BB5BC09FDD3F10AB51335F188319F6FE540E1C37186519B10
                                                                APIs
                                                                • GetCurrentThread.KERNEL32 ref: 00A91634
                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,00A911D9), ref: 00A9163B
                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00A911D9), ref: 00A91648
                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,00A911D9), ref: 00A9164F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentOpenProcessThreadToken
                                                                • String ID:
                                                                • API String ID: 3974789173-0
                                                                • Opcode ID: 448aeff7222941ab9d400bec6a10e9226914000fdfa23b65e5de019bff503b2b
                                                                • Instruction ID: 235c8d0c4f2d1c7090246e0daeaf25d7e59db48f8b8745e2fbab83554e3b15ac
                                                                • Opcode Fuzzy Hash: 448aeff7222941ab9d400bec6a10e9226914000fdfa23b65e5de019bff503b2b
                                                                • Instruction Fuzzy Hash: 9EE08675A01211DBDB205FE4AD0DF863BBCBF447A5F194808F349C9080D6348542C750
                                                                APIs
                                                                • GetDesktopWindow.USER32 ref: 00A8D858
                                                                • GetDC.USER32(00000000), ref: 00A8D862
                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A8D882
                                                                • ReleaseDC.USER32(?), ref: 00A8D8A3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                • String ID:
                                                                • API String ID: 2889604237-0
                                                                • Opcode ID: 5365587873ca3907a41c399bc405936d82decebf9a934b093974d99da9cc2d4e
                                                                • Instruction ID: ded43c589fd76c08d91d763bfe98f5b7566e2786d55deea5633d4ab79af7aa4f
                                                                • Opcode Fuzzy Hash: 5365587873ca3907a41c399bc405936d82decebf9a934b093974d99da9cc2d4e
                                                                • Instruction Fuzzy Hash: 20E09AB5800205DFCF41EFE4DA0CA6DBBB5FB48321F159459F84AE7250C7399942AF50
                                                                APIs
                                                                • GetDesktopWindow.USER32 ref: 00A8D86C
                                                                • GetDC.USER32(00000000), ref: 00A8D876
                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A8D882
                                                                • ReleaseDC.USER32(?), ref: 00A8D8A3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                • String ID:
                                                                • API String ID: 2889604237-0
                                                                • Opcode ID: f1ed438b417d8abe24df12056e6399eeb19f95afab3673d56d3620ec0949722c
                                                                • Instruction ID: f06fda44aebb7ee859a62cd24acf64b8d158aaeb6a78220b07483ccb322f7c0e
                                                                • Opcode Fuzzy Hash: f1ed438b417d8abe24df12056e6399eeb19f95afab3673d56d3620ec0949722c
                                                                • Instruction Fuzzy Hash: 16E092B5800204EFCF51EFE4DA0CA6DBBB5BB48321F159449F94AE7250CB399902AF50
                                                                APIs
                                                                  • Part of subcall function 00A37620: _wcslen.LIBCMT ref: 00A37625
                                                                • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00AA4ED4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Connection_wcslen
                                                                • String ID: *$LPT
                                                                • API String ID: 1725874428-3443410124
                                                                • Opcode ID: 1436c0421cb3c7192264a8bde67981e1bad7e4641b4a1c2ec2e5afa89506ef08
                                                                • Instruction ID: 6eefc98ca6e7a1de66e06b04519f8119c7af51f65f4432f3cd37773a3503aa28
                                                                • Opcode Fuzzy Hash: 1436c0421cb3c7192264a8bde67981e1bad7e4641b4a1c2ec2e5afa89506ef08
                                                                • Instruction Fuzzy Hash: A6914D75A002049FCB14DF58C585EAEBBF1AF89704F198099F80A9F3A2C775ED85CB91
                                                                APIs
                                                                • __startOneArgErrorHandling.LIBCMT ref: 00A5E30D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorHandling__start
                                                                • String ID: pow
                                                                • API String ID: 3213639722-2276729525
                                                                • Opcode ID: cc41a7b92507eb21d8e963c83ed6bd084045ebe1c33e181aaaa5f6746121e9b1
                                                                • Instruction ID: e850980c812cd3f3bc4ffe920931cfd1a57af80a5f0ed06b1a3ef5d60639bae9
                                                                • Opcode Fuzzy Hash: cc41a7b92507eb21d8e963c83ed6bd084045ebe1c33e181aaaa5f6746121e9b1
                                                                • Instruction Fuzzy Hash: 5F517B71A2C20196CB19F714CA013BD3BB4BB10756F304D99E8D6862E9EB358DDADB42
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #
                                                                • API String ID: 0-1885708031
                                                                • Opcode ID: dda0aa73edc06364e22ff1ae89c7df0dbcae95ca46c48adf9d15212ce730e5b2
                                                                • Instruction ID: 8a947db682ed707f69a9f96976523ddc034fc1f0436a67e3d2a404f281de8044
                                                                • Opcode Fuzzy Hash: dda0aa73edc06364e22ff1ae89c7df0dbcae95ca46c48adf9d15212ce730e5b2
                                                                • Instruction Fuzzy Hash: B4512139A04246DFDF15EF68C481AFA7BA8FFA5310F248159F8919B2D0D6749D42CBA0
                                                                APIs
                                                                • Sleep.KERNEL32(00000000), ref: 00A4F2A2
                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 00A4F2BB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: GlobalMemorySleepStatus
                                                                • String ID: @
                                                                • API String ID: 2783356886-2766056989
                                                                • Opcode ID: b20fb6871539af15b1c150fce7f06b3e3b35515c46505b803f99ec725f35d261
                                                                • Instruction ID: cfa75d623d8672bc2aa62cf2c8504b5ebc60aa25e555f2080a81edeaec18d879
                                                                • Opcode Fuzzy Hash: b20fb6871539af15b1c150fce7f06b3e3b35515c46505b803f99ec725f35d261
                                                                • Instruction Fuzzy Hash: C65154724087889BD320EF50DD86BAFBBF8FB85310F81884CF1D9411A5EB308529CB66
                                                                APIs
                                                                • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00AB57E0
                                                                • _wcslen.LIBCMT ref: 00AB57EC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: BuffCharUpper_wcslen
                                                                • String ID: CALLARGARRAY
                                                                • API String ID: 157775604-1150593374
                                                                • Opcode ID: 391bc676d611a37fcc1bdf80ebfdb0582d2973533168ba30870fb054e02440cd
                                                                • Instruction ID: d353e8ba5004269e2f1f2849e950a54a2752d81ecb8b4102611ea89684d78bb0
                                                                • Opcode Fuzzy Hash: 391bc676d611a37fcc1bdf80ebfdb0582d2973533168ba30870fb054e02440cd
                                                                • Instruction Fuzzy Hash: 05418D71E002099FCB14DFB9C981AEEBBF9FF99324F144069E505A7252E7709D81DB90
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 00AAD130
                                                                • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00AAD13A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CrackInternet_wcslen
                                                                • String ID: |
                                                                • API String ID: 596671847-2343686810
                                                                • Opcode ID: d4444d8b4705ce1d34b48aa36d32ed8de2627268f8f0f776202ea06f37a14653
                                                                • Instruction ID: ad7169d34807980e871f7ce4b3880648028ae4a94b074850a2372a80eddb2fee
                                                                • Opcode Fuzzy Hash: d4444d8b4705ce1d34b48aa36d32ed8de2627268f8f0f776202ea06f37a14653
                                                                • Instruction Fuzzy Hash: 92314F71D00219ABCF15EFA4CD85EEEBFB9FF09300F104119F815A6161E735AA46CB50
                                                                APIs
                                                                • DestroyWindow.USER32(?,?,?,?), ref: 00AC3621
                                                                • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00AC365C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$DestroyMove
                                                                • String ID: static
                                                                • API String ID: 2139405536-2160076837
                                                                • Opcode ID: 1953c984e361bdd9a1db002a0bfdf95c976cc6e21bc901e2b11c503661fb43ec
                                                                • Instruction ID: a01b167f48325f8c8b39a11c63f0b07f29643b4b1dbea2796c2f4c2975107c10
                                                                • Opcode Fuzzy Hash: 1953c984e361bdd9a1db002a0bfdf95c976cc6e21bc901e2b11c503661fb43ec
                                                                • Instruction Fuzzy Hash: F8317A72110204AEDB14DF68DC81FBB73A9FF88720F02D61DF9A597280DA31AD819B60
                                                                APIs
                                                                • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00AC461F
                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00AC4634
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID: '
                                                                • API String ID: 3850602802-1997036262
                                                                • Opcode ID: c13bc2d2d403f14dbba09f6d20f8f147a60e4337c3b4702cdb714b48939eacd4
                                                                • Instruction ID: 94970cdbac92f2cc88739d5b76c4524f519d780f594b526413d11984fd2978ba
                                                                • Opcode Fuzzy Hash: c13bc2d2d403f14dbba09f6d20f8f147a60e4337c3b4702cdb714b48939eacd4
                                                                • Instruction Fuzzy Hash: DF311874A013099FDB14CFA9C9A0FEABBB5FF49300F15406AE905AB355E770A941CF94
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00AC327C
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00AC3287
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID: Combobox
                                                                • API String ID: 3850602802-2096851135
                                                                • Opcode ID: c72a6316c51cdd1b731dbb8f331c570cddd5254d7d33337c9b310d0b55645c63
                                                                • Instruction ID: 5cfa2820b882521447f3ba572f1c2ff1174aa2bd35f9234276711bf94d0544aa
                                                                • Opcode Fuzzy Hash: c72a6316c51cdd1b731dbb8f331c570cddd5254d7d33337c9b310d0b55645c63
                                                                • Instruction Fuzzy Hash: 2C11E2723002087FEF259F94DC80FFB37AAEBA4364F128128F91897290D6759D518760
                                                                APIs
                                                                  • Part of subcall function 00A3600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A3604C
                                                                  • Part of subcall function 00A3600E: GetStockObject.GDI32(00000011), ref: 00A36060
                                                                  • Part of subcall function 00A3600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A3606A
                                                                • GetWindowRect.USER32(00000000,?), ref: 00AC377A
                                                                • GetSysColor.USER32(00000012), ref: 00AC3794
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                • String ID: static
                                                                • API String ID: 1983116058-2160076837
                                                                • Opcode ID: 1a87ead5400cff7feeef91842a4319dd2be98d586a12ed15bf4206e41234b2e3
                                                                • Instruction ID: 38eddf9200670c2404f333fe86ec5b7ebf3e1695834748882372c7fa3231c797
                                                                • Opcode Fuzzy Hash: 1a87ead5400cff7feeef91842a4319dd2be98d586a12ed15bf4206e41234b2e3
                                                                • Instruction Fuzzy Hash: 041129B2610209AFDF01DFA8CC46EEA7BB8FB09314F018918F956E3250D735E9519B50
                                                                APIs
                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00AACD7D
                                                                • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00AACDA6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Internet$OpenOption
                                                                • String ID: <local>
                                                                • API String ID: 942729171-4266983199
                                                                • Opcode ID: 50535685a2ea98c1a3b2c9adbbec32ee124f4e977fa2e72de91d079a1e7a5989
                                                                • Instruction ID: 944ffb88cfaa98869878089f61ca8e153c9e8aa0490a8bbd8ede08fe6e74c073
                                                                • Opcode Fuzzy Hash: 50535685a2ea98c1a3b2c9adbbec32ee124f4e977fa2e72de91d079a1e7a5989
                                                                • Instruction Fuzzy Hash: 2411CE71205636BAE7384BA68C89EF7BEACEF137B4F00422AB119831C0D7749941D6F0
                                                                APIs
                                                                • GetWindowTextLengthW.USER32(00000000), ref: 00AC34AB
                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00AC34BA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: LengthMessageSendTextWindow
                                                                • String ID: edit
                                                                • API String ID: 2978978980-2167791130
                                                                • Opcode ID: 18accf41b6ddb9bfc298b05a896c86987299c15fc2132e9a0336575ba2cf1b4f
                                                                • Instruction ID: 8ae3f158660d280bfb88dddced5a2ada6efa61bbf60c1ec0c9d87561997d97a9
                                                                • Opcode Fuzzy Hash: 18accf41b6ddb9bfc298b05a896c86987299c15fc2132e9a0336575ba2cf1b4f
                                                                • Instruction Fuzzy Hash: B9119D72100208AAEF158F64DD40FAA376AEB05375F528728F965971D0C735DC519B50
                                                                APIs
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                • CharUpperBuffW.USER32(?,?,?), ref: 00A96CB6
                                                                • _wcslen.LIBCMT ref: 00A96CC2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharUpper
                                                                • String ID: STOP
                                                                • API String ID: 1256254125-2411985666
                                                                • Opcode ID: bb07c66bde0ce115a2f91b957867173026becb5488f4098753750baf2a51abd0
                                                                • Instruction ID: f2f652c59c728cfe67f0c33358935ca59d6f88e169375776889112e6c85f0833
                                                                • Opcode Fuzzy Hash: bb07c66bde0ce115a2f91b957867173026becb5488f4098753750baf2a51abd0
                                                                • Instruction Fuzzy Hash: CD01C032B149268BCF21AFFDDD819BF77F5EE65714B110528F86296190EB31E940C650
                                                                APIs
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                  • Part of subcall function 00A93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A93CCA
                                                                • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00A91D4C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: aa4bfc83a85084fe3cf1294a377f7fe0dde05ee684bf44da379aaec38537dcec
                                                                • Instruction ID: 04675c2c41e4fedcdfb49e3b8da8f2bbc15182333f34e9e84b1034fabbbdad09
                                                                • Opcode Fuzzy Hash: aa4bfc83a85084fe3cf1294a377f7fe0dde05ee684bf44da379aaec38537dcec
                                                                • Instruction Fuzzy Hash: 4501B171B01219AB8F08EBA4CE55CFF77E8FB46390B440A19F822672C1EA7059088660
                                                                APIs
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                  • Part of subcall function 00A93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A93CCA
                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 00A91C46
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: 83a75e406fba00c17980a09c0c98253be4b5df1d4fe508bff3b5d7c1385e7915
                                                                • Instruction ID: 38d1ea639c0fd9bdc2f86031ca595db864990e1977822541edb9c8b35712de5c
                                                                • Opcode Fuzzy Hash: 83a75e406fba00c17980a09c0c98253be4b5df1d4fe508bff3b5d7c1385e7915
                                                                • Instruction Fuzzy Hash: 8A01A275B851097BCF05EBA0CB52EFF77E89F51340F140019F91667281EA649E0CC6B2
                                                                APIs
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                  • Part of subcall function 00A93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A93CCA
                                                                • SendMessageW.USER32(?,00000182,?,00000000), ref: 00A91CC8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: ab0cc8bdb99ea97a5142096e9700357496b0e9b7331f67afe78118c3dd9ffe72
                                                                • Instruction ID: a077f64d240e2df6611aed6a9be57aff35aa2e3b6c561f48f876c7a4c9bc3206
                                                                • Opcode Fuzzy Hash: ab0cc8bdb99ea97a5142096e9700357496b0e9b7331f67afe78118c3dd9ffe72
                                                                • Instruction Fuzzy Hash: 3701D1B6B801197BCF04EBA0CB02EFF77E8AB11340F540415B902B3281EAA09F18C672
                                                                APIs
                                                                  • Part of subcall function 00A39CB3: _wcslen.LIBCMT ref: 00A39CBD
                                                                  • Part of subcall function 00A93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A93CCA
                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00A91DD3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: 58686db1092e181e137b0e70241161b53c17c341b4a461c997d8a4dd3acfc214
                                                                • Instruction ID: f9cdfb109abca9455a9a06288a0851fdb9f444577bcc1e35bf8a7ce0b6b71a99
                                                                • Opcode Fuzzy Hash: 58686db1092e181e137b0e70241161b53c17c341b4a461c997d8a4dd3acfc214
                                                                • Instruction Fuzzy Hash: F8F0AF75B412196BDF04E7A4CE52EFF77F8AB02350F040D19F922A72C1EAA05A0882A1
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: 3, 3, 16, 1
                                                                • API String ID: 176396367-3042988571
                                                                • Opcode ID: 71eef213f44a4f09e458597c32ee6bcd421236c3a253ef25cb5fbac3a8df3e24
                                                                • Instruction ID: 24f13944c8e6042327745d789026fa6946c02e9887b6877ec66f51648f443c10
                                                                • Opcode Fuzzy Hash: 71eef213f44a4f09e458597c32ee6bcd421236c3a253ef25cb5fbac3a8df3e24
                                                                • Instruction Fuzzy Hash: 29E02B0260422060923113799DC29BF568DEFC9752710182BFD81C2267EAE48DD193A0
                                                                APIs
                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00A90B23
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Message
                                                                • String ID: AutoIt$Error allocating memory.
                                                                • API String ID: 2030045667-4017498283
                                                                • Opcode ID: c080ec047c5bee902e7d204febfec8dd740e2d0532258e5a5508e81eca3ce779
                                                                • Instruction ID: 943772ab3728bbe2c81310d00f90fa95b0762f6557c32d91e57f14614959a601
                                                                • Opcode Fuzzy Hash: c080ec047c5bee902e7d204febfec8dd740e2d0532258e5a5508e81eca3ce779
                                                                • Instruction Fuzzy Hash: F6E0DF322883083AD21437947E03FCA7A849F09B65F10082AFB8C958C38AE224A006A9
                                                                APIs
                                                                  • Part of subcall function 00A4F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00A50D71,?,?,?,00A3100A), ref: 00A4F7CE
                                                                • IsDebuggerPresent.KERNEL32(?,?,?,00A3100A), ref: 00A50D75
                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00A3100A), ref: 00A50D84
                                                                Strings
                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00A50D7F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                • API String ID: 55579361-631824599
                                                                • Opcode ID: 3d68b12863cf6f1601348f06c3e665b68224a07c973ec2d5fb389911b4105841
                                                                • Instruction ID: ec3448f250c2a382e3791b3ca0e2fa9b32757f75759cd7a1c9623ce39a321e7a
                                                                • Opcode Fuzzy Hash: 3d68b12863cf6f1601348f06c3e665b68224a07c973ec2d5fb389911b4105841
                                                                • Instruction Fuzzy Hash: A6E039B52003418FD320AFACD504B82BBE1BB00741F054D2DE886C6651EBB4E4498B91
                                                                APIs
                                                                • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00AA302F
                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00AA3044
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: Temp$FileNamePath
                                                                • String ID: aut
                                                                • API String ID: 3285503233-3010740371
                                                                • Opcode ID: 856d1227d67281fee2439af246e85cf096b2c95cda498d56eef8d6a4ec13873b
                                                                • Instruction ID: e7127f066763912d0022328e1a5c35b023767a87a8625b8237d13dabb0cc1bcb
                                                                • Opcode Fuzzy Hash: 856d1227d67281fee2439af246e85cf096b2c95cda498d56eef8d6a4ec13873b
                                                                • Instruction Fuzzy Hash: 8FD05E7250032877DA20F7E4AC0EFDB3A7CDB04760F0006A1B659E2091DEB09985CAD0
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: LocalTime
                                                                • String ID: %.3d$X64
                                                                • API String ID: 481472006-1077770165
                                                                • Opcode ID: ec69f34376133ab98aca1603ab763a497b8330d4663c0a4ba7cc6fc457f71d8a
                                                                • Instruction ID: 90cc194c6db39524c72d022a24f52deb2d72cd50006211cf61b53a6c822b81fc
                                                                • Opcode Fuzzy Hash: ec69f34376133ab98aca1603ab763a497b8330d4663c0a4ba7cc6fc457f71d8a
                                                                • Instruction Fuzzy Hash: 03D012B5808108F9CB50B7D0DC49CF9B37CFB48301F508452F90692080F624C5096761
                                                                APIs
                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00AC232C
                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00AC233F
                                                                  • Part of subcall function 00A9E97B: Sleep.KERNEL32 ref: 00A9E9F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: FindMessagePostSleepWindow
                                                                • String ID: Shell_TrayWnd
                                                                • API String ID: 529655941-2988720461
                                                                • Opcode ID: ef1ba2612e784e8746d20f1e9da43de72fbb7618498cc7a20ff84a625cf5cedd
                                                                • Instruction ID: d61a7e79e6f9404ba9f710627c75d964a4733e09933856a7e670e0e7d2447b88
                                                                • Opcode Fuzzy Hash: ef1ba2612e784e8746d20f1e9da43de72fbb7618498cc7a20ff84a625cf5cedd
                                                                • Instruction Fuzzy Hash: 5AD022327C0300B7E664F3B0DC0FFC6BA04AB00B20F010906B30AEA0D0C8F8A802CB00
                                                                APIs
                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00AC236C
                                                                • PostMessageW.USER32(00000000), ref: 00AC2373
                                                                  • Part of subcall function 00A9E97B: Sleep.KERNEL32 ref: 00A9E9F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: FindMessagePostSleepWindow
                                                                • String ID: Shell_TrayWnd
                                                                • API String ID: 529655941-2988720461
                                                                • Opcode ID: b27f3fd8895df79a8d3413d09cb770141f0aada45b0cd0a1b8833b794cafa4ac
                                                                • Instruction ID: 6d1f4b48dce91def9c62d8b470b6bd81247736cc0f1e3b92f18e9ce3ab5cfb64
                                                                • Opcode Fuzzy Hash: b27f3fd8895df79a8d3413d09cb770141f0aada45b0cd0a1b8833b794cafa4ac
                                                                • Instruction Fuzzy Hash: 4CD0C9327C13147AE664F7B19D0FFC6A654AB04B24F014916B75AEA1D1C9A8A8028A54
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00A6BE93
                                                                • GetLastError.KERNEL32 ref: 00A6BEA1
                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A6BEFC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424294550.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                • Associated: 00000000.00000002.1424280308.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424351050.0000000000AF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424387571.0000000000AFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424400937.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                • String ID:
                                                                • API String ID: 1717984340-0
                                                                • Opcode ID: 36793534ab7aba687a81dd0cab8f6f4dd9bc8240a36f0a069061bd567197db5f
                                                                • Instruction ID: f19093bb1b1da9694b11f64f6023f2f801507180092b39036296cb079beff827
                                                                • Opcode Fuzzy Hash: 36793534ab7aba687a81dd0cab8f6f4dd9bc8240a36f0a069061bd567197db5f
                                                                • Instruction Fuzzy Hash: 7441D435610206AFCF21CFA5CD54AAABBB5AF41320F154169F959DB1B1DB31CD81CB70

                                                                Execution Graph

                                                                Execution Coverage:0.2%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:100%
                                                                Total number of Nodes:6
                                                                Total number of Limit Nodes:0
                                                                execution_graph 5001 14489627077 5002 14489627087 NtQuerySystemInformation 5001->5002 5003 14489627024 5002->5003 5004 14489647232 5005 14489647289 NtQuerySystemInformation 5004->5005 5006 14489645604 5004->5006 5005->5006

                                                                Callgraph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000012.00000002.2674432651.0000014489624000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000014489624000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_18_2_14489624000_firefox.jbxd
                                                                Similarity
                                                                • API ID: InformationQuerySystem
                                                                • String ID:
                                                                • API String ID: 3562636166-0
                                                                • Opcode ID: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                • Instruction ID: 22853a59e1e76a13cb57fd995d9a4b6a189a6329fa918a0f32220c8113ea5573
                                                                • Opcode Fuzzy Hash: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                • Instruction Fuzzy Hash: C8A3D231614E498BDB2DDFA8DC857E977E5FB95300F04422ED94BD7291DF30EA428A81